First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Personal Information Protection and Electronic Documents Act

Privacy law: The Supreme Court of Canada’s Royal Bank of Canada v. Trang

The Supreme Court of Canada released a landmark decision giving important guidance on when personal financial information may be disclosed under Canada’s federal privacy law, the Personal Information Protection and Electronic Documents Act.

 

, , , , , ,

Public Safety Canada calls for submissions on new national cybersecurity strategy

On August 16, 2016, Public Safety Canada (“PSC”) issued a consultation paper, launching a public consultation as part of PSC’s development of an updated national cybersecurity strategy. The consultation will close on October 15, 2016. Businesses may want to consider making submissions in respect of some key questions posed around possible regulation or standard-setting regarding Internet of Things and connected devices, certification for E-commerce activities, and information sharing (especially in respect of critical infrastructure).

 

, , , , , , , , , , , , , ,

Pension and benefit plan provider breaches privacy law causing employee to lose life insurance coverage

Many of us have called service providers to change basic information, such as a mailing address. You pick up the phone, speak to a representative, and the change is made; no big deal, right? This seamless scenario may not always be the case. Any little misstep on an organization’s part can cause grief not only for the customer, but also for the organization itself. This proved to be true when an employee complained, to the Office of the Privacy Commissioner of Canada, that her employment pension and benefit provider disclosed her personal information to a third party without her consent.

 

, , , , , , , , , , ,

U.S. online payment processor Dwolla fined $100,000 for misrepresenting data security practices: Lessons for Canadian companies

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. While Canada has different privacy and consumer protection regimes, the lessons from the Dwolla case point to a new direction in enforcement approaches.

 

, , , , , , , , , , , , , ,

Private right of action under Canada’s Anti-Spam Law (CASL)

As of July 1, 2017, individuals and organizations will be entitled to institute a “private right of action” before the courts against those that contravene certain provisions of Canada’s Anti-Spam Law (“CASL”). In the event of a contravention of the message rules in CASL, a monetary penalty up to a maximum of $1,000,000 per day may be imposed. This private right of action should be taken seriously right now. From this perspective and building on previous publications, this bulletin discusses this new mechanism.

 

, , , , , , , , ,

Attempt to fix email issue causes privacy issue

A recent privacy complaint was filed against a telecommunications company under PIPEDA regarding frequent email problems.

 

, , , , , , , ,

New PIPEDA data breach regulations proposed

On March 9, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations.

 

, , , , , , , , ,

Ransomware threat to Canadian businesses broadens

Recent hacker attacks — including the first successful attack on an Apple computer, and several attacks on U.S. and Canadian hospitals — have reminded Canadian businesses of the need to be vigilant about the danger posed by ransomware.

 

, , , , , , , , , , , , , , ,

Hackable Barbies, malicious POODLEs: PIPEDA compliance and the Internet of Things

She stands just under a foot tall, has a résumé that includes such storied accomplishments as astronaut, registered nurse, and Presidential candidate. Whether cropped or worn shoulder-length, her iconic blonde hair has been inspiring popular culture since well before Madonna. She’s owned more dream homes than most real estate magnates, and earlier last month Barbie tried out a brand new accessory that has been turning heads ever since—an AzureWave AW-CU300E 802.11 b/g/n WiFi Microcontroller Module.

 

, , , , , , , , , , ,

Federal Court affirms strict compliance with PIPEDA for employers

The Federal Court recently underscored the importance of compliance with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) in a decision that applies only to federal works and undertakings subject to the Act.

 

, , , , , , , , , ,

Businesses should re-evaluate approach to privacy with passage of Digital Privacy Act

The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy policies […]

 

, , , , , , , ,

Lessons from the Saanich spyware fiasco and new privacy laws to be aware of

In our current information age, security over electronic information and protection against unauthorized access is foundational to employers’ businesses. To guard against endlessly multiplying electronic threats, employers must resort to electronic means and, understandably, often resort to broad and comprehensive software to protect their operations. However, the situation involving the District of Saanich earlier this year is a good reminder to all B.C. employers that cyber-protection cannot be used at the expense of employees’ privacy.

 

, , , , , , , , , , , , , ,

CASL “take 2”: New provisions coming for January 2015

Author: Xavier Beauchamp-Tremblay, Norton Rose Fulbright LLP The entry into force of the first group of provisions of Canada’s anti-spam act [1] (CASL) on July 1, 2014, (the Spam Provisions) generated considerable attention. Now that businesses have (hopefully) determined and deployed their compliance strategy for the Spam Provisions, another set of articles from CASL is […]

 

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

Marketing compliance news

E-commerce offers tremendous opportunities for non-profits. Large advertising budgets are no longer necessary to reach a broad audience. Volunteers can be more easily coordinated, charitable receipts issued relatively inexpensively, special events registration managed with far less human intervention required. This is all good news for non-profits. But along with this new e-reality have come new e-headaches.

 

, , , , , , , , , , , , , , , , , , , , ,

Business guidelines on how to destroy personal information

Organizations collect more and more personal data these days—from customers and employees. With all of this new data in their hands, organizations may be tempted to hold onto it without an express purpose, or they may be unsure what to do with it once it has served its original purpose.

 

, , , , , , , , , , , , , , , , , , ,

Previous Posts