First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy

Legal issues for charities and NPOs on social media networks

It is recommended that an organization implement policies and procedures that minimize the legal risks associated with using social media. This includes training protocols to educate volunteers and employees on these risks.

 

, , , , , , ,

It’s official: Mandatory data breach notification coming on November 1, 2018

The coming into force of mandatory breach notification and record-keeping requirements on November 1, 2018 should be viewed by organizations as an effort to align Canadian legal and regulatory requirements with those in the United States and Europe (especially with the General Data Protection Regulations – or GDPR – coming into force in May 2018).

 

, , , , , ,

Artificial intelligence: The year in review

The regulatory landscape impacting AI continues to evolve both domestically and abroad. As we begin the new year, we pause to reflect on some of 2017’s most notable developments in AI and prepare for new trends to watch out for in 2018.

 

, , , , ,

Artificial intelligence and the protection of personal information in Canada: The priority for 2018

“When I look at myself, I am discouraged, when I compare myself to others, I panic…” This distorted saying summarizes the interactions in 2017 between artificial intelligence (AI) and personal information. While the number of AI projects and successes continues to mount in Canada, especially in Montréal, discussions on “the after” remain embryonic: how can […]

 

, ,

Standing committee released its report on Canada’s Anti-Spam Law

According to Micheal Geist, Professor of Law Canada Research Chair in Internet and E-commerce Law Faculty of Law, Common Law Section Centre for Law, Technology and Society, “the committee has asked the government for a detailed response to the report, which should be forthcoming in the spring. The government can be expected to fully support the enforcement recommendations, but retain flexibility on the recommendations for further clarification

 

, , , , , , ,

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

 

, , , , ,

Expectation of privacy and electronic messaging: The Supreme Court of Canada to dot the “i’s”

It is best to remain abreast of developments in this matter, in order to clearly identify and be up-to-date on any guidelines concerning the disclosure of the content of messages between individuals in a judicial context.

 

, , , , , , ,

What HR needs to know about investigating an employee’s digital activity

You’ve been asked to review the digital activity of an employee. Your company has some concerns, and wants you to investigate. With the amount of enterprise-level technology and controls that most companies now have, shouldn’t that be fairly straightforward?

 

, , , ,

Privacy Commissioner’s report on public perception of companies’ privacy practices holds lessons for business

The Office of the Privacy Commissioner of Canada (“OPC”) recently released a preliminary report outlining the results of a series of focus groups conducted with Canadians about privacy and the protection of personal information.

 

, , , ,

Department of Finance releases consultation paper on new retail payments oversight framework

On July 7, 2017, the Department of Finance issued the consultation paper “A New Retail Payments Oversight Framework” (the “Consultation Paper”) proposing a federal oversight framework for retail payments. Comments on the Consultation Paper are due October 6, 2017.

 

, , , , ,

The global reach of Canadian privacy law: Federal court issues landmark ruling in Globe24h

With the global reach of the internet and ease with which information may now be disseminated, this decision therefore may provide corporations and individuals with an effective avenue to pursue foreign-based entities and enforce their rights with respect to disputes involving illegal, defamatory or malicious online activity originating abroad.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

“Not there yet”: Bank of Canada experiments with blockchain wholesale payment system

The Bank of Canada embarked on Project Jasper to learn more about the feasibility, benefits and challenges of using DLT as the basis for a wholesale interbank payment system. These systems are crucial mechanisms for the financial industry that allow large financial institutions to process payments to each other as well as to and from central banks.

 

, , , , , , , ,

Cybersecurity in a post-Ashley Madison world

In a recent key finding, PIPEDA Report of Findings #2016-005 – Joint investigation of Ashley Madison, the Office of the Privacy Commissioner of Canada provided crucial guidance to organizations in relation to information protection and cybersecurity.

 

, , , , , , , , , ,

Few “likes” for Facebook forum selection clause: Supreme Court finds “strong cause” to not enforce forum selection clause

When engaging with personal information, consulting local privacy counsel is a must. Privacy legislation varies from province to province and failing to appreciate even slight differences can result in class action claims like in the Douez case. Facebook’s preliminary motion was rejected but the class action has yet to be certified. The opinions of the divided Court in Douez could be used to provide supporting arguments for both sides in a situation where the facts are just slightly different.

 

, , , , , , , ,

Former employee steals personal information to purchase smart phones

The Office of the Information and Privacy Commissioner of Alberta has required a payment processing organization to notify individuals pursuant to section 37.1 of the province’s Personal Information Protection Act because there was a real risk of significant harm to those individuals affected by an incident that involved unauthorized access and theft of information of 60 Alberta residents.

 

, , , ,

Previous Posts