Blog
News
Cyber Risk Management : Regulatory Guidance from the Canadian Securities Administrators
Éloïse Gratton September 28, 2016
On September 27, 2016, the Canadian Securities Administrators released an updated cyber security notice to emphasize the need for financial market participants to proactively manage cyber risks and prepare for cybersecurity incidents, and to remind issuers to provide detailed and specific disclosures of material cyber risks in prospectuses and continuous disclosure filings. The notice provides important […] Read more
News
2015-2016 Annual Report to Parliament on the Personal Information Protection and Electronic Documents Act and the Privacy Act
Éloïse Gratton September 27, 2016
Today the Privacy Commissioner’s latest Annual Report was tabled, in Parliament. The 2015-16 report describes the work of the Office of the Privacy Commissioner of Canada (OPC) as it relates to both the Privacy Act, which applies to the federal public sector, and the Personal Information Protection and Electronic Documents Act (PIPEDA), the federal private sector privacy law. The Report discusses the […] Read more
News
Exploring Canada’s Top Privacy Challenges – Summary Report of the Canadian Privacy Summit 2016
Éloïse Gratton September 15, 2016
The Conference Board of Canada and the Office of the Information and Privacy Commissioner of British Columbia co-hosted the inaugural Canadian Privacy Summit on April 13–14, 2016, in Vancouver, British Columbia. It brought together many of Canada’s foremost privacy experts from the public and private sectors in a wide-ranging conversation about the nature of privacy […] Read more
News
Ashley Madison Security Breach: Lessons Learned and Valuable Recommendations for all Businesses
Éloïse Gratton August 26, 2016
On August 22, 2016, the Office of the Privacy Commissioner of Canada (OPC) released an important joint investigation report regarding the Ashley Madison data breach, which exposed the personal information of some 32 million users of the online dating website marketed to people who are married or in committed relationships. As part of its investigation, […] Read more
News
FPF Releases Best Practices for Consumer Wearables and Wellness Apps and Devices
Éloïse Gratton August 18, 2016
The Future of Privacy Forum (FPF) announced yesterday the release of its Best Practices for Consumer Wearables and Wellness Apps and Devices, a detailed set of guidelines that responsible companies can follow to ensure they provide practical privacy protections for consumer-generated health and wellness data. I have been following these guidelines very closely over the last few […] Read more
News
Keeping records of consent under CASL
Éloïse Gratton August 5, 2016
The CRTC has recently released a Notice for businesses and individuals advising them on how to keep records of consent. The CRTC confirms that under section 13 of CASL, the onus is on the person who alleges they have consent to send a CEM (typically, the person who sends the CEM) to prove that they have proper consent, either implied […] Read more
News
Beyond Consent-based Privacy Protection: My submission in response to the OPC’s consultation on privacy and consent
Éloïse Gratton July 11, 2016
The Office of the Privacy Commissioner (OPC) has recently published a great discussion paper entitled “Consent and privacy” exploring potential enhancements to consent under PIPEDA. The OPC also launched a Consultation and Call for Submissions requesting input on its consent paper, asking whether legislative changes are required, and requesting comments on solutions which would be helpful in […] Read more
News
Right to be Forgotten – Recent Quebec Case (C.L. v. BCF Avocats d’affaires (2016))
Éloïse Gratton June 13, 2016
Quebec was the first province to enact a data protection law for the private sector, an Act respecting the protection of personal information in the private sector in 1993. This law is substantially similar to the federal law PIPEDA. The Quebec Commission d’Accès à l’Information (CAI), the government body responsible for the administration and enforcement of the Quebec law, […] Read more
News
The Consent Exception for Research Purposes
Éloïse Gratton June 3, 2016
A few days ago, I published a short piece on Big Data Analytics: Is Consent Required? While I discuss different data flow scenarios and whether consent should be a requirement under each scenario, I don’t address the consent exception for research purposes. This exception which can be found under each Canadian private sector data protection law is […] Read more
Legal News
Forget about bringing the ‘right to be forgotten’ to Canada
Éloïse Gratton May 9, 2016
The Office of the Privacy Commissioner of Canada recently chose to make reputation and privacy one of its priorities for the next five years and has launched a consultation in which it asks if there is a way to apply a “right to be forgotten” in Canada. This is the “right” famously coined by the […] Read more