First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy

First review of the GDPR: Four findings after four months

With four months of life behind the GDPR, now is an opportune time to review those developments. Indeed, after assessing those four months we can make the following four findings.

 

, , ,

Learn from British Airways’ security breach reporting and notification

British Airways’ experience described in this article underscores that cybersecurity is important, and Canadian entities preparing for mandatory security breach reporting and notification coming into force soon can take lessons from British Airways’ response to a security breach.

 

, , , , , , , , , , ,

Legal issues for charities and NPOs on social media networks

It is recommended that an organization implement policies and procedures that minimize the legal risks associated with using social media. This includes training protocols to educate volunteers and employees on these risks.

 

, , , , , , ,

It’s official: Mandatory data breach notification coming on November 1, 2018

The coming into force of mandatory breach notification and record-keeping requirements on November 1, 2018 should be viewed by organizations as an effort to align Canadian legal and regulatory requirements with those in the United States and Europe (especially with the General Data Protection Regulations – or GDPR – coming into force in May 2018).

 

, , , , , ,

Artificial intelligence: The year in review

The regulatory landscape impacting AI continues to evolve both domestically and abroad. As we begin the new year, we pause to reflect on some of 2017’s most notable developments in AI and prepare for new trends to watch out for in 2018.

 

, , , , ,

Artificial intelligence and the protection of personal information in Canada: The priority for 2018

“When I look at myself, I am discouraged, when I compare myself to others, I panic…” This distorted saying summarizes the interactions in 2017 between artificial intelligence (AI) and personal information. While the number of AI projects and successes continues to mount in Canada, especially in Montréal, discussions on “the after” remain embryonic: how can […]

 

, ,

Standing committee released its report on Canada’s Anti-Spam Law

According to Micheal Geist, Professor of Law Canada Research Chair in Internet and E-commerce Law Faculty of Law, Common Law Section Centre for Law, Technology and Society, “the committee has asked the government for a detailed response to the report, which should be forthcoming in the spring. The government can be expected to fully support the enforcement recommendations, but retain flexibility on the recommendations for further clarification

 

, , , , , , ,

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

 

, , , , ,

Expectation of privacy and electronic messaging: The Supreme Court of Canada to dot the “i’s”

It is best to remain abreast of developments in this matter, in order to clearly identify and be up-to-date on any guidelines concerning the disclosure of the content of messages between individuals in a judicial context.

 

, , , , , , ,

What HR needs to know about investigating an employee’s digital activity

You’ve been asked to review the digital activity of an employee. Your company has some concerns, and wants you to investigate. With the amount of enterprise-level technology and controls that most companies now have, shouldn’t that be fairly straightforward?

 

, , , ,

Privacy Commissioner’s report on public perception of companies’ privacy practices holds lessons for business

The Office of the Privacy Commissioner of Canada (“OPC”) recently released a preliminary report outlining the results of a series of focus groups conducted with Canadians about privacy and the protection of personal information.

 

, , , ,

Department of Finance releases consultation paper on new retail payments oversight framework

On July 7, 2017, the Department of Finance issued the consultation paper “A New Retail Payments Oversight Framework” (the “Consultation Paper”) proposing a federal oversight framework for retail payments. Comments on the Consultation Paper are due October 6, 2017.

 

, , , , ,

The global reach of Canadian privacy law: Federal court issues landmark ruling in Globe24h

With the global reach of the internet and ease with which information may now be disseminated, this decision therefore may provide corporations and individuals with an effective avenue to pursue foreign-based entities and enforce their rights with respect to disputes involving illegal, defamatory or malicious online activity originating abroad.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

“Not there yet”: Bank of Canada experiments with blockchain wholesale payment system

The Bank of Canada embarked on Project Jasper to learn more about the feasibility, benefits and challenges of using DLT as the basis for a wholesale interbank payment system. These systems are crucial mechanisms for the financial industry that allow large financial institutions to process payments to each other as well as to and from central banks.

 

, , , , , , , ,

Cybersecurity in a post-Ashley Madison world

In a recent key finding, PIPEDA Report of Findings #2016-005 – Joint investigation of Ashley Madison, the Office of the Privacy Commissioner of Canada provided crucial guidance to organizations in relation to information protection and cybersecurity.

 

, , , , , , , , , ,

Previous Posts