Content On September 19, the Senate commenced its second reading of Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts, marking a significant step forward in the legislative process since
John Cassell (CA)
How to Effectively Draft Data Processing Agreements to Protect Information Shared with Service Providers – Part 2
In our previous post, we discussed specific considerations for common boilerplate provisions in data processing agreements (DPAs). Due to the sensitivity of data transfers and privacy laws, DPAs require careful drafting to ensure the data processor complies with appropriate…
How to Effectively Draft Data Processing Agreements to Protect Information Shared with Service Providers – Part 1
Modern businesses collect and process personal information about their customers and employees for the benefit of their business – these benefits include identifying opportunities to enhance their products or services, streamlining operations, reducing costs or maximizing profits. Processing such data…
Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records
In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023…
Building Cyber Resiliency In the Energy Sector
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption…
Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways
The aftermath of an incident – business considerations surrounding record-keeping
In our previous publication, we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. While the specific obligations vary by jurisdiction, maintaining some form of a record that tracks privacy incidents is a statutory obligation…
Bill C-26: a first step at reinforcing Canadian cybersecurity
On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts:
- The first is to amend
…
Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information
On May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”).…
Privacy commissioners take position on using facial recognition technology
Investigative findings
In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images…