Blog

News

Cybersecurity Guidance for Small and Medium Organizations

Small and medium organizations are increasingly being targeted by cyber criminals, but often have limited financial and human resources available to implement comprehensive cybersecurity measures. In March 2019, the Canadian Centre for Cyber Security issued Baseline Cyber Security Controls for Small and Medium Organizations to help Canadian small and medium organizations get the most out […] Read more

News

CRTC Issues its First Penalty Against a CEO for Violating Canada’s Anti-Spam Legislation

On April 23, 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) issued Compliance and Enforcement Decision 2019-111, imposing an administrative penalty of $100,000 on Brian Conley — the President and Chief Executive Officer of nCrowd — for infringing consent and unsubscribe requirements under Canada’s Anti-Spam Legislation (CASL). Read more

News

Important Privacy Commissioner Consultation Impacting Cross-Border Dataflows and Outsourcing

In a significant departure from its guidelines and decisions under the Personal Information Protection and Electronic Documents Act, the Privacy Commissioner of Canada introduced in an April 9, 2019 decision a requirement for an organization to obtain consent for outsourcing activities involving personal information to a service provider outside of Canada. In light of this significant change […] Read more

News

Financial Industry Regulator Issues Cybersecurity Guidance

In December 2018, the United States Financial Industry Regulatory Authority issued a Report on Selected Cybersecurity Practices – 2018 to help broker-dealer firms improve their cybersecurity programs. The Report provides detailed recommendations for managing common cyber risks, and includes a list of core cybersecurity controls for small firms. The Report provides guidance that is consistent […] Read more

News

Frequently Asked Questions – Compliance with PIPEDA’s Security Breach Obligations

Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes obligations on private sector organizations that suffer a breach of security safeguards affecting personal information under their control. Details of those obligations are set out in PIPEDA, the Breach of Security Safeguards Regulations and the guidance document titled “What you need to know about […] Read more