privacy legislation
August 11, 2017 McCarthy Tétrault LLP Accounting Systems and Controls, Business and Legal Issues, E-Commerce, Finance and Accounting, Fraud and Corruption, IT, Privacy and Security, Network, Systems and Data Security, Privacy Compliance and Management, Records Management and Retention, Sales, Marketing and Operations
On July 7, 2017, the Department of Finance issued the consultation paper “A New Retail Payments Oversight Framework” (the “Consultation Paper”) proposing a federal oversight framework for retail payments. Comments on the Consultation Paper are due October 6, 2017.
finance, FINTRAC, PIPEDA, privacy, privacy legislation, retail payments oversight framework
July 7, 2017 McCarthy Tétrault LLP Business and Legal Issues, Cyberlaw, Internet Law, Social Media/Social Networking
When engaging with personal information, consulting local privacy counsel is a must. Privacy legislation varies from province to province and failing to appreciate even slight differences can result in class action claims like in the Douez case. Facebook’s preliminary motion was rejected but the class action has yet to be certified. The opinions of the divided Court in Douez could be used to provide supporting arguments for both sides in a situation where the facts are just slightly different.
class action lawsuit, constitutional rights, forum selection clause, litigation, personal information protection, privacy, Privacy Act, privacy legislation, social media
June 30, 2017 McCarthy Tétrault LLP Business and Legal Issues, Corporate Administration, IT, Privacy and Security, Leadership and Management, Privacy Compliance and Management
In a case dating back to 2016 but just recently published, the Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff’s personal information for the purpose of defending against a civil lawsuit is not a “commercial activity” and, as such, the Personal Information Protection and Electronic Documents Act does not apply.
commercial activity, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy legislation
September 26, 2016 Cristina Lavecchia, Editor Business and Legal Issues, IT, Privacy and Security, Leadership and Management, Mobile Device Management, Privacy Compliance and Management, Social Media/Social Networking
The task of picking up the phone, dialing and anticipating a “hello” on the other end can be daunting for many people. Text messaging, compared to phone calls, has dominated the way we communicate with one another over the years. With the abundance of text messages exchanged between people, there stems an important question with respect to privacy. That is, is there a reasonable expectation of privacy in a text message once it has been sent and received by the intended recipient? The Ontario Court of Appeal recently concluded that there is not. Thereby ruling that text messages seized from a recipient’s phone can be used against the sender in court.
managing privacy in the workplace, privacy and text messaging, privacy legislation, reasonable expectation of privacy, reasonable expectation of privacy in text messages, text messages used in court
April 28, 2014 Maanit Zemel Anti-spam, Do-not-Call, Business and Legal Issues, Charities, Corporate Administration and Legal Matters, Corporate Governance, E-Commerce, Finance and Accounting, IT, Privacy and Security, Network, Systems and Data Security, Not for Profit, Payroll and Personnel Management, Privacy Compliance and Management, Records Management and Retention, Sales, Marketing and Operations, Systems and Data Management
Over the past months, I have been writing, lecturing and advising on Canada’s anti-spam legislation (CASL). In discussing the legislation, I have encountered many myths and misconceptions about CASL and its implications. This is not surprising. The legislation and accompanying regulations create a complex and often confusing regulatory regime that contains more questions than answers.
anti-spam legislation, B2B, business, business exemption, business to business exemption, Canada's anti-spam legislation, CASL, CEMs, charities, commercial activity, commercial electronic messages, computer program, consent, electronic message, for-profit businesses, information technology industry, installation of computer programs, myths and misconceptions, non-profit organizations, previously obtained consent, privacy legislation, raising funds, sending an email asking for consent, spam, Spam emails, text
April 16, 2014 Adam Gorley Accounting Systems and Controls, Budgeting and Auditing, Business and Legal Issues, Corporate Administration, Corporate Governance, Finance and Accounting, Financial Compliance / Planning / Management, Fraud and Corruption, Income Tax Planning / Tax Schedules / Remittances, Payroll and Personnel Management, Records Management and Retention
The federal government has signed an agreement to help the United States catch tax-evading “US persons” living outside the US, including those with dual US-Canada citizenship.
