It is proving difficult for plaintiffs to get a data breach class action certified in Quebec. The latest attempt in Li c. Equifax inc., 2019 QCCS 4340 fell flat. The Quebec Superior Court refused to certify a class action arising… Read More ›
Does your cloud contract meet Canadian data breach standards?
Canada’s federal data breach reporting law has been in force for almost 6 months. Do the major multi-national cloud infrastructure as a service firms contractually commit to help their Canadian customers comply with data breach reporting obligations? Or, do they… Read More ›
Security Breaches and PIPEDA – Answers to Questions You Asked
I was asked many questions by a very engaged audience prior to, during and after a 2018 LexisNexis Canada webinar on the new breach of security safeguards provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA). For the… Read More ›
Tips for handling a breach like a pro: part three
A couple of weeks ago, I participated in a timely and lively LexisNexis Canada webinar on “How to Handle a Data Breach Like a Pro.” The webinar is free and archived for you to view. For the past two Wednesdays,… Read More ›
Tips for handling a breach like a pro: part two
Last week, I participated to a lively LexisNexis Canada webinar on “How to Handle a Data Breach Like a Pro.” The webinar is free and archived for you to view. Last Wednesday, I posted the first 3 of 10 Pro… Read More ›
Tips for handling a data breach like a pro: part one
Yesterday, I was lucky to present to a very engaged audience participating in LexisNexis Canada’s “How to Handle a Data Breach Like a Pro“. Don’t forget to send your questions. We will be posting a Q&A shortly. No questions will… Read More ›
Scrutiny of security measures following a breach report under PIPEDA
Starting November 1, 2018, it will no longer be optional to report breaches to the Office of the Privacy Commissioner of Canada (OPC) for organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations must report breaches… Read More ›
IoT Security – Should consumers bear any responsibility?
A recent article in CSO (Australia edition) advised data security executives that “Users’ poor home IoT security could become your next headache”. This raises and interesting question. Where should we draw the line between a consumer’s responsibility to become technologically… Read More ›
Should your cloud computing provider report suspected security breaches?
Earlier this week, I wrote about new Alberta breach reporting obligations in the Alberta Health Information Act. This post considers how distinctions between suspected, probable, unconfirmed and confirmed data breaches matter in cloud computing agreements. Not every security incident is… Read More ›
Cloud computing update: Alberta Health Privacy Breach Provisions
On August 31st, new provisions in Alberta’s Health Information Act will come into force that have important implications for users and providers of cloud computing services. These provisions impose new breach reporting obligations on healthcare service providers and other individuals… Read More ›