Any hopes by privacy advocates of stronger data localization requirements for Canada have been dashed by the United States Mexico Canada Agreement (USMCA). The U.S. Trade Representative (USTR) achieved its objectives on data localization for the renegotiation of the North… Read More ›
Privacy
IoT Security – Should consumers bear any responsibility?
A recent article in CSO (Australia edition) advised data security executives that “Users’ poor home IoT security could become your next headache”. This raises and interesting question. Where should we draw the line between a consumer’s responsibility to become technologically… Read More ›
Should your cloud computing provider report suspected security breaches?
Earlier this week, I wrote about new Alberta breach reporting obligations in the Alberta Health Information Act. This post considers how distinctions between suspected, probable, unconfirmed and confirmed data breaches matter in cloud computing agreements. Not every security incident is… Read More ›
Should marketers be worried by the latest OPC decision?
Canadians would likely find it difficult to argue with the outcome of a recent Report of Findings issued by the Office of the Privacy Commissioner of Canada (OPC) involving the repurposing of public profile information of Facebook users by a… Read More ›
De-identified information is still particular
On Friday, July 13, the Supreme Court of Canada had occasion to consider whether the personal health information of residents of British Columbia should be disclosed to tobacco companies in a fight over whether those companies are responsible for reimbursing… Read More ›
Does the OPC really need a massive increase in funding?
In a recent letter to the Standing Committee on Access to Information, Privacy and Ethics, Daniel Therrien, the Privacy Commissioner of Canada, suggested that a 90% increase in funding for the Office of the Privacy Commissioner (OPC) was required to… Read More ›
Mandatory Breach Reporting Starts November 1, 2018
The Government of Canada has set November 1, 2018 as the date on which the mandatory breach reporting and recordkeeping provisions of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) will come into force. The mandatory recordkeeping provisions require… Read More ›
Trains, Voice and Video Recorders, and PIPEDA
In a late move, the Office of the Privacy Commissioner of Canada has raised concerns with the privacy exceptions in Bill C-49 regarding the use of locomotive voice and video recorders (LVVRs). The exceptions would diminish the protections of railway… Read More ›
ETHI Report on PIPEDA is Coming Soon
The Standing Committee on Access to Information, Privacy and Ethics will be tabling its report sometime soon following the resumption of Parliament on Monday, February 26th. The Report title will be “Towards Privacy by Design: A Review of the Personal… Read More ›
Using the Criminal Code to Require News Media to “Un-Publish” Fails
In Canada, s. 486.4(2.1) of the Criminal Code to make an order protecting a victim of a crime from having any information that could identify the victim from being “published in any document or broadcast or transmitted in any way.”… Read More ›
