First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Social Media/Social Networking

CASL’s private right of action for Competition Act reviewable conduct

While much has been written about the impending CASL private rights of action, less has been said about the new private right of action CASL will tack on to the Competition Act for misrepresentations in electronic messages.

 

, , ,

Cyberbullying and revenge porn: An update on Canadian law

The current nature of social media and, more broadly, the Digital Age, continues to create challenges for legislators and law enforcement officials alike. One such challenge arises in the cyberbullying context, where intimate (or otherwise private) images are uploaded to the Internet. These files can be copied, forwarded and shared instantaneously, making them seemingly impossible to delete retrospectively. There have been developments in both common law in statute.

 

, , , , , , , , , ,

Is there a duty of device security? U.S. regulator fires warning shot over obligations of IoT manufacturers

A complaint filed by the U.S. Federal Trade Commission against D-Link Corporation, a Taiwanese computer networking equipment manufacturer, and its U.S. subsidiary, is raising questions about the extent of responsibility that networking equipment manufacturers may have for the security of their products, and how much of that responsibility rests with consumers and end users.

 

, , , , , , , , , , , , ,

Why do so many practitioners misunderstand risk?

My apologies in advance to all those who talk about third–party risk, IT risk, cyber risk, and so on. We don’t, or shouldn’t, address risk for its own sake. That’s what we are doing when we talk about these risk silos. We should address risk because of its potential effect on the achievement of enterprise objectives.

 

, , ,

Copyright year in review 2016

This article highlights noteworthy Canadian copyright law decisions and developments from 2016.

 

, , , , , , , , , , , , , , ,

Cannabis legislation and regulation

The Liberal Party of Canada made the legalization of marijuana a priority during the 2015 federal election campaign and now the Liberal government has taken a step toward enacting that promise. On June 30, 2016, the Government of Canada launched a Task Force to advise it on the design of a legislative and regulatory framework for legal access to cannabis. The prescribed framework was the Government’s commitment in the 2015 Speech From the Throne to legalize, regulate, and restrict access to cannabis.

 

, , , , , , ,

CASL and private right of action

Canada has the most onerous anti–spam/anti–malware law (CASL) in the world. In less than a year, July 1, 2017, it is going to become even worse. That’s when the private right of action comes into force.

 

, , , , , , , , , , ,

Closing your business for the holidays

The holidays are quickly approaching. However, leading to that point of unwinding can be stressful for many business owners, with the balancing of family demands and workplace year–end pressures. Regardless of such amounting pressures, businesses should not neglect their responsibilities to employees and clients before closing for the holidays.

 

, , , , ,

CASL made clearer: First CRTC decision released

Until now, the Canadian Radio-Television and Telecommunications Commission’s CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the Enforcement Branch and the company. But this decision, released on October 26, 2016, is significant because it is the first CASL enforcement decision to provide guidance on compliance. The decision contains several important lessons about regulation of commercial electronic messages in Canada before class action enforcement opens on July 1, 2017.

 

, , , , , , ,

Cybersecurity: CSA issues new guidance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (CSA) issued CSA Staff Notice 11-332 – Cyber Security (2016 Notice). The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security for reporting issuers, registrants and regulated entities.

 

, , , , , ,

Privacy injunctions in the age of the internet and social media

Canadian common law courts are still far behind the English courts which have developed a much more flexible tort of misuse of private information, as well as remedies for breach that include damages to compensate for the loss or diminution of a right to control private information, and now following the PJS case, perhaps also exemplary or punitive damages and an accounting of profits. Surprisingly, Canadian courts have not had to canvass recently whether the English common law tort of misuse of private information should be adopted in Canada.

 

, , , , , , , ,

Cyber risk and audit

Clearly, cyber risk and audit is the topic of the day, if not the year and decade. The leader of Protiviti’s IT audit practice, David Brand, has weighed in with “Ten Cybersecurity Action Items for CAEs and Internal Audit Departments”. He has some valuable ideas that merit consideration, not only by internal auditors, but by security professionals, boards, risk officers, and more broadly among the executive group. I will let you read his post and suggested action items.

 

, , , , , , , ,

IP address as personal information: Canadian and EU positions

The Office of the Privacy Commissioner’s findings do not mean that consent to the collection of an IP address is always required. There may be a number of legitimate reasons for collecting this information, including those relating to security of the site. These reasons would not necessarily extend, however, to collection and use of IP addresses for advertising purposes without some form of consent.

 

, , , , , , , , ,

CRTC’s reminder on record-keeping for CASL compliance

The Canadian Radio-television and Telecommunications Commission issued an enforcement advisory directing businesses and individuals to consider the importance of record-keeping pursuant to Canada’s anti-spam legislation (CASL). Under CASL, the onus remains on the sender of commercial electronic messages (CEMs) to demonstrate that it had the proper consents in place to send CEMs (whether implied or explicit).

 

, , , , ,

Proving consent under CASL: CRTC issues enforcement advisory notice

The Canadian Radio–television and Telecommunications Commission has issued an Enforcement Advisory notice directed to businesses and individuals that send commercial electronic messages (CEMs) as part of their commercial activities. Notably, the sender of CEMs must have the consent of the recipient to send them a message, or else the message is considered spam.

 

, , , , ,

Previous Posts