First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Privacy Compliance and Management

Pot & privacy: BC Privacy Commissioner issues guidance for protection of personal information in cannabis transactions

The Office of the Information and Privacy Commissioner for British Columbia has released a guidance document to help cannabis retailers and purchasers understand their rights and obligations under the Personal Information Protection Act (British Columbia).

 

, , , ,

Test for patent obviousness not so obvious – Federal Court of Appeal affirms obviousness is a “flexible, contextual, expansive, and fact-driven inquiry”

In late January, in two decisions released simultaneously, the Federal Court of Appeal affirmed the broad and factually-suffused nature of the obviousness inquiry.

 

, , , , , , ,

Whistleblower, hacker, or both? How the Rui Pinto Case can be applied to corporate compliance officers

Rui Pinto was arrested in January by authorities in Budapest on suspicions of illegally hacking emails about European soccer clubs and providing them to the Football Leaks website.

 

, , , ,

Quebec Court of Appeal finds the Genetic Non-Discrimination Act ultra vires

In a recent decision, the Quebec Court of Appeal declared the Genetic Non-Discrimination Act (the “Act”), adopted by the federal Parliament and which came into force on May 4, 2017, to be ultra vires because of its encroachment on the jurisdiction of provincial legislatures.

 

, , , ,

Department of Finance Canada issues consultation paper on open banking

On January 11, 2019, the Department of Finance Canada released a consultation paper seeking the views of Canadians on the potential benefits and risks of an open banking system.

 

, , ,

Transparency & trust: The underlying themes of top 10 ethics & compliance trends

As we prepare for the publication of our 2019 Top 10 Ethics & Compliance Trends Report, a common thread has become evident: transparency.

 

, , , , ,

Standing Committee on Finance releases recommendations on Canada’s anti-money laundering and anti-terrorist financing regime

anti-money laundering

Recently, the House of Common’s Standing Committee on Finance released its report titled, “Confronting Money Laundering and Terrorist Financing: Moving Canada Forward” (the “Report”). The Report was released pursuant to the Standing Committee’s mandate under Standing Order 108(2), which directed the Committee to study the Proceeds of Crime (Money Laundering) and Terrorist Financing Act1 (“PCMLTFA”) and was […]

 

, ,

Five tips for compliance with new privacy consent guidelines

Privacy compliance is top of mind, not the least of all because of GDRP and Canada’s new mandatory breach notification rules. While you are updating your practices and procedures, do not forget that the Guidelines for obtaining meaningful consent (the “Guidelines”) will apply starting on January 1, 2019.

 

, ,

Mistakes to avoid in conducting effective workplace investigations

Experience has shown us time and again that, of all the elements contributing to effective investigations, investigators consistently dedicate insufficient time and effort in a few critical areas; four to be exact.

 

, ,

Security breach notification and reporting requirements are now in force under Canada’s PIPEDA

Canada’s long-awaited federal private-sector data breach notification and reporting requirements came into force on November 1, 2018.

 

, , , , ,

Ten considerations for a cybersecurity incident response plan

If you ask a group of cybersecurity experts what should be included in a Cybersecurity Incident Response Plan (“CIRP”), you will get a wide variety of answers. Happily, many of those answers contain similar themes including these ten important considerations your organization should be aware of when creating and managing a CIRP.

 

, , , , ,

Contractual considerations in robotic process automation and artificial intelligence outsourcing

RPA and AI technologies can be a game-changer for your organization from a commercial perspective, but procuring those technologies and managing the new risk landscape requires a fundamental shift in mindset vis-à-vis a traditional outsourcing contract.

 

, , , , , ,

First review of the GDPR: Four findings after four months

With four months of life behind the GDPR, now is an opportune time to review those developments. Indeed, after assessing those four months we can make the following four findings.

 

, , ,

Why are SOX compliance costs increasing so much?

From a recent survey by Protiviti, the information on how many organizations had to issue a cyber-security disclosure is interesting. Apparently, this generally resulted in an increase on SOX compliance hours – although the reason for a significant increase is not clear.

 

, , , , ,

Learn from British Airways’ security breach reporting and notification

British Airways’ experience described in this article underscores that cybersecurity is important, and Canadian entities preparing for mandatory security breach reporting and notification coming into force soon can take lessons from British Airways’ response to a security breach.

 

, , , , , , , , , , ,

Previous Posts