First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

PIPEDA

New PIPEDA data breach regulations proposed

On March 9, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations.

 

, , , , , , , , ,

Ransomware threat to Canadian businesses broadens

Recent hacker attacks — including the first successful attack on an Apple computer, and several attacks on U.S. and Canadian hospitals — have reminded Canadian businesses of the need to be vigilant about the danger posed by ransomware.

 

, , , , , , , , , , , , , , ,

Phone companies after R v. Rogers: Constitutional guardians or agents of the State?

People love their phones. Phones now accompany us pretty much wherever we go, whatever we do. People use their phones in church, in restaurants, at the theatre, and, apparently, while committing crimes. And our phones are leaving a trail behind us.

Police know this. They also know that records are created every time our phones connect to cell towers to send and receive calls, SMS messages, or data. Every one of those records indicates that a phone (and, implicitly, the person carrying it) was in range of a particular cell tower, at a particular time.
This could be useful information if, say, one wanted to identify the person (or people) responsible for a string of jewelry store robberies.

The method will be familiar to many from movies and T.V. shows: all you need to do is to gather a list of every single person who was near each of the locations of interest at the time of interest and analyze the patterns. And, hey, that cell tower data can provide that list….

But is it legal?

 

, , , , , , , , , , ,

Federal Court affirms strict compliance with PIPEDA for employers

The Federal Court recently underscored the importance of compliance with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) in a decision that applies only to federal works and undertakings subject to the Act.

 

, , , , , , , , , ,

Businesses should re-evaluate approach to privacy with passage of Digital Privacy Act

The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy policies […]

 

, , , , , , , ,

Bill C-13: Lawful access and the relationship between organizations, cyber-bullying and the protection of privacy rights

On December 9, 2014, Bill C-13, An Act to amend the Criminal Code, the Canada Evidence Act, the Competition Act and the Mutual Legal Assistance in Criminal Matters Act (Act) – also known as the Protecting Canadians from Online Crime Act –, received the royal assent. The Act came into force on March 9, 2015.

 

, , , , , , , , , , , , , , , ,

Cyber-insurance: What you need to know?

A question that I often get from clients is one about cyber-insurance. In light of the recent passing of Bill S-4, better known as the Digital Privacy Act, the Personal Information Protection and Electronic Act has now been amended to include mandatory breach notification provisions. While these mandatory breach notification provisions are not yet in force, it is a good time to review your cyber-insurance coverage.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

Marketing compliance news

E-commerce offers tremendous opportunities for non-profits. Large advertising budgets are no longer necessary to reach a broad audience. Volunteers can be more easily coordinated, charitable receipts issued relatively inexpensively, special events registration managed with far less human intervention required. This is all good news for non-profits. But along with this new e-reality have come new e-headaches.

 

, , , , , , , , , , , , , , , , , , , , ,

Business guidelines on how to destroy personal information

Organizations collect more and more personal data these days—from customers and employees. With all of this new data in their hands, organizations may be tempted to hold onto it without an express purpose, or they may be unsure what to do with it once it has served its original purpose.

 

, , , , , , , , , , , , , , , , , , ,

New anti-spam legislation could bolster Canadian privacy commissioner’s call for greater PIPEDA enforcement powers

Canada’s new anti-spam legislation comes into effect later this year, and it packs a punch—fines of up to $10 million per violation for companies and up to $1 million per violation for individuals. The government was clearly prepared to give regulators substantial teeth to both encourage compliance and punish non-compliance.

 

, , , , , , , , , , , , , , , , , , , , , ,

Industry Canada announces effective dates of anti-spam legislation

After three years of waiting, Industry Canada has finalized the Electronic Commerce Protection Regulations and set a date for Canada’s anti-spam legislation to come into force. Canada’s anti-spam legislation will be phased in over four years starting July 1, 2014—seven short months from now.

 

, , , , , , , , , , , , , , , , , , , , , , , , ,

Can an employee request access to their personnel and payroll files?

In Canada, employees have the right to access information in their personnel and payroll files, provided that it does not interfere with another employee’s privacy rights.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Are you ready for the anti-spam legislation? Part 1

Spam emails—everyone receives them, no one particularly likes them. Some of us delete them. Some of us simply ignore them. But, are they such a problem that requires all Canadian businesses, big or small, to overhaul how they communicate with their customers and potential customers?—You be the judge.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Privacy Commissioner’s case for reforming PIPEDA

With 10 years of experience as Privacy Commissioner of Canada behind her, and her term reaching its end, Jennifer Stoddart has released a report titled “The Case for Reforming the Personal Information Protection and Electronic Documents Act” which describes how to modernize Canada’s private-sector privacy legislation to ensure it is able to meet the current and future challenges of the digital age and protect Canadians’ right to privacy.

 

, , , , , , , , , , , , , , , , , , , ,

Privacy practices for developing mobile applications (apps)

mobile-apps

Privacy practices, and all things mobile, are both hot topics these days. This is in part because mobile devices and apps are fun, cool, provide value, and are on the rise. They are used by professionals of all types, and people of most any age, including our youth. This however feeds the assumption that technology in general, including mobile devices and apps, is threatening the privacy rights of individuals.

 

, , , , , , , , , , , , , , , , , , , , , ,

Previous Posts Next posts