First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy and security

CASL enforcement: Recent trend

It can be relatively difficult to read the tea leaves in the CRTC’s approach to CASL enforcement, because there is little public record of those enforcement activities. This was noted by the Standing Committee on Industry, Science and Technology, in its statutory review of the Act. However, what signs do exist suggest that enforcement activities are accelerating. In 2016 and 2017, the CRTC announced only one undertaking in a CASL proceeding. By contrast, in the first quarter of 2018, there have already been two.

 

, , , ,

It’s official: Mandatory data breach notification coming on November 1, 2018

The coming into force of mandatory breach notification and record-keeping requirements on November 1, 2018 should be viewed by organizations as an effort to align Canadian legal and regulatory requirements with those in the United States and Europe (especially with the General Data Protection Regulations – or GDPR – coming into force in May 2018).

 

, , , , , ,

Is there a duty of device security? U.S. regulator fires warning shot over obligations of IoT manufacturers

A complaint filed by the U.S. Federal Trade Commission against D-Link Corporation, a Taiwanese computer networking equipment manufacturer, and its U.S. subsidiary, is raising questions about the extent of responsibility that networking equipment manufacturers may have for the security of their products, and how much of that responsibility rests with consumers and end users.

 

, , , , , , , , , , , , ,