Insider Risk Management and Rogue Employees

People are a major security risk. An organization can be vicariously liable for cyber incidents caused by its employees, whether acting negligently or maliciously, even if the organization is not at fault and could not have prevented the incident. An insider risk management program can help reduce, but not eliminate, insider risks. Organizations should establish […] Read more


CASL Enforcement Decision — Interpretive Guidance for Compliance and Penalties

On October 19, 2017, the Canadian Radio-television and Telecommunications Commission issued Compliance and Enforcement Decision CRTC 2017-368 in a contested enforcement proceeding, imposing a $200,000 penalty on Compu.Finder for violating Canada’s Anti-Spam Legislation (commonly known as “CASL”) by sending 317 commercial emails without the recipients’ consent and in some instances without a compliant unsubscribe mechanism. […] Read more


G-7 Guidelines for Cybersecurity Assessment

On October 13, 2017, the Group of Seven countries, including Canada, the United Kingdom and the United States (the “G-7”), issued a report titled G-7 Fundamental Elements for Effective Assessment of Cybersecurity in the Financial Sector (the “G7FEA”) to provide guidance for effective cybersecurity assessments by financial sector organizations. The G7FEA supplements the G-7’s 2016 report titled G7 […] Read more

Legal News

Cybersecurity Guidance from Canadian Securities Administrators

On October 19, 2017, the Canadian Securities Administrators (“CSA”) published Staff Notice 33-321 Cyber Security and Social Media to report on a survey of cybersecurity and social media practices by firms registered to trade securities or to advise clients regarding securities, and to provide guidance regarding cybersecurity and social media practices. The Staff Notice supplements the CSA’s […] Read more