In a September 19, 2017 decision in Demers v Yahoo! Inc., the Québec Superior Court rejected Yahoo! Inc. and Yahoo! Canada Co.’s (collectively, “Yahoo”) motion to dismiss a motion for authorization of a class action resulting from two highly publicized data security incidents that occurred in 2013 and 2014. This decision has important implications for […] Read more
The 2017 IT.CAN 21st Annual Conference is taking place on October 23–24, at the St. Andrew’s Club and Conference Centre 150 King St. West, 16th Floor, Toronto. I will participate on a panel entitled “Legal Control of Internet Content: Who Decides and What is the Impact?” with co-panelists Curt Howard, Head of Legal, Google Canada […] Read more
The European Union General Data Protection Regulation (the “GDPR”), which will come into force in May 2018, is a significant evolution in personal data protection laws, and is materially different in important respects from the Canadian Personal Information Protection and Electronic Documents Act and similar provincial laws. The GDPR is complicated and nuanced, with permitted variances among European Union […] Read more
I will be attending the IAPP PSR 2017 annual event in San Diego (October 16-18) and presenting on the following topic “Learn From my Fail: Avoiding Privacy Program Snafus & Screw-Ups” with the following co-panelists: Lael Bellamy, CIPP/US, CPO, The Weather Channel Peggy Eisenhauer, CIPP/US, Founder, Privacy & Information Management Services Eloïse Gratton, Partner and National Co-leader, Privacy and Data Protection Jules […] Read more
In August 2017, the British Columbia Supreme Court issued its decision in Tucci v. Peoples Trust Company, certifying a national class action lawsuit against Peoples Trust Company relating to a 2013 breach of customers’ personal information. The decision demonstrates how Canadian courts approach the certification of data breach class actions. Read more
In May 2016, the Office of the Privacy Commissioner of Canada (OPC) published a discussion paper and launched a consultation on consent under the Personal Information Protection and Electronic Documents Act (PIPEDA) with the objective of identifying potential enhancements to the consent model and better defining the roles and responsibilities of the actors who could […] Read more
On June 15, 2015, Bill S-4, the Digital Privacy Act amended the Personal Information Protection and Electronic Documents Act (PIPEDA). Under new sections 10.1 through 10.3 which are not yet in force, the Digital Privacy Act introduces an explicit obligation to notify individuals in cases of breaches, and report to the Office of the Privacy […] Read more
I will participate, with Eduard Goodman, Global Privacy Officer for Cyberscout, at a webinar taking place on Tuesday, August 29, at 11 am PT / 2 pm ET on the management of cybersecurity breaches and notification requirements. The amendments to PIPEDA – through the Digital Privacy Act – will require private-sector organizations doing business in Canada to notify […] Read more
In 2015, the Ashley Madison discreet affair website operated by Ruby Corp. (previously known as Avid Life Media) was subject to a cyber-attack by hackers who published the details (including sensitive personal information) of over 30 million Ashley Madison user accounts. The data breach resulted in a joint investigation by the Canadian and Australian Privacy […] Read more
I will be participating at the Responsible Openness: What You Need To Know To Get Started Today – RDA 10th Plenary Collocated Event taking place in Montreal on September 18, 2017. Research projects handling data come under scrutiny when they seek to obtain funding, with the principal investigator asked to present a responsible data management […] Read more