Articles

Having gained substantial leadership experience as a privacy officer, what follows in this article is the perspective the author gained in these unique and essential roles. Each mandate, while quite different in practice, harvested similar lessons that I believe every practitioner working in the privacy sector should adopt to maximize their effectiveness within their organization. The following are seven key lessons every privacy officer or practitioner should know.

The Office of the Privacy Commissioner of Canada (OPC) recently issued PIPEDA Findings #2022¬004, which underscores the need for a timely risk assessment that includes Canadians’ personal information. With this Report, the OPC is setting the expectation that while this timeline is flexible, it is not infinitely elastic.

On September 22, 2022, the first set of amendments from Bill 64 will come into force. Although most amendments will come into force in September 2023, below we highlight significant changes in force this September.

Mobile applications have become synonymous with organizations’ outreach initiatives. The recent joint investigation by federal and provincial privacy authorities into the Tim Hortons app emphasizes the need for companies to consider Canadian privacy laws when designing their apps.

Shalom Cumbo-Steinmetz and Alina Butt discuss key takeaways from a recent Divisional Court decision overturning certification in a data breach class action involving private health information.

Ronak Shah and George Boynton Payne discuss a growing trend among organizations to include privacy and data governance metrics and disclosure as part of their environmental, social and governance (ESG) reporting framework, and highlight practical steps an organization can take to move beyond a traditional regulatory compliance approach to privacy and security.

An overview of cyber risks faced by Canadian businesses as a result of the Russian invasion of Ukraine.

The common law tort of intrusion upon seclusion continues to develop, as does its use in the class action context. Chloe Snider and Hala Abdul Ghani explore four recent decisions that demonstrate a shift in the use of this tort in large data breach cases.