Security Breach


Privacy Commissioner’s Guidance for Compliance with PIPEDA’s Breach of Security Safeguards Obligations

On October 29, 2018 the Office of the Privacy Commissioner of Canada (“OPC”) issued a guidance document titled “What you need to know about mandatory reporting of breaches of security safeguards” (the “Guidance”) to help organizations comply with personal information security breach obligations under Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). Commencing […] Read more

Legal News

Canadian Personal Information Security Breach Obligations – Preparing for Compliance

Commencing November 1, 2018, Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) will require an organization that suffers a “breach of security safeguards” involving personal information under its control to keep prescribed records of the breach and, if the breach presents a “real risk of significant harm to an individual”, to promptly report […] Read more

Events News

Webinar: Complying with Canada’s Upcoming Breach Notification Requirements (August 29)

I will participate, with Eduard Goodman, Global Privacy Officer for Cyberscout, at a webinar taking place on Tuesday, August 29, at 11 am PT / 2 pm ET on the management of cybersecurity breaches and notification requirements. The amendments to PIPEDA – through the Digital Privacy Act – will require private-sector organisations doing business in Canada to notify […] Read more


Legal Privilege for Data Security Incident Investigation Reports

My partner Brad Freedman recently published a short article on Legal Privilege for Data Security Incident Investigation Reports. Data security incident response activities usually involve the creation of sensitive communications and documents that might be subject to legal disclosure obligations unless they are protected by legal privilege. An organization’s ability to assert legal privilege over a communication […] Read more


Cybersécurité: Ce que tout dirigeant doit savoir en matière de gouvernance et gestion de risques

Je participerai à l’événement annuel Hop! Le Sommet du commerce de détail se déroulant au Palais des congrès de Montréal les 21 et 22 mars prochain. Je présenterai le 22 mars sur les enjeux en matière de Cybersécurité et protection des renseignements personnels. La plupart des commerces de détail, peu importe leur taille, leur réputation ou les […] Read more

Events Legal News Videos

With no global standard for data privacy, laws outside U.S. differ in scope

I was recently interviewed by CyberScout just after I appeared on a privacy panel at CyberScout’s Privacy XChange Forum entitled “Where In the World: A Quick and Easy Breakdown of Privacy Standards and Regulations”. In the interview, I summarize the breach notification regulations in Canada and discuss what should be included in a cybersecurity plan. I also discuss […] Read more


Ashley Madison Security Breach: Lessons Learned and Valuable Recommendations for all Businesses

On August 22, 2016, the Office of the Privacy Commissioner of Canada (OPC) released an important joint investigation report regarding the Ashley Madison data breach, which exposed the personal information of some 32 million users of the online dating website marketed to people who are married or in committed relationships. As part of its investigation, […] Read more


Forty hours on privacy

I will be teaching, for a fourth consecutive year, DRT-6929E-A, a privacy law course at the  University of Montreal Law Faculty. The class is offered to Masters degree students and takes place every Monday from 4 to 7pm, January 11 to April 11, 2016. I have been teaching since 2009 (e-commerce law from 2009 – […] Read more