First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy

Cybersecurity: CSA issues new guidance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (CSA) issued CSA Staff Notice 11-332 – Cyber Security (2016 Notice). The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security for reporting issuers, registrants and regulated entities.

 

, , , , , ,

Privacy injunctions in the age of the internet and social media

Canadian common law courts are still far behind the English courts which have developed a much more flexible tort of misuse of private information, as well as remedies for breach that include damages to compensate for the loss or diminution of a right to control private information, and now following the PJS case, perhaps also exemplary or punitive damages and an accounting of profits. Surprisingly, Canadian courts have not had to canvass recently whether the English common law tort of misuse of private information should be adopted in Canada.

 

, , , , , , , ,

Where does Canada stand on privacy?

Canada, like many countries, must answer a fundamental question: How does it achieve its law enforcement and national security objectives while also protecting and respecting the privacy rights of its citizens? “We hope the current administration and its privacy opponents can reach reasonable compromises that allow both groups to achieve their desired outcomes” Chris Stevens, CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPM, CIPT, and Steve Holland, CIPM, write. In this exclusive for The Privacy Advisor, they look at the high-stakes issues facing Canada’s quest to balance the two priorities and whether Privacy Commissioner Daniel Therrien is the right man to help it do so.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

If personal information is like oil, what happens when the supply runs low and how do we keep it flowing?

Personal information greases the wheels of many of the services we take for granted today, to the point that some even call it “the new oil.”

 

, , , , , , , , , , , , , , , , ,

Personal information online: new tools, old responsibilities

Sometimes, technology creates new ways to exploit information faster than the law and business can keep up. The Office of the Privacy Commissioner of Canada is trying to make sure that doesn’t happen in the case of behavioural advertising. Last year, the Privacy Commissioner conducted consultations on the new ways that organizations are collecting and using customers’ personal information, and prepared its Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing.

 

, , , , , , , , , ,

Do you offer ‘paperless receipts’?

If you do, you should make sure you understand the privacy and personal information implications. CTV reports that some Canadian retailers are now offering their customers an “e-receipt”, which they can receive by email or access at dedicated websites. Sure, it’s a “green” option, and maybe more convenient for customers who want to track their purchases, but it requires the customer to provide an email address, which might allow retailers to “learn a lot about a customer’s preferences and buying habits”.

 

, , , , , , , , , , , ,

Online security – not just for big business

Surely you’ve heard about the major security and data breaches that Sony has experienced this year. It’s bad. It’s a liability. Despite the popularity of their online services, they’ll have to work hard to regain customers’ loyalty. Other big names have experienced similar attacks.

 

, , , , , , , , , , , , , , , , , , ,

Facebook faces privacy questions… again

Over the past couple of years, Facebook has had run-ins with the Canadian Privacy Commissioner. And Canada’s not alone; privacy watchdogs in the United States and around the world have been critical of Facebook’s willingness to sacrifice users’ personal data in the name of social media…

 

, , , , , , , ,

Amendments to PIPEDA disappoint privacy watchdogs

On May 29, the federal government introduced Bill C-29, the Safeguarding Canadians’ Personal Information Act, which makes substantial changes to the Personal Information Protection and Electronic Documents Act (PIPEDA). The Bill had been in development for several years, and one of its primary objectives was to address a significant gap in PIPEDA, the issue of mandatory disclosure of “material” breaches of personal information by the companies or organizations responsible.

 

, , , , , , , , , , , , , , , , ,

Privacy risk management – by design

I’ve discussed the Privacy by Design principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.

 

, , , , , , , , ,

When did privacy become such a huge issue?

I guess you’ve heard about some of the privacy breaches of the past few years. You know, the one where a major Canadian bank faxed personal information on thousands of customers to two random businesses in West Virginia and Quebec, or where the public officials left work laptops or memory keys unattended with unencrypted private data on citizens and they were stolen, and on and on. What’s happening? Why are these accidents popping up so frequently now?

 

, , ,

Who’s looking at your garbage, and why should you care?

You know what happens when you dump your garbage in the bin, right? The garbage collectors pick it up and take it away, and you don’t worry about it any more. But should you worry about it? A 2009 Supreme Court of Canada decision suggests you might want to.

 

, , , , , ,

Next posts