First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy

The Québec Private Sector Privacy Act: When does it apply to organizations outside of Québec?

While Québec Courts have delineated the scope of province’s Private Sector Privacy Act through the notion of “enterprise,” they have yet to delineate the scope of the Act’s territorial application. Determining the territorial application of Québec privacy legislation thus remains unsettled and unclear.

 

, , , , ,

Pot & privacy: BC Privacy Commissioner issues guidance for protection of personal information in cannabis transactions

The Office of the Information and Privacy Commissioner for British Columbia has released a guidance document to help cannabis retailers and purchasers understand their rights and obligations under the Personal Information Protection Act (British Columbia).

 

, , , ,

Test for patent obviousness not so obvious – Federal Court of Appeal affirms obviousness is a “flexible, contextual, expansive, and fact-driven inquiry”

In late January, in two decisions released simultaneously, the Federal Court of Appeal affirmed the broad and factually-suffused nature of the obviousness inquiry.

 

, , , , , , ,

Department of Finance Canada issues consultation paper on open banking

On January 11, 2019, the Department of Finance Canada released a consultation paper seeking the views of Canadians on the potential benefits and risks of an open banking system.

 

, , ,

Transparency & trust: The underlying themes of top 10 ethics & compliance trends

As we prepare for the publication of our 2019 Top 10 Ethics & Compliance Trends Report, a common thread has become evident: transparency.

 

, , , , ,

Top 10 most-read Inside Internal Controls posts for 2018

This year on the Inside Internal Controls blog we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit, and business management.

 

, , , , ,

First review of the GDPR: Four findings after four months

With four months of life behind the GDPR, now is an opportune time to review those developments. Indeed, after assessing those four months we can make the following four findings.

 

, , ,

Learn from British Airways’ security breach reporting and notification

British Airways’ experience described in this article underscores that cybersecurity is important, and Canadian entities preparing for mandatory security breach reporting and notification coming into force soon can take lessons from British Airways’ response to a security breach.

 

, , , , , , , , , , ,

Legal issues for charities and NPOs on social media networks

It is recommended that an organization implement policies and procedures that minimize the legal risks associated with using social media. This includes training protocols to educate volunteers and employees on these risks.

 

, , , , , , ,

It’s official: Mandatory data breach notification coming on November 1, 2018

The coming into force of mandatory breach notification and record-keeping requirements on November 1, 2018 should be viewed by organizations as an effort to align Canadian legal and regulatory requirements with those in the United States and Europe (especially with the General Data Protection Regulations – or GDPR – coming into force in May 2018).

 

, , , , , ,

Artificial intelligence: The year in review

The regulatory landscape impacting AI continues to evolve both domestically and abroad. As we begin the new year, we pause to reflect on some of 2017’s most notable developments in AI and prepare for new trends to watch out for in 2018.

 

, , , , ,

Artificial intelligence and the protection of personal information in Canada: The priority for 2018

“When I look at myself, I am discouraged, when I compare myself to others, I panic…” This distorted saying summarizes the interactions in 2017 between artificial intelligence (AI) and personal information. While the number of AI projects and successes continues to mount in Canada, especially in Montréal, discussions on “the after” remain embryonic: how can […]

 

, ,

Standing committee released its report on Canada’s Anti-Spam Law

According to Micheal Geist, Professor of Law Canada Research Chair in Internet and E-commerce Law Faculty of Law, Common Law Section Centre for Law, Technology and Society, “the committee has asked the government for a detailed response to the report, which should be forthcoming in the spring. The government can be expected to fully support the enforcement recommendations, but retain flexibility on the recommendations for further clarification

 

, , , , , , ,

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

 

, , , , ,

Expectation of privacy and electronic messaging: The Supreme Court of Canada to dot the “i’s”

It is best to remain abreast of developments in this matter, in order to clearly identify and be up-to-date on any guidelines concerning the disclosure of the content of messages between individuals in a judicial context.

 

, , , , , , ,

Previous Posts