Tag archives: data privacy

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

Photo of Lara White (UK)Photo of Olivia WintBy Lara White (UK), Rosie Nance and Olivia Wint on Posted in Data Protection, Fintech
The UK Information Commissioner’s Office (ICO) published its final guidance on monitoring workers on 3 October 2023 (the Guidance).  The Guidance is aimed at employers across both the private and public sector.  Responding to the rise of remote working and new technologies available to monitor employees, the ICO has looked to provide clear direction on … Continue reading

Act 25 – Demystifying privacy impact assessments with the CAI’s new tools

Photo of Imran Ahmad (CA)Photo of Veronique Barry (CA)Photo of Roxanne Caron (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), Veronique Barry (CA), Roxanne Caron (CA) and Jeremie Wyatt (CA) on Posted in Data Protection, Privacy law
With most provisions of the Act to modernize legislative provisions as regards the protection of personal information (Act 25) having just come into effect on September 22, public bodies and enterprises (organizations) will now need to conduct privacy impact assessments (PIA) during various projects that involve personal information. A PIA is an impact analysis that takes all … Continue reading

Texas enacts comprehensive privacy law

Photo of David Kessler (US)Photo of Susan Ross (US)Photo of Seth Allen (US)By David Kessler (US), Susan Ross (US) and Seth Allen (US) on Posted in Privacy law
On June 13, 2023, the Texas Governor signed HB4, making Texas the tenth state to have a comprehensive privacy law, joining California, Colorado, Connecticut, Montana, Virginia, and Utah (all in effect or going into effect in 2023), Montana and Tennessee (which, like Texas, go into effect in 2024), Iowa (effective 2025) and Indiana (effective 2026).  … Continue reading

Building Cyber Resiliency In the Energy Sector

Photo of Imran Ahmad (CA)Photo of John Cassell (CA)By Imran Ahmad (CA) and John Cassell (CA) on Posted in Cybersecurity, Data Protection
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) and Admin on Posted in Cybersecurity, Data Protection, Privacy law
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world.  Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading

Bring-Your-Own-Device Programs: A Balance Between Privacy and Cybersecurity

Photo of Marisa KwanPhoto of Joseph Cohen-LyonsPhoto of Curtis ArmstrongBy Marisa Kwan, Joseph Cohen-Lyons, Curtis Armstrong and Admin on Posted in Cybersecurity, Privacy law
A ”bring your own device” (BYOD) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities.[1] While the BYOD approach … Continue reading

Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks

Photo of Travis WalkerPhoto of Imran Ahmad (CA)By Travis Walker and Imran Ahmad (CA) on Posted in Cybersecurity, Data breach, Data Protection, Privacy law
Data Protection Report - Norton Rose FulbrightIn three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading

Draft European Commission EU-US Data Privacy Framework adequacy decision published

Photo of Marcus EvansPhoto of Lara White (UK)Photo of Shiv Daddar (UK)By Marcus Evans, Lara White (UK), Shiv Daddar (UK) and Janine Regan (UK) on Posted in Data Protection, Privacy law
On 13 December, the European Commission launched the process to adopt an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF).  The draft decision – available here – addresses the concerns raised by the Court of Justice  of the European Union (CJEU) in its Schrems II decision of July 2020.  These concerns centred around … Continue reading

Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure

Photo of Andrew McCoombBy Andrew McCoomb on Posted in Cybercrime, Cybersecurity, Data breach, Data Protection, Ransomware
Data Protection Report - Norton Rose FulbrightNorton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case was the first of its kind and confirms an insurer’s ability to seek recovery for losses … Continue reading

Privacy and Cybersecurity Due Diligence Considerations in M&A Transactions

By Admin on Posted in Cybersecurity, Data Protection, M&A Transactions, Privacy law
Data Protection Report - Norton Rose FulbrightPrivacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Particularly, buyers want to understand the risk and value inherent in sellers’ data assets and sellers want to manage transactional and post-closing risks. In the course of their privacy and cybersecurity due diligence, buyers should consider … Continue reading

OSFI’s Technology and Cyber Risk Management Guideline: Part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Shreya Gupta and Suzie Suliman (CA) on Posted in Cybersecurity, Privacy law
In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need to ensure that they have taken steps to … Continue reading

Practical steps for businesses to comply with Bill C-27: Part 1

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of Shreya GuptaBy Jeremie Wyatt (CA), Imran Ahmad (CA) and Shreya Gupta on Posted in Compliance and risk management, Privacy law
The House of Commons recently introduced Bill C-27, the successor to Bill C-11, which died on the docket when Parliament was dissolved in the fall of 2021. Bill C-27 introduces three new acts: the Consumer Privacy Protection Act (“CPPA”), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (“AIDA”), which … Continue reading

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways

Photo of John Cassell (CA)Photo of Imran Ahmad (CA)Photo of Miranda SharpeBy John Cassell (CA), Imran Ahmad (CA) and Miranda Sharpe on Posted in Cybersecurity, Data breach
On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during   the ten year period since reporting was mandated in Alberta under the Personal Information Protection Act (PIPA)[3]. The PIPA Breach … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

Photo of Steve Roosa (US)Photo of Christoph Ritzer (DE)Photo of Nadège Martin (FR)Photo of Jurriaan JansenPhoto of Daniel Rosenzweig (US)Photo of Naomi SchuitemaPhoto of Natalia Filkina (DE)Photo of Barbara Ghebali (FR)By Steve Roosa (US), Christoph Ritzer (DE), Nadège Martin (FR), Jurriaan Jansen, Daniel Rosenzweig (US), Naomi Schuitema, Natalia Filkina (DE) and Barbara Ghebali (FR) on Posted in Cybersecurity, NT Analyzer Blog Series, Privacy law
European rulings on the use of Google Analytics and how it may affect your businessRecent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

Google Play Store Releases Data Safety Form

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in NT Analyzer Blog Series
Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.” While it may be tempting to just repurpose the iOS nutrition labels, Google notes … Continue reading

Privacy legislation reform: Bill 64 has now been passed

Photo of Imran Ahmad (CA)Photo of Veronique Barry (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), Veronique Barry (CA) and Jeremie Wyatt (CA) on Posted in Compliance and risk management, Cybersecurity, Privacy law
Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

PIPL: A game changer for companies in China

Photo of Anna GamvrosPhoto of Lianying Wang (CN)By Anna Gamvros and Lianying Wang (CN) on Posted in Compliance and risk management, Cybersecurity
Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add … Continue reading

China passes the Personal Information Protection Law

Photo of Anna GamvrosPhoto of Lianying Wang (CN)By Anna Gamvros and Lianying Wang (CN) on Posted in Compliance and risk management, Cybersecurity
Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021.  The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet. In addition, China published the Provisions on the Administration of Security of Automobile Data (For … Continue reading

Navigating Virginia’s new privacy law

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in NT Analyzer Blog Series
NT Analyzer blog series, cookieVirginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading

Virginia’s new Consumer Data Protection Act

Photo of David Kessler (US)Photo of Susan Ross (US)By David Kessler (US) and Susan Ross (US) on Posted in Compliance and risk management
On March 2, 2021, the Governor of the Commonwealth of Virginia signed into law the Consumer Data Protection Act, which contains many elements of California’s Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). The new law goes into effect on January 1, 2023. But first, you need to determine whether the law … Continue reading
LexBlog