First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy

Former employee steals personal information to purchase smart phones

The Office of the Information and Privacy Commissioner of Alberta has required a payment processing organization to notify individuals pursuant to section 37.1 of the province’s Personal Information Protection Act because there was a real risk of significant harm to those individuals affected by an incident that involved unauthorized access and theft of information of 60 Alberta residents.

 

, , , ,

Lenovo and Superfish: Proposed class action proceeds on privacy tort and statutes

It has been reported that a partial settlement may have been reached with Superfish, in a U.S. class action against both defendants. The settlement reportedly includes Superfish’s cooperation with the plaintiffs by disclosing over 2.8 million additional files and providing Superfish witnesses for a potential trial. The Canadian proposed class action is very much in its infancy. It remains to be seen how the class action will evolve in Canada.

 

, , , , , , ,

Lawful access: The Privacy Commissioner reiterates its position

Patricia Kosseim, Senior General Counsel and Director General, Legal Services, Policy, Research and Technology Analysis for the Office of the Privacy Commissioner of Canada, was asked, at the request of Commission’s counsel, to provide an overview of the legislation for protecting privacy in Canada and to answer questions about lawful access issues from a federal perspective.

 

, , , , , , , , ,

Cybersecurity best practices for connected cars

Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.

 

, , , , , , , , , , , , , , ,

Privacy, privilege and wilfulness

On July 26th, 2016, the Supreme Court of British Columbia released an interesting decision that addresses questions regarding: (1) the scope of privilege that applies to work done by lawyers in relation to judicial proceedings; and (2) the interpretation of BC’s Privacy Act with respect to the requirements of “wilfulness”.

 

, , , , , , , , , , , ,

Warnings to companies claiming APEC privacy certification

The United States Federal Trade Commission has issued warning letters to 28 companies claiming to be certified participants in the Asia–Pacific Economic Cooperative Cross-Border Privacy Rules system. This is an important reminder for companies, including Canadian companies, that the use of international certifications is something in which regulators take a keen interest.

 

, , ,

Cybersecurity: CSA issues new guidance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (CSA) issued CSA Staff Notice 11-332 – Cyber Security (2016 Notice). The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security for reporting issuers, registrants and regulated entities.

 

, , , , , ,

Privacy injunctions in the age of the internet and social media

Canadian common law courts are still far behind the English courts which have developed a much more flexible tort of misuse of private information, as well as remedies for breach that include damages to compensate for the loss or diminution of a right to control private information, and now following the PJS case, perhaps also exemplary or punitive damages and an accounting of profits. Surprisingly, Canadian courts have not had to canvass recently whether the English common law tort of misuse of private information should be adopted in Canada.

 

, , , , , , , ,

Where does Canada stand on privacy?

Canada, like many countries, must answer a fundamental question: How does it achieve its law enforcement and national security objectives while also protecting and respecting the privacy rights of its citizens? “We hope the current administration and its privacy opponents can reach reasonable compromises that allow both groups to achieve their desired outcomes” Chris Stevens, CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPM, CIPT, and Steve Holland, CIPM, write. In this exclusive for The Privacy Advisor, they look at the high-stakes issues facing Canada’s quest to balance the two priorities and whether Privacy Commissioner Daniel Therrien is the right man to help it do so.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

If personal information is like oil, what happens when the supply runs low and how do we keep it flowing?

Personal information greases the wheels of many of the services we take for granted today, to the point that some even call it “the new oil.”

 

, , , , , , , , , , , , , , , , ,

Personal information online: new tools, old responsibilities

Sometimes, technology creates new ways to exploit information faster than the law and business can keep up. The Office of the Privacy Commissioner of Canada is trying to make sure that doesn’t happen in the case of behavioural advertising. Last year, the Privacy Commissioner conducted consultations on the new ways that organizations are collecting and using customers’ personal information, and prepared its Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing.

 

, , , , , , , , , ,

Do you offer ‘paperless receipts’?

If you do, you should make sure you understand the privacy and personal information implications. CTV reports that some Canadian retailers are now offering their customers an “e-receipt”, which they can receive by email or access at dedicated websites. Sure, it’s a “green” option, and maybe more convenient for customers who want to track their purchases, but it requires the customer to provide an email address, which might allow retailers to “learn a lot about a customer’s preferences and buying habits”.

 

, , , , , , , , , , , ,

Online security – not just for big business

Surely you’ve heard about the major security and data breaches that Sony has experienced this year. It’s bad. It’s a liability. Despite the popularity of their online services, they’ll have to work hard to regain customers’ loyalty. Other big names have experienced similar attacks.

 

, , , , , , , , , , , , , , , , , , ,

Facebook faces privacy questions… again

Over the past couple of years, Facebook has had run-ins with the Canadian Privacy Commissioner. And Canada’s not alone; privacy watchdogs in the United States and around the world have been critical of Facebook’s willingness to sacrifice users’ personal data in the name of social media…

 

, , , , , , , ,

Previous Posts