Articles 2022

In January 2018, the OPC released a draft report on online reputation, and proposed innovative solutions for how individuals can better protect themselves from reputational risks in an online world.

The Uber data breach demonstrates that companies need to be prepared for breaches, including how to communicate with the regulators and their customers in a timely manner. 2018 will hopefully be the year that the PIPEDA breach notification and reporting regulations come into force, strengthening Canada’s privacy law for the better.

The legal sector must learn to manage Cyber-Risk effectively by utilizing various forms of insurance and risk mitigation strategies. The principles of Information Technology strategy formulation and project risk planning can provide inspiration in understanding and managing the overall legal ramifications of cyber-security attacks and data breaches, including mandatory breach reporting.

Since the decision in The Brick Warehouse LP v. Chubb Insurance Company of Canada was released in July 2017, several pundits have hailed it as ground-breaking in terms of cyber risks in Canada. However, there are at least three reasons why it is not all that significant to the Canadian cyber insurance market.

On June 23, 2017, the Supreme Court of Canada took a step toward repairing the inequality of bargaining power between parties in the online consumer context. In Douez v Facebook, the Supreme Court ruled that Facebook’s forum selection clause in its “terms of use” was unenforceable because (1) it supported unequal bargaining power between consumers and companies and (2) there was a need to protect the privacy rights of social media users.

With the rise in the collection, use and disclosure of personal information and personal health information across organizations, the prevalence of privacy breaches, and the recognition of common law privacy torts in Ontario, organizations increasingly face legal, financial and reputational consequences from personal information handling practices. This article considers how this evolving area of law may inform an organization’s internal risk management program.

David Young summarizes his testimony before the the House of Commons Standing Committee on Access to Information, Privacy and Ethics on its study of PIPEDA. Read on for David's submissions on consent, the PIPEDA enforcement framework, and how PIPEDA aligns with the forthcoming European General Data Protection Regulation.

Canadian Securities Administrators recently published the results of their review of cyber security disclosure and guidance on appropriate disclosure.