News | Page 33
News
Keeping records of consent under CASL
Éloïse Gratton August 5, 2016
The CRTC has recently released a Notice for businesses and individuals advising them on how to keep records of consent. The CRTC confirms that under section 13 of CASL, the onus is on the person who alleges they have consent to send a CEM (typically, the person who sends the CEM) to prove that they have proper consent, either implied […] Read more
News
Cyber Risk Management: Legal Privilege Strategy – Part 2 of 2
Éloïse Gratton July 29, 2016
An organization’s cyber risk management activities may result in sensitive communications and documents that the organization’s personnel expect will remain confidential. Nevertheless, in many circumstances an organization may be legally obligated to disclose those communications and documents unless the organization is able to assert a legal right – called “legal privilege” – to not make […] Read more
News
Cyber Risk Management: Legal Privilege Strategy – Part 1 of 2
Éloïse Gratton July 22, 2016
An organization’s cyber risk management activities may result in sensitive communications and documents that the organization’s personnel expect will remain confidential. Nevertheless, in many circumstances an organization may be legally obligated to disclose those communications and documents unless the organization is able to assert a legal right – called “legal privilege” – to not make […] Read more
News
Privacy class actions pose threat
Éloïse Gratton July 13, 2016
Kim Arnott from the Lawyers Weekly published an interested story entitled “Privacy class actions pose threat – Data breach could spur lawsuit“ (at p. 14) in the latest issue of Forensic Accounting & Fraud, (distributed with The Lawyers Weekly and The Bottom Line). I was interviewed for this article, and I discuss how the growing risk […] Read more
News
Beyond Consent-based Privacy Protection: My submission in response to the OPC’s consultation on privacy and consent
Éloïse Gratton July 11, 2016
The Office of the Privacy Commissioner (OPC) has recently published a great discussion paper entitled “Consent and privacy” exploring potential enhancements to consent under PIPEDA. The OPC also launched a Consultation and Call for Submissions requesting input on its consent paper, asking whether legislative changes are required, and requesting comments on solutions which would be helpful in […] Read more
News
Top Tips to Avoid Liability for Blogs and other Online Publications
Éloïse Gratton June 27, 2016
My partner David A. Crerar has recently published a bulletin entitled “Top Tips to Avoid Liability for Blogs and other Online Publications“. Many companies encourage employees to blog or otherwise engage customers through social media. While at times providing effective means of marketing to or educating customers and would-be customers, this practice exposes those writers and […] Read more
News
Right to be Forgotten – Recent Quebec Case (C.L. v. BCF Avocats d’affaires (2016))
Éloïse Gratton June 13, 2016
Quebec was the first province to enact a data protection law for the private sector, an Act respecting the protection of personal information in the private sector in 1993. This law is substantially similar to the federal law PIPEDA. The Quebec Commission d’Accès à l’Information (CAI), the government body responsible for the administration and enforcement of the Quebec law, […] Read more
News
The Consent Exception for Research Purposes
Éloïse Gratton June 3, 2016
A few days ago, I published a short piece on Big Data Analytics: Is Consent Required? While I discuss different data flow scenarios and whether consent should be a requirement under each scenario, I don’t address the consent exception for research purposes. This exception which can be found under each Canadian private sector data protection law is […] Read more
News
Cybersecurity Guidance from Investment Industry Organization
Éloïse Gratton May 27, 2016
My partner Brad Freedman published a Bulletin on Cybersecurity Guidance from Investment Industry Organization. Cyber risk management is an increasingly important challenge for organizations of all kinds. The Mutual Fund Dealers Association of Canada, the national self-regulatory organization that oversees mutual fund dealers in Canada, has published a Cybersecurity bulletin to help its members manage […] Read more
Legal News
Big Data Analytics: Is Consent Required?
Éloïse Gratton May 25, 2016
Borden Ladner Gervais LLP sponsored a great panel at the IAPP Canada Privacy Symposium 2016 which took place in Toronto on May 11th. The panel was entitled “Business Analytics and Privacy-related Risks”. Many attendees have since contacted me to obtain our slides so I have decided to share them through this blog and summarize some of the […] Read more