Éloïse Gratton

Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes obligations on private sector organizations that suffer a breach of security safeguards affecting personal information under their control. Details of those obligations are set out in PIPEDA, the Breach of Security Safeguards Regulations and the guidance document titled “What you need to know about […] Read more

A recent Ontario court decision clarifies the distinction between personal information and private information and confirms that the wrongful disclosure of personal information may not always amount to a violation of privacy. In Broutzas, 2018 ONSC 6315, the court refused to certify a proposed privacy class action involving the sale of new mother contact information […] Read more

On January 24, 2019, the Office of the Superintendent of Financial Institutions issued an Advisory setting out expectations for federally regulated financial institutions’ prompt (within 72 hours) reporting of technology and cybersecurity incidents. The Advisory will be effective on March 31, 2019. Federally regulated financial institutions should now take steps to prepare for compliance with […] Read more

In 2018, the Canadian Radio-television and Telecommunications Commission continued to enforce Canada’s Anti-Spam Legislation (commonly known as CASL) and issued an important information bulletin regarding the CASL provision that imposes indirect liability for CASL violations. In addition, the federal government issued a formal response to a parliamentary committee report on CASL. Read our bulletin on […] Read more

Last week, in R. v. Reeves, the Supreme Court of Canada clarified the law around an individual’s right to privacy in relation to shared devices, such as personal computers (Justices Côté and Moldaver wrote separate, concurring reasons). In holding that a third party cannot waive an individual’s rights under s. 8 of the Charter of Rights and […] Read more