First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy law

Government of Canada publishes proposed Breach of Security Safeguards Regulations

On September 2, 2017, the Government of Canada published proposed Breach of Security Safeguards Regulations. The proposed regulations relate to the provisions in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), which are not yet in force.

 

, , ,

Searches of electronic devices at the Canada/US border

The possibility of arbitrary searches of the electronic devices of persons crossing into the US continues to raise concerns among Canadians and, in particular, privacy regulators. Recent statements (and subsequent legislative amendments) are attempting to address some of the legal issues.

 

, , , , , , , ,

Lenovo and Superfish: Proposed class action proceeds on privacy tort and statutes

It has been reported that a partial settlement may have been reached with Superfish, in a U.S. class action against both defendants. The settlement reportedly includes Superfish’s cooperation with the plaintiffs by disclosing over 2.8 million additional files and providing Superfish witnesses for a potential trial. The Canadian proposed class action is very much in its infancy. It remains to be seen how the class action will evolve in Canada.

 

, , , , , , ,

Privacy law: The Supreme Court of Canada’s Royal Bank of Canada v. Trang

The Supreme Court of Canada released a landmark decision giving important guidance on when personal financial information may be disclosed under Canada’s federal privacy law, the Personal Information Protection and Electronic Documents Act.

 

, , , , , ,

Adequacy of Canadian privacy law

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states.

 

, , , , , ,

Privacy, privilege and wilfulness

On July 26th, 2016, the Supreme Court of British Columbia released an interesting decision that addresses questions regarding: (1) the scope of privilege that applies to work done by lawyers in relation to judicial proceedings; and (2) the interpretation of BC’s Privacy Act with respect to the requirements of “wilfulness”.

 

, , , , , , , , , , , ,

The hiring process: How to control risks

Recruiting and hiring new staff members is fraught with challenges. Which candidate has the right combination of skills for the job? Will she fit in with her new team members? Can he actually do the things he says he can? These questions are fundamental to effective hiring, but they don’t begin to consider the legal risks associated with the hiring process.

 

, , , , , , , , , , , ,

Cyber-insurance: What you need to know?

A question that I often get from clients is one about cyber-insurance. In light of the recent passing of Bill S-4, better known as the Digital Privacy Act, the Personal Information Protection and Electronic Act has now been amended to include mandatory breach notification provisions. While these mandatory breach notification provisions are not yet in force, it is a good time to review your cyber-insurance coverage.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

Slaw: Adjudicator decides Legal Aid Society a not-for-profit subject to PIPA

On February 11, 2013, an adjudicator of the Alberta Office of the Information and Privacy Commissioner decided that Alberta’s Legal Aid Society is subject to the Personal Information Protection Act (PIPA), with consequences for all non-profit organizations that conduct activities with a commercial character. . .

 

, , , , , , , , , , , ,

Privacy practices for developing mobile applications (apps)

mobile-apps

Privacy practices, and all things mobile, are both hot topics these days. This is in part because mobile devices and apps are fun, cool, provide value, and are on the rise. They are used by professionals of all types, and people of most any age, including our youth. This however feeds the assumption that technology in general, including mobile devices and apps, is threatening the privacy rights of individuals.

 

, , , , , , , , , , , , , , , , , , , , , ,

Do you offer ‘paperless receipts’?

If you do, you should make sure you understand the privacy and personal information implications. CTV reports that some Canadian retailers are now offering their customers an “e-receipt”, which they can receive by email or access at dedicated websites. Sure, it’s a “green” option, and maybe more convenient for customers who want to track their purchases, but it requires the customer to provide an email address, which might allow retailers to “learn a lot about a customer’s preferences and buying habits”.

 

, , , , , , , , , , , ,