banks, Canada Revenue Agency, Canada-U.S. Tax Convention, citizenship, CRA, credit unions, disclosure of financial information, DPSP, extraterritorial implications, FATCA, financial institutions, Foreign Account Tax Compliance Act, intergovernmental agreement, Internal Revenue Service, IRS, PPRP, privacy legislation, RDSP, RESP, RRIF, rrsp, small business, tax law, Taxes, TFSA, United States
December 19, 2012 Ron Richard Corporate Governance, IT, Privacy and Security, Sales, Marketing and Operations
Privacy practices, and all things mobile, are both hot topics these days. This is in part because mobile devices and apps are fun, cool, provide value, and are on the rise. They are used by professionals of all types, and people of most any age, including our youth. This however feeds the assumption that technology in general, including mobile devices and apps, is threatening the privacy rights of individuals.
Absolute Software, accessing collected data, compliance, data collection, information is being collected, mobile app developers, mobile applications, Mobile apps, mobile devices, Office of the Privacy Commissioner of Canada, PIPA, PIPEDA, privacy law, privacy legislation, privacy management program, privacy policy, privacy practices, privacy protection, risk management, Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps’, technology, usage and flow, used and disclosed
June 25, 2012 Adam Gorley Corporate Governance, IT, Privacy and Security
Over the brief period of Facebook’s existence, the company’s practices have provided a rich source of knowledge for businesses and other organizations that collect and use customers’ information, operate online or generally fall under the Personal Information Protection and Electronic Documents Act (PIPEDA) or other privacy legislation.
access to information, collecting information, consent, disclosure of personal information, email address, facebook, friend suggestions, non-users, obtaining consent, Office of the Privacy Commissioner of Canada, opt-out, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, Privacy Commissioner, privacy legislation, privacy practices, social plug-ins, user verification, using personal information
February 10, 2011 Adam Gorley Corporate Governance, IT, Privacy and Security, Sales, Marketing and Operations
Here’s something you might want to know about: the Federal Government has introduced a law to impose stricter obligations with respect to information and security breaches.
Bill C-29, collecting data, data storage, fapp, Finance and Accounting PolicyPro, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy and risk management, Privacy Commissioner, privacy legislation, recycling, Safeguarding Canadians' Personal Information Act, security breaches, security gaps
June 17, 2010 Colin Braithwaite IT, Privacy and Security, Sales, Marketing and Operations
On May 29, the federal government introduced Bill C-29, the Safeguarding Canadians’ Personal Information Act, which makes substantial changes to the Personal Information Protection and Electronic Documents Act (PIPEDA). The Bill had been in development for several years, and one of its primary objectives was to address a significant gap in PIPEDA, the issue of mandatory disclosure of “material” breaches of personal information by the companies or organizations responsible.
disclosure of personal information, employee personal information, employment law, Finance and Accounting PolicyPro, Human Resources, information breaches, Information Technology PolicyPro, Janet Lo, Michael Geist, not-for-profit policypro, personal information, personal information protection, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy, privacy breach, privacy legislation, Safeguarding Canadians' Personal Information Act
June 10, 2010 Colin Braithwaite Corporate Governance, IT, Privacy and Security, Sales, Marketing and Operations
I’ve discussed the Privacy by Design principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.
confidentiality, employee personal information, PbD, PbD principles, personal information, privacy, privacy and risk management, privacy by design, Privacy Commissioner, privacy legislation
March 29, 2010 Adam Gorley Corporate Governance, IT, Privacy and Security, Sales, Marketing and Operations
I guess you’ve heard about some of the privacy breaches of the past few years. You know, the one where a major Canadian bank faxed personal information on thousands of customers to two random businesses in West Virginia and Quebec, or where the public officials left work laptops or memory keys unattended with unencrypted private data on citizens and they were stolen, and on and on. What’s happening? Why are these accidents popping up so frequently now?
ontario, privacy, privacy breach, privacy legislation