First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Privacy Compliance and Management

Advisory committee on open banking releases report on consumer-directed finance

On January 31, 2020, the Advisory Committee on Open Banking (the “Committee”) issued its first report (the “Report”) in connection with the Department of Finance Canada’s (“Finance Canada”) consultation process on open banking.

 

, , , ,

Privacy Commissioner of Canada argues for rights-based privacy laws in annual report

In this note, we focus on one aspect of the Report: the Commissioner’s argument that federal privacy laws should explicitly recognize privacy as a human right and give greater priority to individual privacy rights.

 

, , , , , , , , ,

Understanding the differences between GDPR, CCPA, and PIPEDA – a guide for Canadian businesses

Gone are days of unregulated and untethered data gathering. With the rolling out of the California Consumer Privacy Act, Canadian businesses are now finding themselves navigating a sea awash with a patchwork of extraterritorial legislation

 

, , , , , ,

Barker v. IPC: Weighing the public interest in freedom of information requests

Ontario’s freedom of information laws permit an institution to publicly disclose sensitive personal information if there is a “compelling public interest” that outweighs the individual’s privacy. But is this balancing analysis undertaken for each tidbit of personal information, or is the public interest provision considered with a view to the totality of the records?

 

, , , ,

Mandatory cybersecurity incident reporting for IIROC investment firms

In November 2019, the Investment Industry Regulatory Organization of Canada released new mandatory reporting requirements for cybersecurity incidents, per IIROC Notice 19-0194. What are the new requirements?

 

, , , , , ,

2019 brings guidance on cyber in Canada

This year has seen a number of interesting developments in Canadian cyber security. While the first wave of data breach cases slowly work their way through the court system, guidance for Canadian businesses has come from many other sources, including the federal government and regulators.

 

, , , , ,

Competition Tribunal confirms business justification is the paramount consideration in an abuse of dominance case

Competition law

On October 17, 2019, the Competition Tribunal (Tribunal) rendered its decision in CT-2016-015 Commissioner of Competition v. Vancouver Airport Authority (Decision) [PDF], dismissing the Commissioner of Competition’s (Commissioner) application.

 

, , , ,

Not-for-profits should leverage information technology, safely

Not-for-profits have numerous opportunities to leverage information technology (IT), from social media to cloud computing and beyond.

 

, , , , , , , ,

Amazing insights on cyber

A couple of recent pieces shed some light, some amazing light, on how cyber-related risk is perceived by executives and the board.

 

, , , , , ,

When copyright in a work transfers to the Crown: Keatley v. Teranet

When does copyright transfer to the Crown under the Copyright Act? The Supreme Court clarified this in a landmark ruling released earlier today in Keatley Surveying Ltd. v. Teranet Inc., 2019 SCC 43, authoritatively interpreting Section 12 of the Act.

 

, , , , , , , , , ,

The rising tide of global whistleblower regulations

The whistleblowing landscape has changed substantially over the past few years. High profile cases have spurred new whistleblower protection regulations across the globe.

 

, , , , , ,

Allegations and investigations

What we should all note from the news is that a failure to perform an appropriate investigation is a serious source of risk to any organization.

 

, , , , , ,

The board and cyber security

There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:

 

, , , , , , , ,

We need to preserve and protect whistleblowing in this time of challenge

Now more than ever, compliance officers, executive teams and boards of directors must think more about how to support an internal reporter, even at the “mechanical” level of protecting their identity.

 

, , , , ,

FATF issues guidance on virtual assets

FATF issues guidance on virtual assets

 

, , , , ,

Previous Posts