Blog

News

Software License Agreements: A Practical Guide

Computer software is an essential tool for almost every organization. Businesses and other organizations use computer software to create products, perform services, manage relationships, control internal operations, and process and store sensitive and regulated data. Almost every organization procures and uses various kinds of computer software and ancillary services provided by numerous software vendors/service providers. […] Read more

News

New privacy compliance requirements coming under B.C.’s FIPPA legislation

Commencing February 1, 2023, British Columbia’s public sector privacy statute – the Freedom of Information and Protection of Privacy Act – will require public bodies to have a privacy management program and to comply with privacy breach notification obligations. Accordingly, public bodies should now prepare for compliance with those new requirements. You can read our article on […] Read more

News

Transfert de renseignements personnels hors du Québec : nouvelles exigences pour les entreprises

La Loi modernisant des dispositions législatives en matière de protection des renseignements personnels (la « Loi amendée »), adoptée le 21 septembre 2021, introduit d’importantes modifications au régime applicable à la communication de renseignements personnels à l’extérieur du Québec (c’est-à-dire au partage ou à l’accès à distance, que nous regroupons sous le vocable « transfert »), que ce transfert soit destiné […] Read more

News

Cross-border transfers of personal information outside Québec: new requirements for businesses

The Act to modernize legislative provisions as regards the protection of personal information (the Amended Act), adopted on September 21, 2021, makes significant changes to the rules applicable to the communication of personal information outside Québec (specifically, the sharing of information or the granting of remote access, both of which we will refer to as transfers), whether […] Read more

News

Ontario Court of Appeal rules against plaintiffs in trilogy of privacy class actions

In a highly anticipated trilogy of privacy class action certification appeals, the Ontario Court of Appeal refused to certify three class actions based on the tort of intrusion upon seclusion. In Oswianik v. Equifax Canada Co., Obodo v. Trans Union of Canada, Inc., and Winder v. Marriott International, Inc., the Ontario Court of Appeal held that defendants who collect […] Read more

News

Privacy Commissioner decision provides guidance for parties to M&A transactions

The Privacy Commissioner of Canada’s decision regarding the Starwood/Marriott data security breach provides important guidance for parties to M&A transactions and for all organizations that handle personal information. Marriott International (Marriott) acquired Starwood Hotels (Starwood) through a share purchase transaction in September 2016. Marriott assessed Starwood’s IT practices as part of the transaction due diligence. After the […] Read more

News

Risques liés à la gouvernance des données et à la protection de la vie privée au Canada : liste de vérification pour les conseils d’administration et les équipes de direction

Le respect de la vie privée et les cyberrisques sont des enjeux importants pour les équipes de direction et les conseils d’administration, et pour de bonnes raisons. Selon les lois canadiennes en vigueur, les administrateurs et administratrices de sociétés sont responsables des activités de leur organisation, y compris l’identification et la gestion des risques, en […] Read more

News

Data governance and privacy risks in Canada: A checklist for boards and c-suite

Privacy compliance and cyber risks are hot issues for the c-suite and board of directors, and for good reason. Under Canadian law, corporate directors are responsible for their corporation’s business, including risk identification and management activities, and are required to demonstrate a duty of care. And regulators aren’t the only ones watching. Cybersecurity was the […] Read more