Privacy Commissioner’s Guidance for Compliance with PIPEDA’s Breach of Security Safeguards Obligations

On October 29, 2018 the Office of the Privacy Commissioner of Canada (“OPC”) issued a guidance document titled “What you need to know about mandatory reporting of breaches of security safeguards” (the “Guidance”) to help organizations comply with personal information security breach obligations under Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). Commencing […] Read more

Events Legal

Formation de 3 heures à Montréal – Cybersécurité et vie privée des employés

J’offrirai, avec mon associée Katherine Poirier, une formation de 3 heures au début du mois de novembre en matière de cybersécurité et vie privée des employés. Le vol d’informations confidentielles est un fléau en pleine croissance. Il devient donc essentiel de connaître le cadre juridique, d’identifier les risques afférents et de développer les outils nécessaire […] Read more


Our comments in response to the OPC Notice of consultation on new mandatory breach reporting guidance

Brad Freedman, François Joli-coeur and I have submitted comments on October 2, 2018 in response to the Notice of consultation on new mandatory breach reporting guidance and form issued by the Office of the Privacy Commissioner of Canada (“OPC”). The Notice invites comments regarding the OPC’s draft guidance, published September 17, 2018, regarding the breach of […] Read more


Preparing for Compliance with New Privacy Consent Guidelines

Commencing January 1, 2019, the Privacy Commissioner of Canada will begin enforcing Guidelines for obtaining meaningful consent, which impose requirements and provide recommendations for private sector organizations to obtain legally valid consent for the collection, use and disclosure of personal information. The Guidelines specify requirements for the form and content of privacy policies/notices and for clear […] Read more

Events Legal

Privacy and Data Protection Luncheon (Toronto Sept. 27th): GDPR, new breach notification and consent requirements

BLG is organizing a privacy luncheon on September 27th in Toronto. Privacy and data protection continue to be top business and legal risks for Canadian organizations. Recent legal developments impose significant new restrictions and requirements for the handling of personal information, and expose Canadian organizations to potentially substantial risks and liabilities. I will be presenting […] Read more

Legal News

Séminaire en protection de la vie privée le 26 septembre à Montréal: RGPD, nouvelles obligations relatives aux atteintes à la sécurité et à l’obtention du consentement

BLG organise un séminaire sur le respect de la vie privée et la protection des renseignements personnels le mercredi 26 septembre 2018 à notre bureau de Montréal. Le respect de la vie privée et la protection des renseignements personnels figurent toujours parmi les plus grands risques commerciaux et juridiques auxquels sont exposées les entreprises canadiennes. Je […] Read more

Legal News

Loss of Legal Privilege over Cyberattack Investigation Report (Kaplan v. Casino Rama Services)

Cyber incident response activities often involve the creation of forensic investigation reports that might be protected by legal privilege, depending on the purpose of the reports and the circumstances surrounding their creation and use. The 2018 Ontario Superior Court decision in Kaplan v. Casino Rama Services illustrates how an organization can lose the right to […] Read more

Legal News

Privacy Business Risks on the Rise: Privacy Concerns can Lead to Significant Loss in Market Value

Business risks resulting from consumer privacy concerns are on the rise. Last week, Facebook and Twitter reported second quarter results which revealed that both companies lost a significant number of active users due to privacy and data protection concerns. Their stock price plummeted by approximately 20 per cent each, resulting in a combined loss in market […] Read more

Legal News Publications

Public Facebook Profiles Not Equivalent to Public Information Under PIPEDA

In its most recent report of findings entitled “Company’s re-use of millions of Canadian Facebook user profiles violated privacy law,” the Office of the Privacy Commissioner (the “OPC”) dealt with the often confusing issue of personal information that is publicly available and confirmed its view that Facebook profiles that are set to public are not considered “publicly […] Read more