First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Cyberlaw, Internet Law

Lenovo and Superfish: Proposed class action proceeds on privacy tort and statutes

It has been reported that a partial settlement may have been reached with Superfish, in a U.S. class action against both defendants. The settlement reportedly includes Superfish’s cooperation with the plaintiffs by disclosing over 2.8 million additional files and providing Superfish witnesses for a potential trial. The Canadian proposed class action is very much in its infancy. It remains to be seen how the class action will evolve in Canada.

 

, , , , , , ,

Canadian government suspends CASL private right of action

The Canadian federal government has announced that it has suspended the coming into force of the private right of action under Canada’s anti-spam legislation (CASL), originally scheduled to come into force on July 1, 2017.

 

, , , , , , , ,

CASL’s soon-to-be-enacted private right of action brings risk of class proceedings

On July 1, 2017, the private right of action under Canada’s Anti-Spam Legislation (CASL) will come into force.

 

, , , ,

Don’t outsmart yourself: AI and compliance

I’m a big fan of artificial intelligence. The older I get, the more I appreciate that real intelligence needs all the help it can get. Corporate ethics and compliance officers, however, need to pause before betting big on AI as a solution to all our needs.

 

, , , , ,

Website operator jailed for distributing copyright infringing copies of musical works: R v Evans

Is operating a website that provides links to torrent websites which facilitates unauthorized downloading of musical works a criminal offence? If so, can the operator of such sites expect jail time as punishment for this crime? In a recent decision of the English and Wales Court of Appeal, the accused, Mr Evans, was convicted of two offences of distributing infringing copies of musical works and was sentenced to 12 months in prison for these crimes.

 

, , , ,

CASL’s private right of action for Competition Act reviewable conduct

While much has been written about the impending CASL private rights of action, less has been said about the new private right of action CASL will tack on to the Competition Act for misrepresentations in electronic messages.

 

, , ,

Ontario court decides ground-breaking online copyright case

Trader Corp v CarGurus Inc, a recent Ontario Superior Court decision, breaks a staggering amount of new ground in Canadian copyright law.

 

, ,

Real answers to common questions on cybersecurity

Every day there is something in the news about organizations generally of all different sizes that have been breached and have had to deal with the impact of the loss, compromise or destruction of data. Making key decision-makers aware of the general threat landscape is helpful, but more helpful is making them aware of the threat landscape specific to your organization.

 

, , , , , , ,

Cyber and reputation risk are dominoes

As I was reading the book, I realized that I have a problem with organizations placing separate attention to reputation risk and its management. It’s simply an element, which should not be overlooked, in how any organization manages risk – or, I should say, how it considers what might happen in its decision-making activities.

 

, , , , ,

Cyberbullying and revenge porn: An update on Canadian law

The current nature of social media and, more broadly, the Digital Age, continues to create challenges for legislators and law enforcement officials alike. One such challenge arises in the cyberbullying context, where intimate (or otherwise private) images are uploaded to the Internet. These files can be copied, forwarded and shared instantaneously, making them seemingly impossible to delete retrospectively. There have been developments in both common law in statute.

 

, , , , , , , , , ,

Lawful access: The Privacy Commissioner reiterates its position

Patricia Kosseim, Senior General Counsel and Director General, Legal Services, Policy, Research and Technology Analysis for the Office of the Privacy Commissioner of Canada, was asked, at the request of Commission’s counsel, to provide an overview of the legislation for protecting privacy in Canada and to answer questions about lawful access issues from a federal perspective.

 

, , , , , , , , ,

Is there a duty of device security? U.S. regulator fires warning shot over obligations of IoT manufacturers

A complaint filed by the U.S. Federal Trade Commission against D-Link Corporation, a Taiwanese computer networking equipment manufacturer, and its U.S. subsidiary, is raising questions about the extent of responsibility that networking equipment manufacturers may have for the security of their products, and how much of that responsibility rests with consumers and end users.

 

, , , , , , , , , , , , ,

How much cyber risk should an organization take?

I did a video with Joe McCafferty of MISTI last month. I am interested in whether you share my views. I also have some questions for you—after you watch the video.

 

, , , , , , , ,

Why do so many practitioners misunderstand risk?

My apologies in advance to all those who talk about third–party risk, IT risk, cyber risk, and so on. We don’t, or shouldn’t, address risk for its own sake. That’s what we are doing when we talk about these risk silos. We should address risk because of its potential effect on the achievement of enterprise objectives.

 

, , ,

Not–for–profits and charities: 4 New Year’s resolutions

Many people feel that New Year’s resolutions are passé, particularly since so many resolutions go unachieved each year. But, a resolution is essentially a plan to tackle something of importance, and planning is often half the battle. The following are 4 resolutions that can help strengthen charities and other not–for–profits in 2017.

 

, , , , ,

Previous Posts