First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy

COVID-19 – Managing privacy and cyber issues

Privacy laws require that personal information is at all times protected by appropriate security safeguards, and this requirement will continue to apply in connection with COVID-19 work-from-home arrangements

 

, , , , , ,

Consumer directed finance: Open banking in Canada

On January 31, 2020, Canada’s Advisory Committee on Open Banking (the Committee) released its report, “Consumer-directed finance: the future of financial services” (the Report), moving Canada towards the next phase in its process of implementing open banking legislation.

 

, , , , , , ,

Advisory committee on open banking releases report on consumer-directed finance

On January 31, 2020, the Advisory Committee on Open Banking (the “Committee”) issued its first report (the “Report”) in connection with the Department of Finance Canada’s (“Finance Canada”) consultation process on open banking.

 

, , , ,

Barker v. IPC: Weighing the public interest in freedom of information requests

Ontario’s freedom of information laws permit an institution to publicly disclose sensitive personal information if there is a “compelling public interest” that outweighs the individual’s privacy. But is this balancing analysis undertaken for each tidbit of personal information, or is the public interest provision considered with a view to the totality of the records?

 

, , , ,

When copyright in a work transfers to the Crown: Keatley v. Teranet

When does copyright transfer to the Crown under the Copyright Act? The Supreme Court clarified this in a landmark ruling released earlier today in Keatley Surveying Ltd. v. Teranet Inc., 2019 SCC 43, authoritatively interpreting Section 12 of the Act.

 

, , , , , , , , , ,

We need to preserve and protect whistleblowing in this time of challenge

Now more than ever, compliance officers, executive teams and boards of directors must think more about how to support an internal reporter, even at the “mechanical” level of protecting their identity.

 

, , , , ,

The Québec Private Sector Privacy Act: When does it apply to organizations outside of Québec?

While Québec Courts have delineated the scope of province’s Private Sector Privacy Act through the notion of “enterprise,” they have yet to delineate the scope of the Act’s territorial application. Determining the territorial application of Québec privacy legislation thus remains unsettled and unclear.

 

, , , , ,

Pot & privacy: BC Privacy Commissioner issues guidance for protection of personal information in cannabis transactions

The Office of the Information and Privacy Commissioner for British Columbia has released a guidance document to help cannabis retailers and purchasers understand their rights and obligations under the Personal Information Protection Act (British Columbia).

 

, , , ,

Test for patent obviousness not so obvious – Federal Court of Appeal affirms obviousness is a “flexible, contextual, expansive, and fact-driven inquiry”

In late January, in two decisions released simultaneously, the Federal Court of Appeal affirmed the broad and factually-suffused nature of the obviousness inquiry.

 

, , , , , , ,

Department of Finance Canada issues consultation paper on open banking

On January 11, 2019, the Department of Finance Canada released a consultation paper seeking the views of Canadians on the potential benefits and risks of an open banking system.

 

, , ,

Transparency & trust: The underlying themes of top 10 ethics & compliance trends

As we prepare for the publication of our 2019 Top 10 Ethics & Compliance Trends Report, a common thread has become evident: transparency.

 

, , , , ,

Top 10 most-read Inside Internal Controls posts for 2018

This year on the Inside Internal Controls blog we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit, and business management.

 

, , , , ,

First review of the GDPR: Four findings after four months

With four months of life behind the GDPR, now is an opportune time to review those developments. Indeed, after assessing those four months we can make the following four findings.

 

, , ,

Learn from British Airways’ security breach reporting and notification

British Airways’ experience described in this article underscores that cybersecurity is important, and Canadian entities preparing for mandatory security breach reporting and notification coming into force soon can take lessons from British Airways’ response to a security breach.

 

, , , , , , , , , , ,

Legal issues for charities and NPOs on social media networks

It is recommended that an organization implement policies and procedures that minimize the legal risks associated with using social media. This includes training protocols to educate volunteers and employees on these risks.

 

, , , , , , ,

Previous Posts