2019
News
CASL Enforcement Action – $115,000 in Penalties for Distributing Malware
Éloïse Gratton December 18, 2019
On December 10, 2019, the Canadian Radio-television and Telecommunications Commission issued a notice of violation under Canada’s Anti-Spam Legislation (commonly known as “CASL”) against two individuals operating Orcus Technologies for allegedly aiding the installation and operation of malware known as “Orcus RAT”. The notice imposes $115,000 in penalties. Read our bulletin on this topic. Read more
News
IIROC Imposes Mandatory Reporting of Cybersecurity Incidents for Regulated Investment Firms
Éloïse Gratton November 18, 2019
On November 14, 2019, the Investment Industry Regulatory Organization of Canada (IIROC) – the national self-regulatory organization that oversees investment dealers and their trading activity in Canadian markets – published a notice of amendments to its Rule 3100 and Rule 3703 to require mandatory reporting of cybersecurity incidents by IIROC-regulated investment firms. The amended rules, […] Read more
News
Mandatory Breach Reporting: Lessons From Year One
Éloïse Gratton November 16, 2019
The federal Privacy Commissioner (OPC) recently published a blog post detailing certain trends that have emerged in the first year since mandatory breach reporting came into effect for organizations subject to the Personal Information and Electronic Documents Act (PIPEDA), as well as certain tips for organizations for responding to a breach. On November 1, 2018, breach reporting in certain […] Read more
News
California Consumer Privacy Act — Preparing for Compliance
Éloïse Gratton November 14, 2019
The California Consumer Privacy Act (CCPA) is coming into force in less than two months, on January 1, 2020. The CCPA has an extraterritorial scope, which means that certain Canadian organizations may be covered by the statute. In order to comply with the law, these organizations will need to observe new transparency requirements (such as by adding […] Read more
News
When it is Illegal to Repurpose Publicly Available Information for Commercial Purposes?
Éloïse Gratton October 25, 2019
The Superior Court of Québec recently rendered a decision in Opencorporates Ltd. c Registraire des entreprises du Québec that, albeit limited in scope, raises important concerns with respect to the commercial use of publicly available information. The Court concluded that the Québec Enterprise Registrar (Registrar) did not have the legal authority to monitor and control the […] Read more
News
Benchmarking Businesses’ Privacy Framework: Highlights from the 2019 IAPP-EY Annual Privacy Governance Report
Éloïse Gratton October 3, 2019
IAPP and EY published their fifth annual Privacy Governance Report (Report) last week. The authors of the Report surveyed companies across the globe to determine privacy governance trends. The Report aims to understand the structure of businesses’ privacy programs (e.g., budget, staffing, career development), measure privacy compliance efforts (this year, with a focus on compliance with […] Read more
News
OPC Maintains Status Quo as it Concludes Consultation on Cross-border Dataflows
Éloïse Gratton September 24, 2019
The Privacy Commissioner of Canada (OPC) announced on September 23, 2019 that it has concluded its consultation on transfers for processing of personal information, and that it will not be changing its guidance and requirements for such transfers under the Personal Information Protection and Electronic Documents Act (PIPEDA). There are therefore no new obligations for organizations that engage in transfers […] Read more
News
Congratulations to Elisa Henry and François Joli-coeur ranked in Chambers Privacy & Data Protection
Éloïse Gratton September 19, 2019
(Picture of the BLG Montreal privacy team at IAPP Canadian Symposium 2019 – from left to right: François Joli-coeur, Max Jarvie, Elisa Henry, myself and Lauren Phizicky I am delighted that two additional BLG Privacy and Data Protection lawyers are ranked by Chambers 2020 as Privacy & Data Protection experts: Elisa Henry is partner and […] Read more
News
Canada’s New CyberSecure Canada Certification Program
Éloïse Gratton August 18, 2019
On August 12, 2019, the Canadian federal government announced CyberSecure Canada, a voluntary certification program to help small and medium enterprises (“SMEs”) achieve a baseline of cybersecurity. SMEs that demonstrate compliance with specified baseline cybersecurity controls, based on an audit by an accredited certification body, will be granted a two-year certification and be entitled to […] Read more
News
BLG Highlights Industry Concerns in Response to OPC Consultation on Cross-Border Dataflows
Éloïse Gratton August 6, 2019
On August 6, 2019, we submitted an official response to the call for comments issued by the Office of the Privacy Commissioner of Canada (OPC) in its “Consultation on transfers for processing – Reframed discussion” document dated June 11, 2019 (the “Consultation”). The revised Consultation reframed its original consultation on transborder dataflows dated April 9. […] Read more