Blog
News
CRTC Issues its First Penalty Against a CEO for Violating Canada’s Anti-Spam Legislation
Éloïse Gratton May 8, 2019
On April 23, 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) issued Compliance and Enforcement Decision 2019-111, imposing an administrative penalty of $100,000 on Brian Conley — the President and Chief Executive Officer of nCrowd — for infringing consent and unsubscribe requirements under Canada’s Anti-Spam Legislation (CASL). Read more
News
Important Privacy Commissioner Consultation Impacting Cross-Border Dataflows and Outsourcing
Éloïse Gratton May 1, 2019
In a significant departure from its guidelines and decisions under the Personal Information Protection and Electronic Documents Act, the Privacy Commissioner of Canada introduced in an April 9, 2019 decision a requirement for an organization to obtain consent for outsourcing activities involving personal information to a service provider outside of Canada. In light of this significant change […] Read more
News
Financial Industry Regulator Issues Cybersecurity Guidance
Éloïse Gratton April 2, 2019
In December 2018, the United States Financial Industry Regulatory Authority issued a Report on Selected Cybersecurity Practices – 2018 to help broker-dealer firms improve their cybersecurity programs. The Report provides detailed recommendations for managing common cyber risks, and includes a list of core cybersecurity controls for small firms. The Report provides guidance that is consistent […] Read more
News
Frequently Asked Questions – Compliance with PIPEDA’s Security Breach Obligations
Éloïse Gratton March 6, 2019
Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes obligations on private sector organizations that suffer a breach of security safeguards affecting personal information under their control. Details of those obligations are set out in PIPEDA, the Breach of Security Safeguards Regulations and the guidance document titled “What you need to know about […] Read more
News
Anonymous Video Analytics, Facial Recognition and Privacy Concerns
Éloïse Gratton February 24, 2019
The Guardian published an article today called “Are you being scanned – How facial recognition technology follows you, even as you shop“. The article suggests that if you shop at certain malls, you may have been scanned and recorded by hidden cameras built into the centres’ digital advertising billboards. In the last year, there have […] Read more
News
SCC decision in R. v. Reeves – Data privacy: how much consent is enough consent?
Éloïse Gratton December 21, 2018
Last week, in R. v. Reeves, the Supreme Court of Canada clarified the law around an individual’s right to privacy in relation to shared devices, such as personal computers (Justices Côté and Moldaver wrote separate, concurring reasons). In holding that a third party cannot waive an individual’s rights under s. 8 of the Charter of Rights and […] Read more
News
New 2018 ETHI Report – Democracy under Threat: Risks and Solutions in the Era of Disinformation and Data Monopoly
Éloïse Gratton December 17, 2018
The Standing Committee on Access to Information, Privacy and Ethics recently published its December 2018 Report : Democracy under Threat: Risks and Solutions in the Era of Disinformation and Data Monopoly. In late March 2018, the House of Commons Standing Committee on Access to Information, Privacy and Ethics began a study of the breach of personal […] Read more
News
Five Steps to Compliance with Privacy Consent Guidelines
Éloïse Gratton December 12, 2018
On January 1, 2019, the Privacy Commissioner of Canada will begin enforcing Guidelines for obtaining meaningful consent, which impose requirements for obtaining legally valid privacy consents. Compliance with the Guidelines will require many organizations to adjust their personal information practices/procedures and revise their privacy policies and related notifications. Read more
News
Privacy Commissioner launches investigation into Statistics Canada’s recent request from financial institutions
Éloïse Gratton October 31, 2018
There has been news reports yesterday about a project by Statistics Canada (“StatCan”) to collect information from financial institutions about their customers’ financial transactions. A few clients have reached out asking about StatCan’s authority to request such data. StatCan is relying on Section 13 of the Statistics Act, which appears to grant the institution broad […] Read more
News
Privacy Commissioner’s Guidance for Compliance with PIPEDA’s Breach of Security Safeguards Obligations
Éloïse Gratton October 30, 2018
On October 29, 2018 the Office of the Privacy Commissioner of Canada (“OPC”) issued a guidance document titled “What you need to know about mandatory reporting of breaches of security safeguards” (the “Guidance”) to help organizations comply with personal information security breach obligations under Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). Commencing […] Read more