Articles

In January 2018, the OPC released a draft report on online reputation, and proposed innovative solutions for how individuals can better protect themselves from reputational risks in an online world.

The Uber data breach demonstrates that companies need to be prepared for breaches, including how to communicate with the regulators and their customers in a timely manner. 2018 will hopefully be the year that the PIPEDA breach notification and reporting regulations come into force, strengthening Canada’s privacy law for the better.

The legal sector must learn to manage Cyber-Risk effectively by utilizing various forms of insurance and risk mitigation strategies. The principles of Information Technology strategy formulation and project risk planning can provide inspiration in understanding and managing the overall legal ramifications of cyber-security attacks and data breaches, including mandatory breach reporting.

Since the decision in The Brick Warehouse LP v. Chubb Insurance Company of Canada was released in July 2017, several pundits have hailed it as ground-breaking in terms of cyber risks in Canada. However, there are at least three reasons why it is not all that significant to the Canadian cyber insurance market.

PIPEDA was amended in 2015 to introduce mandatory reporting of breaches of security safeguards. On September 2, 2017, the Government of Canada released its proposed regulations regarding the mandatory reporting and notification requirements for organizations that suffer a breach of security safeguards.

On June 23, 2017, the Supreme Court of Canada took a step toward repairing the inequality of bargaining power between parties in the online consumer context. In Douez v Facebook, the Supreme Court ruled that Facebook’s forum selection clause in its “terms of use” was unenforceable because (1) it supported unequal bargaining power between consumers and companies and (2) there was a need to protect the privacy rights of social media users.

Molly Reynolds was one of several members of the OBA Privacy and Access to Information Law Section who made submissions in their personal capacities to the House of Commons’ Standing Committee on Access to Information, Privacy and Ethics in respect of its study of PIPEDA. Read on for a summary of her proposals for authorizing the OPC to give advance compliance rulings and providing regulatory guidance on the standard for anonymizing personal information.