2017
News
Demers v. Yahoo Inc: Québec Court Confirms that Québec Consumer Law Applies to Free Online Services
Éloïse Gratton October 24, 2017
In a September 19, 2017 decision in Demers v Yahoo! Inc., the Québec Superior Court rejected Yahoo! Inc. and Yahoo! Canada Co.’s (collectively, “Yahoo”) motion to dismiss a motion for authorization of a class action resulting from two highly publicized data security incidents that occurred in 2013 and 2014. This decision has important implications for […] Read more
Events Legal News
2017 IT.CAN 21st Annual Conference (Toronto October 23-24)
Éloïse Gratton October 22, 2017
The 2017 IT.CAN 21st Annual Conference is taking place on October 23–24, at the St. Andrew’s Club and Conference Centre 150 King St. West, 16th Floor, Toronto. I will participate on a panel entitled “Legal Control of Internet Content: Who Decides and What is the Impact?” with co-panelists Curt Howard, Head of Legal, Google Canada […] Read more
Legal News
The European Union General Data Protection Regulation – A Primer for Canadian Organizations
Éloïse Gratton October 20, 2017
The European Union General Data Protection Regulation (the “GDPR”), which will come into force in May 2018, is a significant evolution in personal data protection laws, and is materially different in important respects from the Canadian Personal Information Protection and Electronic Documents Act and similar provincial laws. The GDPR is complicated and nuanced, with permitted variances among European Union […] Read more
News
IAPP – Privacy. Security. Risk. 2017 (San Diego October 16-18)
Éloïse Gratton October 14, 2017
I will be attending the IAPP PSR 2017 annual event in San Diego (October 16-18) and presenting on the following topic “Learn From my Fail: Avoiding Privacy Program Snafus & Screw-Ups” with the following co-panelists: Lael Bellamy, CIPP/US, CPO, The Weather Channel Peggy Eisenhauer, CIPP/US, Founder, Privacy & Information Management Services Eloïse Gratton, Partner and National Co-leader, Privacy and Data Protection, Borden Ladner […] Read more
News
Important Changes to Password Best Practices Guidance
Éloïse Gratton October 13, 2017
Passwords are an essential cybersecurity tool. Unfortunately, some long-standing password practices recommended by regulators and standards organizations may encourage risky behaviour. Regulators and standards organizations have recently issued updated guidance recommending simplified password practices (e.g. no mandatory regular password changes) to increase password security. Canadian organizations should assess and improve their password practices in light […] Read more
News
B.C. Supreme Court Certifies National Class Action for Financial Institution Data Breach
Éloïse Gratton October 4, 2017
In August 2017, the British Columbia Supreme Court issued its decision in Tucci v. Peoples Trust Company, certifying a national class action lawsuit against Peoples Trust Company relating to a 2013 breach of customers’ personal information. The decision demonstrates how Canadian courts approach the certification of data breach class actions. To read BLG’s bulletin on […] Read more
News
The OPC Publishes its Report on Consent
Éloïse Gratton September 25, 2017
In May 2016, the Office of the Privacy Commissioner of Canada (OPC) published a discussion paper and launched a consultation on consent under the Personal Information Protection and Electronic Documents Act (PIPEDA) with the objective of identifying potential enhancements to the consent model and better defining the roles and responsibilities of the actors who could […] Read more
News
PIPEDA’s Breach of Security Safeguards Regulations now published and open for comments
Éloïse Gratton September 8, 2017
On June 15, 2015, Bill S-4, the Digital Privacy Act amended the Personal Information Protection and Electronic Documents Act (PIPEDA). Under new sections 10.1 through 10.3 which are not yet in force, the Digital Privacy Act introduces an explicit obligation to notify individuals in cases of breaches, and report to the Office of the Privacy […] Read more
News
BLG Welcomes Two New Lawyers joining the Privacy and Data Protection Practice Group
Éloïse Gratton September 5, 2017
I am delighted to have François Joli-Coeur and Vinay Desai join BLG’s Privacy and Data Protection practice group. They will be advising clients from various sectors on a wide range of issues, including privacy and anti-spam, information technology, intellectual property, telecommunications, advertising, consumer protection, cybersecurity issues and data breach management. François Joli-Coeur received a bachelor’s degrees […] Read more
News
Less is More – Data Minimization and Cyber Risk Management
Éloïse Gratton August 12, 2017
Data minimization, which refers to the practice of limiting the collection and retention of information to that which is directly relevant and necessary for a specified purpose, can be an effective cyber risk management practice. This is because the less personal information an organization collects and retains, the less personal information will be vulnerable to […] Read more