Frequently Asked Questions – Compliance with PIPEDA’s Security Breach Obligations

Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes obligations on private sector organizations that suffer a breach of security safeguards affecting personal information under their control. Details of those obligations are set out in PIPEDA, the Breach of Security Safeguards Regulations and the guidance document titled “What you need to know about […] Read more


Court Denies Certification in Privacy Class Action: Personal Information is Not Necessarily Private Information

A recent Ontario court decision clarifies the distinction between personal information and private information and confirms that the wrongful disclosure of personal information may not always amount to a violation of privacy. In Broutzas, 2018 ONSC 6315, the court refused to certify a proposed privacy class action involving the sale of new mother contact information […] Read more


OSFI Issues Advisory on Technology and Cybersecurity Incident Reporting

On January 24, 2019, the Office of the Superintendent of Financial Institutions issued an Advisory setting out expectations for federally regulated financial institutions’ prompt (within 72 hours) reporting of technology and cybersecurity incidents. The Advisory will be effective on March 31, 2019. Federally regulated financial institutions should now take steps to prepare for compliance with […] Read more


Canada’s Anti-Spam Legislation — 2018 Year in Review

In 2018, the Canadian Radio-television and Telecommunications Commission continued to enforce Canada’s Anti-Spam Legislation (commonly known as CASL) and issued an important information bulletin regarding the CASL provision that imposes indirect liability for CASL violations. In addition, the federal government issued a formal response to a parliamentary committee report on CASL. Read our bulletin on […] Read more


New 2018 ETHI Report – Democracy under Threat: Risks and Solutions in the Era of Disinformation and Data Monopoly

The Standing Committee on Access to Information, Privacy and Ethics recently published its December 2018 Report : Democracy under Threat: Risks and Solutions in the Era of Disinformation and Data Monopoly. In late March 2018, the House of Commons Standing Committee on Access to Information, Privacy and Ethics began a study of the breach of personal […] Read more


Five Steps to Compliance with Privacy Consent Guidelines

On January 1, 2019, the Privacy Commissioner of Canada will begin enforcing Guidelines for obtaining meaningful consent, which impose requirements for obtaining legally valid privacy consents. Compliance with the Guidelines will require many organizations to adjust their personal information practices/procedures and revise their privacy policies and related notifications. This bulletin summarizes five steps to compliance […] Read more

Legal News

Max Jarvie joins the BLG Privacy and Data Protection Group

BLG is very proud to welcome Max Jarvie in the Privacy and Data Protection Group. He will be advising and assisting clients on a wide range of issues, including privacy and anti-spam, distributed ledger technology (blockchain), information security, licensing and consumer protection matters. Max brings a strong technical and blockchain legal expertise. Before studying law, he worked in information […] Read more


Privacy Commissioner launches investigation into Statistics Canada’s recent request from financial institutions

There has been news reports yesterday about a project by Statistics Canada (“StatCan”) to collect information from financial institutions about their customers’ financial transactions. A few clients have reached out asking about StatCan’s authority to request such data. StatCan is relying on Section 13 of the Statistics Act, which appears to grant the institution broad […] Read more