Small and medium organizations are increasingly being targeted by cyber criminals, but often have limited financial and human resources available to implement comprehensive cybersecurity measures. In March 2019, the Canadian Centre for Cyber Security issued Baseline Cyber Security Controls for Small and Medium Organizations to help Canadian small and medium organizations get the most out […] Read more
I am delighted to have contributed to this great podcast dealing with marketing and privacy. In this podcast, Amber and Brent first interview Justin De Graaf, Head of Ads Research and Insights at Google, about how the tech giant makes its money and drives the global economy. They then interview me about whether a company […] Read more
Canadian privacy commissioners have emphasized the importance of the final step of a privacy breach response process — prevention and lessons learned. The recent decision by the British Columbia Court of Appeal in Ari v. Insurance Corporation of British Columbia confirms that an organization’s failure to learn from past privacy breaches and prevent future privacy […] Read more
Canada’s Privacy Commissioner, commenting on the House of Commons TRAN report on automated vehicles in May of 2018, likened autonomous vehicles (“AV”) to “smartphones on wheels”. While apt, the comparison is a significant understatement. The volume of information generated by the daily activities of even the most enthusiastic user of smartphone technology pales in comparison […] Read more
On April 23, 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) issued Compliance and Enforcement Decision 2019-111, imposing an administrative penalty of $100,000 on Brian Conley — the President and Chief Executive Officer of nCrowd — for infringing consent and unsubscribe requirements under Canada’s Anti-Spam Legislation (CASL). Read more
In a significant departure from its guidelines and decisions under the Personal Information Protection and Electronic Documents Act, the Privacy Commissioner of Canada introduced in an April 9, 2019 decision a requirement for an organization to obtain consent for outsourcing activities involving personal information to a service provider outside of Canada. In light of this significant change […] Read more
In December 2018, the United States Financial Industry Regulatory Authority issued a Report on Selected Cybersecurity Practices – 2018 to help broker-dealer firms improve their cybersecurity programs. The Report provides detailed recommendations for managing common cyber risks, and includes a list of core cybersecurity controls for small firms. The Report provides guidance that is consistent […] Read more
Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes obligations on private sector organizations that suffer a breach of security safeguards affecting personal information under their control. Details of those obligations are set out in PIPEDA, the Breach of Security Safeguards Regulations and the guidance document titled “What you need to know about […] Read more
The Guardian published an article today called “Are you being scanned – How facial recognition technology follows you, even as you shop“. The article suggests that if you shop at certain malls, you may have been scanned and recorded by hidden cameras built into the centres’ digital advertising billboards. In the last year, there have […] Read more
Last week, in R. v. Reeves, the Supreme Court of Canada clarified the law around an individual’s right to privacy in relation to shared devices, such as personal computers (Justices Côté and Moldaver wrote separate, concurring reasons). In holding that a third party cannot waive an individual’s rights under s. 8 of the Charter of Rights and […] Read more