VTech Data Breach Enforcement Actions – Guidance for Data Security and Privacy Law Compliance

The January 2018 OPC finding and settlement of VTech data breach enforcement actions by the Privacy Commissioner of Canada and the United States Federal Trade Commission provide important guidance for data security and compliance with personal information protection laws. Most importantly, organizations should establish a comprehensive information security management framework. To read BLG’s bulletin on […] Read more


LCO Public consultations: Defamation Law in the Internet Age

The Law Commission of Ontario (LCO) which is Ontario’s leading law reform agency has started public consultations in relation to its Defamation Law in the Internet Age project. It is therefore seeking input from technology lawyers. Their project considers how defamation law should be updated to account for “internet speech,” including social media, blogs, internet platforms and digital […] Read more

Legal News

Canada’s Anti-Spam Legislation — 2017 Year in Review

During 2017, the Canadian Radio-television and Telecommunications Commission continued to enforce Canada’s Anti-Spam Legislation (commonly known as “CASL”). The CRTC issued two enforcement decisions and announced one voluntary undertaking which we have summarized. In June 2017, the Canadian government indefinitely suspended the commencement of CASL’s private right of action, which would have allowed any individual […] Read more


Insider Risk Management and Rogue Employees

People are a major security risk. An organization can be vicariously liable for cyber incidents caused by its employees, whether acting negligently or maliciously, even if the organization is not at fault and could not have prevented the incident. An insider risk management program can help reduce, but not eliminate, insider risks. Organizations should establish […] Read more