BLG’s Top 10 Legal Risks for Business in 2017 includes Cybersecurity and Data Privacy

​​​​​​BLG released today its Top 10 Legal Risks for Business in 2017, which is an annual thought leadership report forecasting the key trends and regulatory changes that will have legal implications for its clients in the year ahead.

The second risk discussed in this annual report relates to cybersecurity and data privacy. The 2016 Annual Privacy Governance Report recently published by Ernst & Young and the International Association of Privacy Professionals states that privacy is now a board-level issue for 73% of all organizations. Specifically, 14% of Canadian privacy professionals are reaching the C-Suite and more than 50% of privacy leaders are within two rungs of the CEO position.

In BLG’s annual report, we discuss that in recent months, many regulators (Mutual Fund Dealers Association of Canada, Canadian Securities Administrators, and the New York State Department of Financial Services, etc.) have provided guidance on the development and implementation of adequate cybersecurity measures and protocols. Following the Ashley Madison security breach, which exposed the personal information of some 32 million users of the online dating website, the Office of the Privacy Commissioner of Canada released an important report which raised a number of key elements and recommendations for all organizations subject to the federal PIPEDA. Businesses therefore have to stay up to date on the data security legal guidance which is quickly evolving. With the new PIPEDA breach notification and recordkeeping requirements coming into force in the near future, providing that it will be a criminal offence for an organization to knowingly fail to report breaches, punishable by significant fines, many businesses are preparing by investing in breach incident management response plans, adopting relevant policies, and training their staff on how to report and adequately respond to security breaches.

In last year’s report, we discussed the growing trend towards privacy Class Actions being filed following a security breach or a business practice breaching applicable data protection laws. We note that there are currently 33 privacy breach Class Actions pending in Canada, with 79% of pending privacy breach Class Actions being employee-generated. We also note that in 2016, settlements were reached in two privacy Class Actions cases, which may provide incentive for additional claims being filed in the future, if they are not being litigated.

The report also discusses how new technologies gaining in popularity such as wearable technologies, Internet of Things and related apps and services, which can use sensors to collect environmental, behavioural, and social data from consumers or employees are presenting additional privacy and data security challenges.

To access the full report, please click here (English version) or here (French version).

This content has been updated on May 2, 2024 at 15 h 03 min.