First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Privacy Compliance and Management

Working from home: Cybersecurity checklist

Cyber attacks were a serious risk even before the COVID-19 pandemic. As many organizations have instituted work-from-home procedures, the risk is elevated. The increase of non-standard communications, the use of new and untested remote working arrangements and a heightened level of stress and anxiety all create new vulnerabilities for threat actors to take advantage of. Incorrectly addressed emails, theft of company devices and a massive increase in remote connections all increase the risk of a successful cyber attack.

 

, , , ,

Impact of digitized environments & modern workplaces on internal investigations

One of the hallmarks of a successful investigation is rooted in the expression “knowing what you don’t know.” An experienced investigator knows a lot about a lot of things – different types of fraud, corruption, theft, misconduct, and the psychology underlying what motivates people to violate the trust that has been placed in them.

 

, , , , , , , ,

Website cookies in Canada: is consent required?

Website cookies are small files sent by websites to users’ computers, usually without knowledge or specific consent. Cookies can be used to personalize a website, remember users’ preferences, and retain products in electronic shopping carts. A bigger concern for regulators is that cookies can also be used to track online behaviour, activities and interests, and can be accessible by third parties.

 

, , , , ,

Considerations for directors during the COVID-19 pandemic

boardroom-meeting

The COVID-19 pandemic has affected, and continues to affect, Canadian businesses in a significant manner. As this situation continues to evolve, directors should remain cognizant of their duties and responsibilities as corporations face a range of challenges, including liquidity issues.

 

, , , , ,

COVID-19 and electronic contracting

For years, organizations have moved their businesses digital. To consummate transactions and to otherwise engage in contractual activities, organizations have increasingly relied on electronic means of contracting using everything from webwraps and clickwraps (and hybrid variations of these forms of agreements) and electronic documents executed using electronic signatures.

 

, , , , , ,

Cyber insurance in the COVID-19 landscape

Cyber insurance provides protection and coverage for the security and privacy of digital information and losses resulting from data breaches.

 

, , , , ,

Fiscal year ends, business continuity, and COVID-19

At the best of times, fiscal year ends are challenging. Organizations with upcoming or recent fiscal year ends will undoubtedly find them particularly challenging. Organizations with robust policies and procedures will likely fare better than those without. Consequently, it will be helpful to start your year end planning as early as you can.

 

, , , , , , , , , , , , , , , , , , , ,

COVID-19: key issues every organization should consider

Competition law

The COVID-19 pandemic raises critical and unprecedented issues for all organizations. How an enterprise responds to these challenges will influence how it fares through the crisis and its positioning for recovery afterwards. We believe that the issues below warrant special attention by senior management and directors.

 

, , , , , , , , ,

COVID-19 – Managing privacy and cyber issues

Privacy laws require that personal information is at all times protected by appropriate security safeguards, and this requirement will continue to apply in connection with COVID-19 work-from-home arrangements

 

, , , , , ,

Consumer directed finance: Open banking in Canada

On January 31, 2020, Canada’s Advisory Committee on Open Banking (the Committee) released its report, “Consumer-directed finance: the future of financial services” (the Report), moving Canada towards the next phase in its process of implementing open banking legislation.

 

, , , , , , ,

Advisory committee on open banking releases report on consumer-directed finance

On January 31, 2020, the Advisory Committee on Open Banking (the “Committee”) issued its first report (the “Report”) in connection with the Department of Finance Canada’s (“Finance Canada”) consultation process on open banking.

 

, , , ,

Privacy Commissioner of Canada argues for rights-based privacy laws in annual report

In this note, we focus on one aspect of the Report: the Commissioner’s argument that federal privacy laws should explicitly recognize privacy as a human right and give greater priority to individual privacy rights.

 

, , , , , , , , ,

Understanding the differences between GDPR, CCPA, and PIPEDA – a guide for Canadian businesses

Gone are days of unregulated and untethered data gathering. With the rolling out of the California Consumer Privacy Act, Canadian businesses are now finding themselves navigating a sea awash with a patchwork of extraterritorial legislation

 

, , , , , ,

Barker v. IPC: Weighing the public interest in freedom of information requests

Ontario’s freedom of information laws permit an institution to publicly disclose sensitive personal information if there is a “compelling public interest” that outweighs the individual’s privacy. But is this balancing analysis undertaken for each tidbit of personal information, or is the public interest provision considered with a view to the totality of the records?

 

, , , ,

Mandatory cybersecurity incident reporting for IIROC investment firms

In November 2019, the Investment Industry Regulatory Organization of Canada released new mandatory reporting requirements for cybersecurity incidents, per IIROC Notice 19-0194. What are the new requirements?

 

, , , , , ,

Previous Posts