First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Social Media/Social Networking

Closing your business for the holidays

The holidays are quickly approaching. However, leading to that point of unwinding can be stressful for many business owners, with the balancing of family demands and workplace year–end pressures. Regardless of such amounting pressures, businesses should not neglect their responsibilities to employees and clients before closing for the holidays.

 

, , , , ,

CASL made clearer: First CRTC decision released

Until now, the Canadian Radio-Television and Telecommunications Commission’s CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the Enforcement Branch and the company. But this decision, released on October 26, 2016, is significant because it is the first CASL enforcement decision to provide guidance on compliance. The decision contains several important lessons about regulation of commercial electronic messages in Canada before class action enforcement opens on July 1, 2017.

 

, , , , , , ,

Cybersecurity: CSA issues new guidance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (CSA) issued CSA Staff Notice 11-332 – Cyber Security (2016 Notice). The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security for reporting issuers, registrants and regulated entities.

 

, , , , , ,

Privacy injunctions in the age of the internet and social media

Canadian common law courts are still far behind the English courts which have developed a much more flexible tort of misuse of private information, as well as remedies for breach that include damages to compensate for the loss or diminution of a right to control private information, and now following the PJS case, perhaps also exemplary or punitive damages and an accounting of profits. Surprisingly, Canadian courts have not had to canvass recently whether the English common law tort of misuse of private information should be adopted in Canada.

 

, , , , , , , ,

Cyber risk and audit

Clearly, cyber risk and audit is the topic of the day, if not the year and decade. The leader of Protiviti’s IT audit practice, David Brand, has weighed in with “Ten Cybersecurity Action Items for CAEs and Internal Audit Departments”. He has some valuable ideas that merit consideration, not only by internal auditors, but by security professionals, boards, risk officers, and more broadly among the executive group. I will let you read his post and suggested action items.

 

, , , , , , , ,

IP address as personal information: Canadian and EU positions

The Office of the Privacy Commissioner’s findings do not mean that consent to the collection of an IP address is always required. There may be a number of legitimate reasons for collecting this information, including those relating to security of the site. These reasons would not necessarily extend, however, to collection and use of IP addresses for advertising purposes without some form of consent.

 

, , , , , , , , ,

CRTC’s reminder on record-keeping for CASL compliance

The Canadian Radio-television and Telecommunications Commission issued an enforcement advisory directing businesses and individuals to consider the importance of record-keeping pursuant to Canada’s anti-spam legislation (CASL). Under CASL, the onus remains on the sender of commercial electronic messages (CEMs) to demonstrate that it had the proper consents in place to send CEMs (whether implied or explicit).

 

, , , , ,

Proving consent under CASL: CRTC issues enforcement advisory notice

The Canadian Radio–television and Telecommunications Commission has issued an Enforcement Advisory notice directed to businesses and individuals that send commercial electronic messages (CEMs) as part of their commercial activities. Notably, the sender of CEMs must have the consent of the recipient to send them a message, or else the message is considered spam.

 

, , , , ,

Reasonable expectation of privacy and text messaging

The task of picking up the phone, dialing and anticipating a “hello” on the other end can be daunting for many people. Text messaging, compared to phone calls, has dominated the way we communicate with one another over the years. With the abundance of text messages exchanged between people, there stems an important question with respect to privacy. That is, is there a reasonable expectation of privacy in a text message once it has been sent and received by the intended recipient? The Ontario Court of Appeal recently concluded that there is not. Thereby ruling that text messages seized from a recipient’s phone can be used against the sender in court.

 

, , , , ,

Debate continues as to whether general liability policies ought to provide coverage for cyber losses

While well over a dozen class actions have been commenced in Canada with respect to alleged third-party losses stemming from large-scale data breaches, to date there has been no Canadian jurisprudence considering issues of insurance coverage in the context of such breaches. Insurance coverage tailored specifically to damages arising in connection with data breaches and other cyber losses has been available in the Canadian market for a number of years. However, there remain questions as to whether coverage may also be available under other traditional forms of insurance, including general liability policies.

 

, , , , , , , , , , , , ,

The art of restraint

A restrictive covenant is a class of legal “promise” imposing a restriction on one party for the benefit of another. When drafted correctly, restrictive covenants are an invaluable tool to protect your business.

 

, , , , , , ,

Private right of action under Canada’s Anti-Spam Law (CASL)

As of July 1, 2017, individuals and organizations will be entitled to institute a “private right of action” before the courts against those that contravene certain provisions of Canada’s Anti-Spam Law (“CASL”). In the event of a contravention of the message rules in CASL, a monetary penalty up to a maximum of $1,000,000 per day may be imposed. This private right of action should be taken seriously right now. From this perspective and building on previous publications, this bulletin discusses this new mechanism.

 

, , , , , , , , ,

Managing risk means opening your eyes every day

On the surface, it is good news that the majority of Canadian CFOs are confident in their management of risk and believe that employees understand the risks to the organization. 72% feel that their strategy is aligned with their risk appetite. But, do the authors of the study understand what effective risk management entails?

 

, , , , , , ,

New PIPEDA data breach regulations proposed

On March 9, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations.

 

, , , , , , , , ,

Insights from the I Spy conference on big data and privacy

On Friday February 5, 2016, we attended the I Spy: Opportunities and Challenges Surrounding Privacy and Big Data conference organized by the Osgoode JD/MBA Students’ Association. Speakers from industry, government and private practice explored the challenge organizations face in maximizing insights from big data while maintaining a respect for individual privacy.

 

, , , , , , , , ,

Previous Posts Next posts