The European Union General Data Protection Regulation – A Primer for Canadian Organizations

The European Union General Data Protection Regulation (the “GDPR”), which will come into force in May 2018, is a significant evolution in personal data protection laws, and is materially different in important respects from the Canadian Personal Information Protection and Electronic Documents Act and similar provincial laws. The GDPR is complicated and nuanced, with permitted variances among European Union […] Read more


IAPP – Privacy. Security. Risk. 2017 (San Diego October 16-18)

I will be attending the IAPP PSR 2017 annual event in San Diego (October 16-18) and presenting on the following topic “Learn From my Fail: Avoiding Privacy Program Snafus & Screw-Ups” with the following co-panelists: Lael Bellamy, CIPP/US, CPO, The Weather Channel Peggy Eisenhauer, CIPP/US, Founder, Privacy & Information Management Services Eloïse Gratton, Partner and National Co-leader, Privacy and Data Protection, Borden Ladner […] Read more


Important Changes to Password Best Practices Guidance

Passwords are an essential cybersecurity tool. Unfortunately, some long-standing password practices recommended by regulators and standards organizations may encourage risky behaviour. Regulators and standards organizations have recently issued updated guidance recommending simplified password practices (e.g. no mandatory regular password changes) to increase password security. Canadian organizations should assess and improve their password practices in light […] Read more


B.C. Supreme Court Certifies National Class Action for Financial Institution Data Breach

In August 2017, the British Columbia Supreme Court issued its decision in Tucci v. Peoples Trust Company, certifying a national class action lawsuit against Peoples Trust Company relating to a 2013 breach of customers’ personal information. The decision demonstrates how Canadian courts approach the certification of data breach class actions. To read BLG’s bulletin on […] Read more


The OPC Publishes its Report on Consent

In May 2016, the Office of the Privacy Commissioner of Canada (OPC) published a discussion paper and launched a consultation on consent under the Personal Information Protection and Electronic Documents Act (PIPEDA) with the objective of identifying potential enhancements to the consent model and better defining the roles and responsibilities of the actors who could […] Read more


BLG Welcomes Two New Lawyers joining the Privacy and Data Protection Practice Group

I am delighted to have François Joli-Coeur and Vinay Desai join BLG’s Privacy and Data Protection practice group. They will be advising clients from various sectors on a wide range of issues, including privacy and anti-spam, information technology, intellectual property, telecommunications, advertising, consumer protection, cybersecurity issues and data breach management. François Joli-Coeur received a bachelor’s degrees […] Read more

Events News

Webinar: Complying with Canada’s Upcoming Breach Notification Requirements (August 29)

I will participate, with Eduard Goodman, Global Privacy Officer for Cyberscout, at a webinar taking place on Tuesday, August 29, at 11 am PT / 2 pm ET on the management of cybersecurity breaches and notification requirements. The amendments to PIPEDA – through the Digital Privacy Act – will require private-sector organisations doing business in Canada to notify […] Read more