First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Data breach

U.S. online payment processor Dwolla fined $100,000 for misrepresenting data security practices: Lessons for Canadian companies

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. While Canada has different privacy and consumer protection regimes, the lessons from the Dwolla case point to a new direction in enforcement approaches.

 

, , , , , , , , , , , , , ,

Data breaches: All’s not lost, even if your data is (and if you’ve taken precautions)

As anyone who’s ever left a USB key in a Kinko’s knows, it’s easy to lose a mobile device containing sensitive user information. As a recent statement from the Newfoundland and Labrador’s Office of the Information and Privacy Commissioner shows, taking preemptive steps to make the user information on a mobile device more secure could protect the information – and your organization – if the device ever falls into the wrong hands.

 

, , , , , , , , , ,

Debate continues as to whether general liability policies ought to provide coverage for cyber losses

While well over a dozen class actions have been commenced in Canada with respect to alleged third-party losses stemming from large-scale data breaches, to date there has been no Canadian jurisprudence considering issues of insurance coverage in the context of such breaches. Insurance coverage tailored specifically to damages arising in connection with data breaches and other cyber losses has been available in the Canadian market for a number of years. However, there remain questions as to whether coverage may also be available under other traditional forms of insurance, including general liability policies.

 

, , , , , , , , , , , , ,

New PIPEDA data breach regulations proposed

On March 9, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations.

 

, , , , , , , , ,

Ransomware threat to Canadian businesses broadens

Recent hacker attacks — including the first successful attack on an Apple computer, and several attacks on U.S. and Canadian hospitals — have reminded Canadian businesses of the need to be vigilant about the danger posed by ransomware.

 

, , , , , , , , , , , , , , ,

Federal Court affirms strict compliance with PIPEDA for employers

The Federal Court recently underscored the importance of compliance with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) in a decision that applies only to federal works and undertakings subject to the Act.

 

, , , , , , , , , ,

Businesses should re-evaluate approach to privacy with passage of Digital Privacy Act

The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy policies […]

 

, , , , , , , ,

Cybersecurity governance and D&O liability

The assessment of a corporation’s cyber risks is part of a board of directors’ general risk oversight responsibilities. Since lawsuits, including class actions, are often commenced soon after a data breach, directors and officers should now consider that the board’s oversight of cyber risks may also be closely and thoroughly scrutinized in future litigation and […]

 

, , , , , , , , , , , , , ,

First international standard on cloud services and personal information protection

The International Standards Organization has released a standard for privacy aimed at cloud computing service providers.

 

, , , , , , , , , , , , , , , , , , ,

Help — we’ve been hacked! Cyber risk insurance and related legal issues

A nightmare scenario for any business: you’ve been hacked. The hackers have gained access to countless client records including credit card and other financial data. The expense of dealing with the breach, and the damage to business reputation could be crippling. How best can businesses insure themselves against this and other cyber risks, and what are the legal issues involved?

 

, , , , , , , , , , , , , , , , , , , ,

Good cybersecurity means good info governance

Cybersecurity: the word conjures up images of software engineers in lab coats feverishly analyzing cryptographic code in an effort to thwart an attack from a country somewhere on the other side of the globe. Seemingly daily reports of major data breaches are now coupled with warnings about a cybersecurity “talent gap,” meaning that there is […]

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Implementing electronic payments with an eye towards risk management

As we edge closer and closer to 2013, we’re seeing more people with mobile devices in their pockets. How many people do you know with an iPhone or Android device? The influx of additional devices such as tablets and ultra-thin laptop computers means that more people are online in more places, more often than ever before. This vastly changes the way businesses can choose to sell their products. Enter the implementation of electronic payments.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

Online security – not just for big business

Surely you’ve heard about the major security and data breaches that Sony has experienced this year. It’s bad. It’s a liability. Despite the popularity of their online services, they’ll have to work hard to regain customers’ loyalty. Other big names have experienced similar attacks.

 

, , , , , , , , , , , , , , , , , , ,