First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Advisory committee on open banking releases report on consumer-directed finance

On January 31, 2020, the Advisory Committee on Open Banking (the “Committee”) issued its first report (the “Report”) in connection with the Department of Finance Canada’s (“Finance Canada”) consultation process on open banking.

 

, , , ,

Privacy Commissioner of Canada argues for rights-based privacy laws in annual report

In this note, we focus on one aspect of the Report: the Commissioner’s argument that federal privacy laws should explicitly recognize privacy as a human right and give greater priority to individual privacy rights.

 

, , , , , , , , ,

A risk case study

I returned this week from a vacation in Mexico, including a day at the Copper Canyon. Our tour guide took about 20 of us down the mountain side to see some Tarahumara Indian homes. I decided that I wanted to come back ahead of the group, finding my way back up the path and steps to our hotel at the top. What might happen along the way? In other words, what would a risk manager put on a list or heat map?

 

, , , ,

Free speech on campus is subject to the Charter — but only in Alberta

On August 2018, Ontario’s Ministry of Training, Colleges and Universities announced that it would “require every publicly-assisted college and university to develop and publicly post its own free speech policy by January 1, 2019 that meets a minimum standard specified by the government”. In December 2019, Alberta’s government followed suit.

 

, ,

Understanding the differences between GDPR, CCPA, and PIPEDA – a guide for Canadian businesses

Gone are days of unregulated and untethered data gathering. With the rolling out of the California Consumer Privacy Act, Canadian businesses are now finding themselves navigating a sea awash with a patchwork of extraterritorial legislation

 

, , , , , ,

Barker v. IPC: Weighing the public interest in freedom of information requests

Ontario’s freedom of information laws permit an institution to publicly disclose sensitive personal information if there is a “compelling public interest” that outweighs the individual’s privacy. But is this balancing analysis undertaken for each tidbit of personal information, or is the public interest provision considered with a view to the totality of the records?

 

, , , ,

2020 Accessibility to-do list (Ontario)

As 2020 begins, we are already looking forward to the end of the year and to 2021. There are two key deadlines coming up under the Accessibility for Ontarians with Disabilities Act (“AODA”):

 

, , , , , ,

Silos are thriving even in ERM programs

You are the captain of a ship that is sailing from Singapore to Auckland with a cargo that needs to be kept cold and will lose its freshness if you don’t arrive within a few days of your schedule.

 

, , , , , , ,

Mandatory cybersecurity incident reporting for IIROC investment firms

In November 2019, the Investment Industry Regulatory Organization of Canada released new mandatory reporting requirements for cybersecurity incidents, per IIROC Notice 19-0194. What are the new requirements?

 

, , , , , ,

New report on the cost of a cyber breach

You may be surprised to hear that the average cost of a data breach is just $3.9 million. That sounds far different than indicated by the alarm bells screaming at you from all sides.

 

, , , ,

Finally some good advice on risk for boards

While I still disagree in some areas, I applaud Jim DeLoach for his latest piece for the (US) National Association of Corporate Directors, Revamping Risk in the Digital Age. Please read the entire piece, but here are points I especially like, with my highlights:

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2019

This year on the Inside Internal Controls blog, we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit and business management, among others. The top 10 most-read Inside Internal Controls posts for 2019 include

 

How effective is risk management today?

If you want to know how effective risk management is, you should ask the customer and not the provider.

 

, , , ,

What will 2020 risk & compliance benchmarks look like?

It’s that time of year again when risk and compliance professionals from around the world contribute to an industry-defining resource – the annual Definitive Risk & Compliance Benchmark Report.

 

, , ,

2019 brings guidance on cyber in Canada

This year has seen a number of interesting developments in Canadian cyber security. While the first wave of data breach cases slowly work their way through the court system, guidance for Canadian businesses has come from many other sources, including the federal government and regulators.

 

, , , , ,

Previous Posts