Everyone is using ChatGPT what does my organisation need to watch out for
Posted in Cybersecurity, FintechTopic: Cybersecurity
Subscribe to Cybersecurity RSS feed Posted in Cybersecurity, FintechBuilding Cyber Resiliency In the Energy Sector
Posted in Cybersecurity, Data Protection
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading
Practical steps for businesses to comply with Bill C-27: part 2
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading
Hong Kong: Data Security Measures Guidance published by the PCPD
Posted in Cybersecurity
As data breaches and cyber attacks continue to surge and attackers become more sophisticated, organisations are well aware that the need for robust data security measures is becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a Guidance Note on Data Security Measures for Information … Continue reading
Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)
Posted in Cybersecurity, Data Protection, Privacy law
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world. Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading
Bring-Your-Own-Device Programs: A Balance Between Privacy and Cybersecurity
Posted in Cybersecurity, Privacy law
A ”bring your own device” (BYOD) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities.[1] While the BYOD approach … Continue reading
ICYMI – Late December in privacy and cybersecurity
Posted in Cybersecurity, Privacy law
Late December and early January tend to be a busy time for everyone, so you may have missed a privacy update or two during that time. We have set out some updates in the form of questions, with some links where you can find more information. Answers are below. 1. Colorado issued a revised draft … Continue reading
Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks
In three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading
Autonomous Vehicles – Canada’s Current Legal Framework: Liability in Motor Vehicle Accidents (Part 3)
Posted in Cybersecurity, Data Protection
As autonomous vehicle (AV) technology continues to grow in functionality and sophistication, it is only a matter of time before AVs become commercially available across Canada. The arrival of autonomous vehicles in Canada will raise a number of liability-related questions that touch on the areas of owner liability, product liability, and auto insurance. In this … Continue reading
Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure
Norton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case was the first of its kind and confirms an insurer’s ability to seek recovery for losses … Continue reading
Autonomous Vehicles – Canada’s Current Legal Framework: Cybersecurity Considerations (Part 2)
Posted in Cybersecurity, Data Protection
The emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks. AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this post, we discuss some of the key cybersecurity risks associated with AVs, strategies to mitigate … Continue reading
NYDFS proposes significant cybersecurity regulation amendments
Posted in CybersecurityOn November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here. NYDFS retained many of those earlier proposed changes, and made … Continue reading
Contracting for Cybersecurity Risks: Mitigating Weak Links
Posted in Cybersecurity, Data breach, Data Protection
Managing vendor risks includes putting pen to paper. Organizations are increasingly susceptible to risks outside their controlled IT infrastructure as they engage third-party vendors to manage online platforms and process data. Even though an organization may have little to no control over a vendor’s security practices, it bears the ultimate responsibility for safeguarding its own … Continue reading
CISA Releases New Infrastructure Cybersecurity Goals for Critical Infrastructure
Posted in Cybersecurity
On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure … Continue reading
Ignoring cyber threats can affect your job—and haunt your next one
Posted in CybersecurityWhat you should do now in light of the Privacy Reform bill
Posted in Cybersecurity, Privacy lawNYDFS settles with EyeMed for $4.5 million
Posted in Cybersecurity, Data breachPrivacy and Cybersecurity Due Diligence Considerations in M&A Transactions
Privacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Particularly, buyers want to understand the risk and value inherent in sellers’ data assets and sellers want to manage transactional and post-closing risks. In the course of their privacy and cybersecurity due diligence, buyers should consider … Continue reading
OSFI’s Technology and Cyber Risk Management Guideline: Part 2
Posted in Cybersecurity, Privacy law
In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need to ensure that they have taken steps to … Continue reading
The proposed EU Cyber Resilience Act: what it is and how it may impact the supply chain
Autonomous Vehicles – Canada’s Current Legal Framework: A Primer (Part 1)
Posted in Cybersecurity, Privacy law
In recent years, autonomous vehicle (AV) technology has undergone rapid development and it is predicted that AVs may soon be in a state to displace human driving altogether. In Ontario, the Automated Vehicle Pilot Program is currently in place to permit the testing of certain AVs by vehicle manufacturers. As AV technology continues to develop, however, … Continue reading
OSFI’s Technology and Cyber Risk Management Guideline: Part 1
Posted in Compliance and risk management, Cybersecurity
On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need ensure that they have taken steps to comply with the requirements … Continue reading
Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways
Posted in Cybersecurity, Data breachNYDFS proposes significant cybersecurity regulation amendments
Posted in Cybersecurity
