Éloïse Gratton | Privacy & IT Law

On August 12, 2019, the Canadian federal government announced CyberSecure Canada, a voluntary certification program to help small and medium enterprises (“SMEs”) achieve a baseline of cybersecurity. SMEs that demonstrate compliance with specified baseline cybersecurity controls, based on an audit by an accredited certification body, will be granted a two-year certification and be entitled to […] Read more

News

BLG Highlights Industry Concerns in Response to OPC Consultation on Cross-Border Dataflows

Éloïse Gratton August 6, 2019

On August 6, 2019, we submitted an official response to the call for comments issued by the Office of the Privacy Commissioner of Canada (OPC) in its “Consultation on transfers for processing – Reframed discussion” document dated June 11, 2019 (the “Consultation”). The revised Consultation reframed its original consultation on transborder dataflows dated April 9. […] Read more

News

Security Incident: The Quebec Superior Court confirms that the mere fact of being a victim of an incident is insufficient to support a claim for damages

Éloïse Gratton July 16, 2019

Security incidents involving consumers’ personal information are increasingly being reported in the media. Consumers are worried about fraud or identity theft and companies that have suffered such incidents are often the subject of class actions, with more than 80 class actions involving privacy breaches currently in progress across the country. The Superior Court of Québec […] Read more

News

Cybersecurity Guidance for Small and Medium Organizations

Éloïse Gratton July 11, 2019

Small and medium organizations are increasingly being targeted by cyber criminals, but often have limited financial and human resources available to implement comprehensive cybersecurity measures. In March 2019, the Canadian Centre for Cyber Security issued Baseline Cyber Security Controls for Small and Medium Organizations to help Canadian small and medium organizations get the most out […] Read more

News

Marketing Disrupted: Balancing data and desire (accenture podcast)

Éloïse Gratton July 2, 2019

I am delighted to have contributed to this great podcast dealing with marketing and privacy. In this podcast, Amber and Brent first interview Justin De Graaf, Head of Ads Research and Insights at Google, about how the tech giant makes its money and drives the global economy. They then interview me about whether a company […] Read more

News

Privacy Breach Response – Prevention of Future Breaches

Éloïse Gratton June 26, 2019

Canadian privacy commissioners have emphasized the importance of the final step of a privacy breach response process — prevention and lessons learned. The recent decision by the British Columbia Court of Appeal in Ari v. Insurance Corporation of British Columbia confirms that an organization’s failure to learn from past privacy breaches and prevent future privacy […] Read more

		Publications
	
Articles 
Frequently Asked Questions – PIPEDA’s Security Breach Obligations2019  

Articles 
Public Facebook Profiles Not Equivalent to Public Information under PIPEDA2018  

Articles 
ETHI Committee Prepares for GDPR Adequacy Assessment in New Report on PIPEDA2018  

		Speaking engagement
	
Privacy and Data Protection: Legal Risks, Challenges and Trends Affecting Canadian Businesses and ConsumersJuly 31, 2019  Judging Better, Judging Smarter (Joint CSCJA and NJI Porgram) 

Personal Data as an Asset ClassJune 11, 2019  Sagard Holdings Ecosystem Conference 

Privacy and Data Security of Connected and Autonomous Vehicles : A Discussion with Dr. Gregory Smolynec, Deputy Commissioner, Office of the Privacy Commissioner of CanadaJune 4, 2019  Automotive Industry Seminar (Borden Ladner Gervais LLP) 

		In the media
	
Press 
Un conseiller veut un moratoire sur la reconnaissance facialeLa Presse August 6, 2019 

Press 
Canada: OPC’s position on cross-border transfers “constitute a significant departure from its previous guidance”DataGuidance by OneTrust April 18, 2019 

TV 
TéléjournalRadio-Canada April 17, 2019 
Tweets de @eloisegratton

Canada’s New CyberSecure Canada Certification Program

BLG Highlights Industry Concerns in Response to OPC Consultation on Cross-Border Dataflows

Security Incident: The Quebec Superior Court confirms that the mere fact of being a victim of an incident is insufficient to support a claim for damages

Cybersecurity Guidance for Small and Medium Organizations

Marketing Disrupted: Balancing data and desire (accenture podcast)

Privacy Breach Response – Prevention of Future Breaches

Publications

Frequently Asked Questions – PIPEDA’s Security Breach Obligations

Public Facebook Profiles Not Equivalent to Public Information under PIPEDA

ETHI Committee Prepares for GDPR Adequacy Assessment in New Report on PIPEDA

Speaking engagement

Privacy and Data Protection: Legal Risks, Challenges and Trends Affecting Canadian Businesses and Consumers

Personal Data as an Asset Class

Privacy and Data Security of Connected and Autonomous Vehicles : A Discussion with Dr. Gregory Smolynec, Deputy Commissioner, Office of the Privacy Commissioner of Canada

In the media

Un conseiller veut un moratoire sur la reconnaissance faciale

Canada: OPC’s position on cross-border transfers “constitute a significant departure from its previous guidance”

Téléjournal