First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Office of the Privacy Commissioner of Canada

U.S. online payment processor Dwolla fined $100,000 for misrepresenting data security practices: Lessons for Canadian companies

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. While Canada has different privacy and consumer protection regimes, the lessons from the Dwolla case point to a new direction in enforcement approaches.

 

, , , , , , , , , , , , , ,

Private right of action under Canada’s Anti-Spam Law (CASL)

As of July 1, 2017, individuals and organizations will be entitled to institute a “private right of action” before the courts against those that contravene certain provisions of Canada’s Anti-Spam Law (“CASL”). In the event of a contravention of the message rules in CASL, a monetary penalty up to a maximum of $1,000,000 per day may be imposed. This private right of action should be taken seriously right now. From this perspective and building on previous publications, this bulletin discusses this new mechanism.

 

, , , , , , , , ,

Attempt to fix email issue causes privacy issue

A recent privacy complaint was filed against a telecommunications company under PIPEDA regarding frequent email problems.

 

, , , , , , , ,

New PIPEDA data breach regulations proposed

On March 9, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations.

 

, , , , , , , , ,

Privacy Commissioner examines cyber security

The increasing cyber security threat continues to raise a series of privacy risks for organizations. The Office of the Privacy Commissioner of Canada (OPC) has been regularly focusing on cyber security in letters of findings and guidance and, most recently, in a report, entitled “Privacy and Cyber Security: Emphasizing privacy protection in cyber security activities”.

 

, , , , , ,

Privacy practices for developing mobile applications (apps)

mobile-apps

Privacy practices, and all things mobile, are both hot topics these days. This is in part because mobile devices and apps are fun, cool, provide value, and are on the rise. They are used by professionals of all types, and people of most any age, including our youth. This however feeds the assumption that technology in general, including mobile devices and apps, is threatening the privacy rights of individuals.

 

, , , , , , , , , , , , , , , , , , , , , ,

Three Facebook legal challenges businesses should know about

Over the brief period of Facebook’s existence, the company’s practices have provided a rich source of knowledge for businesses and other organizations that collect and use customers’ information, operate online or generally fall under the Personal Information Protection and Electronic Documents Act (PIPEDA) or other privacy legislation.

 

, , , , , , , , , , , , , , , , , , ,

Need to know: privacy commissioner’s report on pressing online privacy issues

In 2010, the Office of the Privacy Commissioner of Canada conducted consultations on current privacy issues, including online tracking, profiling, targeting and cloud computing. The office released its report on the consultations earlier this year, and it’s available online.

 

, , , , , , , , , , ,