First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Cyberlaw, Internet Law

The Québec Private Sector Privacy Act: When does it apply to organizations outside of Québec?

While Québec Courts have delineated the scope of province’s Private Sector Privacy Act through the notion of “enterprise,” they have yet to delineate the scope of the Act’s territorial application. Determining the territorial application of Québec privacy legislation thus remains unsettled and unclear.

 

, , , , ,

OECD principles on artificial intelligence released

On May 22, 2019, the Organization for Economic Cooperation and Development (OECD) approved the OECD Recommendation on Artificial Intelligence.

 

, , ,

Canadian government announces new Digital Charter

On May 21, 2019, the Honourable Navdeep Bains, Minister of Innovation, Science and Economic Development, announced the introduction of Canada’s new Digital Charter. This blog post summarizes the highlights of Minister Bains’ announcement and the principles of the Digital Charter.

 

, , , , , , ,

CSA and IIROC propose regulatory framework for cryptoasset trading platforms

On March 14, 2019, the Canadian Securities Administrators and the Investment Industry Regulatory Organization of Canada published Consultation Paper 21-402 Proposed Framework for Crypto-Asset Trading Platforms proposing a regulatory framework for platforms that trade cryptoassets.

 

, , , ,

Osler submission to OECD on public consultation document addressing the tax challenges of the digitalisation of the economy

Osler made a submission [PDF] to the OECD in response to its February 13, 2019 public consultation document on the possible solutions to the tax challenges of digitalization (the 2019 Public Consultation Document).

 

, ,

SWIFT publishes cybersecurity counterparty risk guidelines

On February 15, 2019, the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) published guidelines for assessing cybersecurity counterparty risk for financial institutions (the “Guidelines”).

 

, , , , , ,

Hyperventilating about cyber – Part I

It’s hard to see a survey these days that doesn’t include cyber as one of the top risks faced by organizations around the world. But should it be?

 

, , ,

People still don’t know how to assess cyber risk!

Why do the consultants keep advising management and the boards to consider cyber risk as if it is separate from all other business risks?

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2018

This year on the Inside Internal Controls blog we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit, and business management.

 

, , , , ,

Bill introducing changes to IP legislation receives swift approval from parliament

Bill C-86, the Budget Implementation Act, 2018, No. 2, (the “Bill”) which makes a number of changes to the Trademarks Act, the Patent Act and the Copyright Act as well as introducing the College of Patent Agents and Trademark Agents Act became law in Canada after receiving Royal Assent on Dec. 13, 2018.

 

, , , ,

Who takes cyber risk?

Who is taking cyber risk? Is it the board and top management who are deciding how much scarce resource to invest in breach prevention, detection and response? Or is it the business leaders whose initiatives are damaged or worse should there be a security incident?

 

, ,

Security breach notification and reporting requirements are now in force under Canada’s PIPEDA

Canada’s long-awaited federal private-sector data breach notification and reporting requirements came into force on November 1, 2018.

 

, , , , ,

UK government guidance on risk and cyber: the very good and the very bad

The National Cyber Security Center (NCSC) is a part of the UK’s Government Communications Headquarters (GCHQ). If you are like me, you may have only heard about GCHQ in an unflattering context, that of working with US intelligence agencies to spy on foreign heads of state and hack foreign agencies.

 

, ,

Ten considerations for a cybersecurity incident response plan

If you ask a group of cybersecurity experts what should be included in a Cybersecurity Incident Response Plan (“CIRP”), you will get a wide variety of answers. Happily, many of those answers contain similar themes including these ten important considerations your organization should be aware of when creating and managing a CIRP.

 

, , , , ,

Targeting the “middle-man”: Intermediaries face $250,000 in penalties for aiding “malvertising” under CASL

CASL compliance has turned to a new group of actors: the service and infrastructure providers that spammers and fraudsters utilize to perpetrate CASL offences.

 

, , , , ,

Previous Posts