Tag archives: data privacy

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Photo of Liana Di Giorgio (CA)Photo of Imran Ahmad (CA)By Liana Di Giorgio (CA) and Imran Ahmad (CA) on Posted in Cybersecurity, Data Protection, Privacy law
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world.  Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading

Bring-Your-Own-Device Programs: A Balance Between Privacy and Cybersecurity

Photo of Liana Di Giorgio (CA)Photo of Marisa KwanPhoto of Joseph Cohen-LyonsPhoto of Curtis ArmstrongBy Liana Di Giorgio (CA), Marisa Kwan, Joseph Cohen-Lyons and Curtis Armstrong on Posted in Cybersecurity, Privacy law
A ”bring your own device” (BYOD) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities.[1] While the BYOD approach … Continue reading

Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks

Photo of Travis WalkerPhoto of Imran Ahmad (CA)By Travis Walker and Imran Ahmad (CA) on Posted in Cybersecurity, Data breach, Data Protection, Privacy law
Data Protection Report - Norton Rose FulbrightIn three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading

Draft European Commission EU-US Data Privacy Framework adequacy decision published

Photo of Marcus Evans (UK)Photo of Lara White (UK)Photo of Shiv Daddar (UK)By Marcus Evans (UK), Lara White (UK), Shiv Daddar (UK) and Janine Regan (UK) on Posted in Data Protection, Privacy law
On 13 December, the European Commission launched the process to adopt an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF).  The draft decision – available here – addresses the concerns raised by the Court of Justice  of the European Union (CJEU) in its Schrems II decision of July 2020.  These concerns centred around … Continue reading

Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure

Photo of Andrew McCoombBy Andrew McCoomb on Posted in Cybercrime, Cybersecurity, Data breach, Data Protection, Ransomware
Data Protection Report - Norton Rose FulbrightNorton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case was the first of its kind and confirms an insurer’s ability to seek recovery for losses … Continue reading

Privacy and Cybersecurity Due Diligence Considerations in M&A Transactions

Photo of Liana Di Giorgio (CA)By Liana Di Giorgio (CA) on Posted in Cybersecurity, Data Protection, M&A Transactions, Privacy law
Data Protection Report - Norton Rose FulbrightPrivacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Particularly, buyers want to understand the risk and value inherent in sellers’ data assets and sellers want to manage transactional and post-closing risks. In the course of their privacy and cybersecurity due diligence, buyers should consider … Continue reading

OSFI’s Technology and Cyber Risk Management Guideline: Part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Shreya Gupta and Suzie Suliman (CA) on Posted in Cybersecurity, Privacy law
In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need to ensure that they have taken steps to … Continue reading

Practical steps for businesses to comply with Bill C-27: Part 1

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of Shreya GuptaBy Jeremie Wyatt (CA), Imran Ahmad (CA) and Shreya Gupta on Posted in Compliance and risk management, Privacy law
The House of Commons recently introduced Bill C-27, the successor to Bill C-11, which died on the docket when Parliament was dissolved in the fall of 2021. Bill C-27 introduces three new acts: the Consumer Privacy Protection Act (“CPPA”), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (“AIDA”), which … Continue reading

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways

Photo of John Cassell (CA)Photo of Imran Ahmad (CA)Photo of Miranda SharpeBy John Cassell (CA), Imran Ahmad (CA) and Miranda Sharpe on Posted in Cybersecurity, Data breach
On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during   the ten year period since reporting was mandated in Alberta under the Personal Information Protection Act (PIPA)[3]. The PIPA Breach … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

Photo of Steve Roosa (US)Photo of Christoph Ritzer (DE)Photo of Nadège Martin (FR)Photo of Jurriaan JansenPhoto of Daniel Rosenzweig (US)Photo of Naomi SchuitemaPhoto of Natalia Filkina (DE)Photo of Barbara Ghebali (FR)By Steve Roosa (US), Christoph Ritzer (DE), Nadège Martin (FR), Jurriaan Jansen, Daniel Rosenzweig (US), Naomi Schuitema, Natalia Filkina (DE) and Barbara Ghebali (FR) on Posted in Cybersecurity, NT Analyzer Blog Series, Privacy law
European rulings on the use of Google Analytics and how it may affect your businessRecent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

Google Play Store Releases Data Safety Form

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in NT Analyzer Blog Series
Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.” While it may be tempting to just repurpose the iOS nutrition labels, Google notes … Continue reading

Privacy legislation reform: Bill 64 has now been passed

Photo of Imran Ahmad (CA)Photo of Veronique Barry (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), Veronique Barry (CA) and Jeremie Wyatt (CA) on Posted in Compliance and risk management, Cybersecurity, Privacy law
Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

PIPL: A game changer for companies in China

Photo of Anna GamvrosPhoto of Lianying Wang (CN)By Anna Gamvros and Lianying Wang (CN) on Posted in Compliance and risk management, Cybersecurity
Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add … Continue reading

China passes the Personal Information Protection Law

Photo of Anna GamvrosPhoto of Lianying Wang (CN)By Anna Gamvros and Lianying Wang (CN) on Posted in Compliance and risk management, Cybersecurity
Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021.  The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet. In addition, China published the Provisions on the Administration of Security of Automobile Data (For … Continue reading

Navigating Virginia’s new privacy law

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in NT Analyzer Blog Series
NT Analyzer blog series, cookieVirginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading

Virginia’s new Consumer Data Protection Act

Photo of David Kessler (US)Photo of Susan Ross (US)By David Kessler (US) and Susan Ross (US) on Posted in Compliance and risk management
On March 2, 2021, the Governor of the Commonwealth of Virginia signed into law the Consumer Data Protection Act, which contains many elements of California’s Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). The new law goes into effect on January 1, 2023. But first, you need to determine whether the law … Continue reading

Bill C-11: Canada proposes new data privacy legislation

Photo of Colin Hyslop (CA)By Colin Hyslop (CA) on Posted in Enforcement
Norton Rose Fulbright - Data Protection Report blogOn November 17, 2020, the Minister of Innovation, Science and Industry, Navdeep Bains, tabled proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11, entitled An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to … Continue reading

COVID tracing & AI: Physically distant, socially together

Photo of Daniel Daniele (CA)By Daniel Daniele (CA) on Posted in Compliance and risk management, Data Transfer
Data Protection Report - Norton Rose FulbrightAs the second wave of COVID-19 spreads across Canada, the use of COVID-19 tracing apps is on the rise. For example, the Government of Canada released COVID Alert–an app using Bluetooth technology to help people report positive diagnoses, and control the spread of the virus. The success of the app depends on a high quantity … Continue reading

NT Analyzer Webinar: Solving Apple’s new app privacy requirement

By NRF Digital Team on Posted in Cybersecurity, NT Analyzer Blog Series, Vendor management and transactions
Solving Apple's New App Privacy RequirementPlease join us for an NT Analyzer Webinar, Solving Apple’s new app privacy requirement. Head of NRF Digital Analytics and Technology Assessment Platform for the US Steven Roosa and Associate Dan Rosenzweig as they walk through the upcoming Apple requirements, and showcase the NT Analyzer Apple dashboard solution.… Continue reading
LexBlog