On June 14, the House of Commons introduced Bill C-26, which includes the newly drafted Critical Cyber Systems Protection Act (CCSPA) or in French, the Loi sur la protection des cybersystèmes essentiels (LPCSE). The CCSPA has been designed to “address longstanding gaps”1 in the federal government’s ability to protect systems and services of national importance and establishes a broad regulatory […] Read more
The text of Canada’s bill C-27 – “An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts” amending the Personal Information Protection and Electronic Documents Act has been released! The text […] Read more
Le Commissariat à la protection de la vie privée du Canada (le « CPVP »), ainsi que le Commissariat à l’information et à la protection de la vie privée de la Colombie-Britannique, le Commissariat à l’information et à la protection de la vie privée de l’Alberta et la Commission d’accès à l’information du Québec (collectivement les « Commissariats »), […] Read more
The Office of the Privacy Commissioner of Canada (the OPC), along with the Office of the Information and Privacy Commissioner for British Columbia, the Office of the Information and Privacy Commissioner of Alberta, and the Commission d’accès à l’information du Québec (collectively the Commissioners), published the results of their joint investigation concerning the Canadian fast food restaurant […] Read more
Every cyber expert, regulator and standards body will say you should have a cyber incident response plan. What these authorities don’t tell you is that not all plans are created equal. Without the proper process, most aren’t worth much. Too many organizations approach preparing incident response plans focusing on the deliverable. They want a cyber […] Read more
We are speaking at the IAPP Canada Privacy Symposium 2022! Wednesday May 25:– Dan Michaluk: Contract Issues in Privacy (9h05am room 103B) Thursday May 26:– Eloïse Gratton: Getting ready for Québec’s new privacy law (10h30am room 106)– Anthony Hémond, CIPM: Nouvelles règles pour le transfert international des renseignements personnels (2h15pm – room 104C)+ I will be participating at […] Read more
Changing laws and privacy culture around the world, a growing sophistication of cybersecurity threats, innovations in response to the COVID-19 pandemic and environmental, social and governance priorities, increased data outsourcing and a peak in M&A deal activity means that privacy issues are more prevalent than ever. Organizations know that the consequences of failing to safeguard […] Read more
Si vous gravitez dans la sphère de la protection de la vie privée au Canada, vous savez peut-être qui je suis. Mais je ne suis pas devenue du jour au lendemain coresponsable nationale du groupe Respect de la vie privée et protection des renseignements personnels du principal cabinet juridique du Canada. J’ai plutôt commencé ma […] Read more
If you are in the privacy field in Canada, you may recognize my name — but I didn’t start out as the national co-leader of the privacy and data protection group at Canada’s largest law firm. Instead, my career began as a technology lawyer at a Montréal start-up. Over the last few years, I have […] Read more
Even the most secure organizations fall victim to cyber attacks. To be prepared, organizations need to identify and secure or delete certain high-risk forms of data on their systems. Cyber criminals have been cashing in on organizations’ loose information governance practices since the rise of so-called “double extortion” in 2020 in which threat actors encrypt […] Read more