The use of software as a service (SaaS) is pervasive among businesses. Some of the key characteristics of SaaS are: the software application is hosted on third-party servers the software application is accessed via the internet the software code itself… Read More ›
Cybersecurity
Does your cloud contract meet Canadian data breach standards?
Canada’s federal data breach reporting law has been in force for almost 6 months. Do the major multi-national cloud infrastructure as a service firms contractually commit to help their Canadian customers comply with data breach reporting obligations? Or, do they… Read More ›
Security Breaches and PIPEDA – Answers to Questions You Asked
I was asked many questions by a very engaged audience prior to, during and after a 2018 LexisNexis Canada webinar on the new breach of security safeguards provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA). For the… Read More ›
Tips for handling a breach like a pro: part three
A couple of weeks ago, I participated in a timely and lively LexisNexis Canada webinar on “How to Handle a Data Breach Like a Pro.” The webinar is free and archived for you to view. For the past two Wednesdays,… Read More ›
Tips for handling a breach like a pro: part two
Last week, I participated to a lively LexisNexis Canada webinar on “How to Handle a Data Breach Like a Pro.” The webinar is free and archived for you to view. Last Wednesday, I posted the first 3 of 10 Pro… Read More ›
Tips for handling a data breach like a pro: part one
Yesterday, I was lucky to present to a very engaged audience participating in LexisNexis Canada’s “How to Handle a Data Breach Like a Pro“. Don’t forget to send your questions. We will be posting a Q&A shortly. No questions will… Read More ›
Scrutiny of security measures following a breach report under PIPEDA
Starting November 1, 2018, it will no longer be optional to report breaches to the Office of the Privacy Commissioner of Canada (OPC) for organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations must report breaches… Read More ›
IoT security defects – are stronger consumer protection remedies required?
October is cybersecurity awareness month. So where are we in Canada on IoT security? The answer is that legal requirements are lagging technological developments. Although there have been some regulatory activity, it is slow-moving and consumers still do not have… Read More ›
IoT Security – Should consumers bear any responsibility?
A recent article in CSO (Australia edition) advised data security executives that “Users’ poor home IoT security could become your next headache”. This raises and interesting question. Where should we draw the line between a consumer’s responsibility to become technologically… Read More ›
Should your cloud computing provider report suspected security breaches?
Earlier this week, I wrote about new Alberta breach reporting obligations in the Alberta Health Information Act. This post considers how distinctions between suspected, probable, unconfirmed and confirmed data breaches matter in cloud computing agreements. Not every security incident is… Read More ›