John Cassell (CA)

Subscribe to all posts by John Cassell (CA)

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

By Imran Ahmad (CA), John Cassell (CA), Maya Medeiros, Veronique Barry (CA), Sara A. Levine, KC (CA), Jesse Beatson, Roxanne Caron (CA) and Jeremie Wyatt (CA) on November 28, 2023 Posted in Artificial Intelligence, Cybersecurity

In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders … Continue reading

Building Cyber Resiliency In the Energy Sector

By Imran Ahmad (CA) and John Cassell (CA) on April 5, 2023 Posted in Cybersecurity, Data Protection

For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways

By John Cassell (CA), Imran Ahmad (CA) and Miranda Sharpe on August 16, 2022 Posted in Cybersecurity, Data breach

On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during the ten year period since reporting was mandated in Alberta under the Personal Information Protection Act (PIPA)[3]. The PIPA Breach … Continue reading

The aftermath of an incident – business considerations surrounding record-keeping

By Jeremie Wyatt (CA), John Cassell (CA) and Sara A. Levine, KC (CA) on August 2, 2022 Posted in Compliance and risk management, Data breach, Vendor management and transactions

In our previous publication, we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. While the specific obligations vary by jurisdiction, maintaining some form of a record that tracks privacy incidents is a statutory obligation for private-sector organizations subject to Quebec, Alberta, or federal laws. Organizations should also be aware of … Continue reading

Bill C-26: a first step at reinforcing Canadian cybersecurity

By Jeremie Wyatt (CA), Imran Ahmad (CA), John Cassell (CA), Tiana Corovic (CA), Katarina Duke and Admin on June 22, 2022 Posted in Compliance and risk management, Cybersecurity

On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts: The first is to amend the Telecommunications Act to promote the security of the Canadian telecommunications system; The second is to enact the Critical Cyber … Continue reading

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

By Tiana Corovic (CA), Imran Ahmad (CA), John Cassell (CA), Katarina Duke and Admin on May 18, 2022 Posted in PIPEDA, Privacy law

On May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is meant to act as a consolidated guide based on jurisprudence, regulatory findings, … Continue reading

Privacy commissioners take position on using facial recognition technology

By Imran Ahmad (CA), Sara A. Levine, KC (CA), Alexis Kerr (CA), John Cassell (CA) and Admin on March 11, 2021 Posted in Cybersecurity, Data breach

Investigative findings In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images of people available online to be continually used in what amounted to a virtual “police … Continue reading

Data Privacy Day 2020 – Canadian Privacy Law Developments on the Horizon

By Julie Himo (CA), Alexis Kerr (CA), John Cassell (CA) and Ann Henderson (CA) on January 27, 2020 Posted in Cybersecurity, Data breach, General

Happy Data Privacy Day! Data Privacy Day represents a timely opportunity to highlight anticipated significant developments in Canadian privacy law in 2020 that we are monitoring following two major developments from the Government of Canada.… Continue reading

Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers

By Ann Henderson (CA), Julie Himo (CA), John Cassell (CA) and Alexis Kerr (CA) on October 1, 2019 Posted in Compliance and risk management, Data breach, General

On September 23, the Office of the Privacy Commissioner of Canada (OPC) announced, following consultation with stakeholders, that it will maintain the position set out in its 2009 guidelines that an organization’s transfer of personal information to a third party for processing, including a transfer across the Canadian border, is a “use” of that personal … Continue reading

Canada’s Mandatory Privacy Breach Reporting Requirements coming into force November 1, 2018

By Julie Himo (CA) and John Cassell (CA) on April 10, 2018 Posted in Data breach

As of November 1, 2018, organizations across Canada subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) will be required to provide notice of certain privacy breaches.… Continue reading

Draft mandatory data breach reporting regulations released for comment in Canada

By John Cassell (CA) on September 20, 2017 Posted in Data breach

On September 2, 2017, the Government of Canada published proposed new regulations in the Canada Gazette, which set out specifics regarding the mandatory data breach reporting requirements under the Personal Information Protection and Electronic Documents Act. The PIPEDA Amendments were passed in June, 2015 but are not yet in force.… Continue reading