News

IIROC Imposes Mandatory Reporting of Cybersecurity Incidents for Regulated Investment Firms

On November 14, 2019, the Investment Industry Regulatory Organization of Canada (IIROC) – the national self-regulatory organization that oversees investment dealers and their trading activity in Canadian markets – published a notice of amendments to its Rule 3100 and Rule 3703 to require mandatory reporting of cybersecurity incidents by IIROC-regulated investment firms. The amended rules, […] Read more

News

Mandatory Breach Reporting: Lessons From Year One

The federal Privacy Commissioner (OPC) recently published a blog post detailing certain trends that have emerged in the first year since mandatory breach reporting came into effect for organizations subject to the Personal Information and Electronic Documents Act (PIPEDA), as well as certain tips for organizations for responding to a breach. On November 1, 2018, breach reporting in certain […] Read more

News

When it is Illegal to Repurpose Publicly Available Information for Commercial Purposes?

The Superior Court of Québec recently rendered a decision in Opencorporates Ltd. c Registraire des entreprises du Québec that, albeit limited in scope, raises important concerns with respect to the commercial use of publicly available information. The Court concluded that the Québec Enterprise Registrar (Registrar) did not have the legal authority to monitor and control the […] Read more

News

Benchmarking Businesses’ Privacy Framework: Highlights from the 2019 IAPP-EY Annual Privacy Governance Report

IAPP and EY published their fifth annual Privacy Governance Report (Report) last week. The authors of the Report surveyed companies across the globe to determine privacy governance trends. The Report aims to understand the structure of businesses’ privacy programs (e.g., budget, staffing, career development), measure privacy compliance efforts (this year, with a focus on compliance with […] Read more

News

OPC Maintains Status Quo as it Concludes Consultation on Cross-border Dataflows

The Privacy Commissioner of Canada (OPC) announced on September 23, 2019 that it has concluded its consultation on transfers for processing of personal information, and that it will not be changing its guidance and requirements for such transfers under the Personal Information Protection and Electronic Documents Act (PIPEDA). There are therefore no new obligations for organizations that engage in transfers […] Read more