On October 16, 2019, the Ontario Superior Court of Justice approved a settlement in Haikola v. The Personal Insurance Company, 2019 ONSC 5982. The case arose out of a complaint that the insurer was inappropriately collecting credit scores as part… Read More ›
PIPEDA
Tips for handling a data breach like a pro: part one
Yesterday, I was lucky to present to a very engaged audience participating in LexisNexis Canada’s “How to Handle a Data Breach Like a Pro“. Don’t forget to send your questions. We will be posting a Q&A shortly. No questions will… Read More ›
Scrutiny of security measures following a breach report under PIPEDA
Starting November 1, 2018, it will no longer be optional to report breaches to the Office of the Privacy Commissioner of Canada (OPC) for organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations must report breaches… Read More ›
Should your cloud computing provider report suspected security breaches?
Earlier this week, I wrote about new Alberta breach reporting obligations in the Alberta Health Information Act. This post considers how distinctions between suspected, probable, unconfirmed and confirmed data breaches matter in cloud computing agreements. Not every security incident is… Read More ›
Should marketers be worried by the latest OPC decision?
Canadians would likely find it difficult to argue with the outcome of a recent Report of Findings issued by the Office of the Privacy Commissioner of Canada (OPC) involving the repurposing of public profile information of Facebook users by a… Read More ›
Mandatory Breach Reporting Starts November 1, 2018
The Government of Canada has set November 1, 2018 as the date on which the mandatory breach reporting and recordkeeping provisions of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) will come into force. The mandatory recordkeeping provisions require… Read More ›
ETHI Report on PIPEDA is Coming Soon
The Standing Committee on Access to Information, Privacy and Ethics will be tabling its report sometime soon following the resumption of Parliament on Monday, February 26th. The Report title will be “Towards Privacy by Design: A Review of the Personal… Read More ›
Consent and the Connected Car – Is this the right choice?
Recently, Daniel Therrien, the Privacy Commissioner of Canada, made a written submission to the Standing Senate Committee on Transport and Communications on the privacy issues relating to connected vehicles. This submission supplemented the Commissioner’s oral remarks to the Committee on… Read More ›
Guide to PIPEDA 2018
The 2018 Edition of the Guide to the Personal Information Protection and Electronic Documents Act is available. You can find it at the LexisNexis Online Store. The new edition contains information on cases up to the last quarter of 2017…. Read More ›
It could have been worse – Canada’s Breach Regulations
On September 2, 2017, the Ministry of Innovation, Science and Economic Development Canada (ISED) published draft Breach of Security Safeguard Regulations. These Regulations fill in some missing elements of Canada’s federal data breach law that was enacted as part of… Read More ›