2017
News
Insider Risk Management and Rogue Employees
Éloïse Gratton December 28, 2017
People are a major security risk. An organization can be vicariously liable for cyber incidents caused by its employees, whether acting negligently or maliciously, even if the organization is not at fault and could not have prevented the incident. An insider risk management program can help reduce, but not eliminate, insider risks. Organizations should establish […] Read more
News
New Committee Report on CASL Highlights Need for Clarification and Education
Éloïse Gratton December 19, 2017
Canada’s Anti-Spam Legislation (also known as “CASL”) came into force in July 2014 and provided that a review of its provisions and operation had to be undertaken three years after it came into force. The House of Commons Standing Committee on Industry, Science and Technology (“INDU”) undertook this review and held hearings this fall. On […] Read more
Events Legal News
DRT-6929E-A : Cours de droit des TI et protection des renseignements personnels (hiver 2018)
Éloïse Gratton December 18, 2017
J’enseignerai, pour une sixième année consécutive, le cours DRT-6929E-A, un cours portant sur le droit des TI et de la protection des renseignements personnels à la Faculté de droit de l’Université de Montréal. Le cours est offert aux étudiants à la maîtrise et se déroule tous les mercredis de 16h à 19h, du 10 janvier […] Read more
Legal News
SCC Recognizes Expectation of Privacy in Text Message Conversations
Éloïse Gratton December 13, 2017
In the recent seminal decision R. v. Marakah, 2017 SCC 59, the Supreme Court of Canada (the “SCC”) established that Canadians have a reasonable expectation of privacy in the text messages they send, even after they have been received by the recipient. The majority opinion, which led 5-2 but with heavy dissent, recognized the privacy implications […] Read more
News
CASL Enforcement Decision — Interpretive Guidance for Compliance and Penalties
Éloïse Gratton November 22, 2017
On October 19, 2017, the Canadian Radio-television and Telecommunications Commission issued Compliance and Enforcement Decision CRTC 2017-368 in a contested enforcement proceeding, imposing a $200,000 penalty on Compu.Finder for violating Canada’s Anti-Spam Legislation (commonly known as “CASL”) by sending 317 commercial emails without the recipients’ consent and in some instances without a compliant unsubscribe mechanism. […] Read more
News
Ontario and Quebec Set to Update Legal Requirements on Loyalty Programs
Éloïse Gratton November 17, 2017
There has been uncertainty in Canada with regards to whether consumer-incentive programs involving loyalty or rewards points fall under the scope of provincial consumer protection laws, given their free nature. Loyalty programs encourage consumers to be loyal to a specific merchant in exchange for the opportunity to obtain goods and services either at a discounted […] Read more
News
G-7 Guidelines for Cybersecurity Assessment
Éloïse Gratton October 27, 2017
On October 13, 2017, the Group of Seven countries, including Canada, the United Kingdom and the United States (the “G-7”), issued a report titled G-7 Fundamental Elements for Effective Assessment of Cybersecurity in the Financial Sector (the “G7FEA”) to provide guidance for effective cybersecurity assessments by financial sector organizations. The G7FEA supplements the G-7’s 2016 report titled G7 […] Read more
Events Legal News
BLG – Class Actions Update (Toronto Nov. 1st)
Éloïse Gratton October 27, 2017
BLG’s annual class actions update event is taking place on November 1, 2017, in Toronto. It is an opportunity to participate in lively and informative discussions on recent developments and trends in class actions today. I will be co-presenting with Patrick Hawkins on “Privacy and Cybersecurity – Keeping you awake at night?” Other topics include: Prevention is […] Read more
Legal News
Cybersecurity Guidance from Canadian Securities Administrators
Éloïse Gratton October 26, 2017
On October 19, 2017, the Canadian Securities Administrators (“CSA”) published Staff Notice 33-321 Cyber Security and Social Media to report on a survey of cybersecurity and social media practices by firms registered to trade securities or to advise clients regarding securities, and to provide guidance regarding cybersecurity and social media practices. The Staff Notice supplements the CSA’s […] Read more
Events Legal
CBA Access to Information and Privacy Law Symposium
Éloïse Gratton October 25, 2017
The CBA Access to Information and Privacy Law Symposium is taking place this year on Oct. 27-28, 2017 at the Fairmont Chateau Laurier Hotel, 1 Rideau St. in Ottawa. I will be moderating a “Canadian Update” panel (1.5 substantive hours) with the following speakers: Me Jean Chartier, Président de la Commission d’accès à l’information du […] Read more