News

News

Benchmarking Businesses’ Privacy Framework: Highlights from the 2019 IAPP-EY Annual Privacy Governance Report

IAPP and EY published their fifth annual Privacy Governance Report (Report) last week. The authors of the Report surveyed companies across the globe to determine privacy governance trends. The Report aims to understand the structure of businesses’ privacy programs (e.g., budget, staffing, career development), measure privacy compliance efforts (this year, with a focus on compliance with […] Read more

News

OPC Maintains Status Quo as it Concludes Consultation on Cross-border Dataflows

The Privacy Commissioner of Canada (OPC) announced on September 23, 2019 that it has concluded its consultation on transfers for processing of personal information, and that it will not be changing its guidance and requirements for such transfers under the Personal Information Protection and Electronic Documents Act (PIPEDA). There are therefore no new obligations for organizations that engage in transfers […] Read more

News

Canada’s New CyberSecure Canada Certification Program

On August 12, 2019, the Canadian federal government announced CyberSecure Canada, a voluntary certification program to help small and medium enterprises (“SMEs”) achieve a baseline of cybersecurity. SMEs that demonstrate compliance with specified baseline cybersecurity controls, based on an audit by an accredited certification body, will be granted a two-year certification and be entitled to […] Read more

News

BLG Highlights Industry Concerns in Response to OPC Consultation on Cross-Border Dataflows

On August 6, 2019, we submitted an official response to the call for comments issued by the Office of the Privacy Commissioner of Canada (OPC) in its “Consultation on transfers for processing – Reframed discussion” document dated June 11, 2019 (the “Consultation”). The revised Consultation reframed its original consultation on transborder dataflows dated April 9. […] Read more

News

Security Incident: The Quebec Superior Court confirms that the mere fact of being a victim of an incident is insufficient to support a claim for damages

Security incidents involving consumers’ personal information are increasingly being reported in the media. Consumers are worried about fraud or identity theft and companies that have suffered such incidents are often the subject of class actions, with more than 80 class actions involving privacy breaches currently in progress across the country. The Superior Court of Québec […] Read more

News

Cybersecurity Guidance for Small and Medium Organizations

Small and medium organizations are increasingly being targeted by cyber criminals, but often have limited financial and human resources available to implement comprehensive cybersecurity measures. In March 2019, the Canadian Centre for Cyber Security issued Baseline Cyber Security Controls for Small and Medium Organizations to help Canadian small and medium organizations get the most out […] Read more