Category: Cybersecurity

Infrastructure Update: New NERC Directive Emphasizes Cyber Planning and Reporting for Electrical Energy Sector

August 26, 2019

The North American Electric Reliability Corp. (NERC) recently adopted the Cyber Security – Incident Reporting and Response Planning CIP-008-6 directive (Directive), which creates new cybersecurity incident reporting obligations for bulk electric systems (BES) categorized as high or medium impact in North America. The Directive also emphasizes the importance of cyber planning and preparedness and is set to be implemented in…

All About Data: Best Practices for Assessing Cyber Risks, Negotiating Contracts and Responding to Breaches

May 28, 2019

Please join our Cybersecurity, Privacy and Technology lawyers for an in-depth discussion about data as one of the most valuable assets of an organization. In this session, we will explore the current regulatory framework and how you can best protect your organization from ever-increasing cybersecurity threats, as well as what you should do in the event of a breach. Topics:…

Public Safety Canada Releases New Guide on Cybersecurity for Critical Infrastructures

May 28, 2019

Public Safety Canada (Public Safety) recently released Enhancing Canada’s Critical Infrastructure Resilience to Insider Risk, a guide designed to assist Canadian organizations in developing effective programs to mitigate and respond to security threats from insiders (Guide). Critical infrastructure is broadly defined as “processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of…

Proposed Privacy Class Action “Collapses in its Entirety” on Commonality

May 8, 2019

On May 7, 2019, in Kaplan v. Casino Rama Services Inc. (Kaplan), the Ontario Superior Court of Justice refused to certify a privacy class action arising out of a criminal cyberattack that included allegations of breach of privacy, breach of contract and negligence. The decision comes on the heels of another recent decision denying certification of a privacy class action,…

Under Cyberattack: How Can Canadian Directors Mitigate Liability?

April 25, 2019

Several former Yahoo! Inc. executives recently settled a derivative action for US$29-million, following data breaches from 2013 and 2014 that compromised approximately three billion accounts. Given the absence of Canadian case law on director liability in the context of a data breach, prudent directors may gain an advantage by reviewing U.S. case law and adapting their strategy and approach to…

2019 Legal Trends: Cybersecurity

March 26, 2019

As part of our quarterly series on current trends across different industries, our first article for 2019 looks at the current landscape of cybersecurity and highlights key legal trends and developments. We also offer some practical advice on what businesses can do to equip themselves and mitigate their risk in this constantly evolving space. 

Class Action Climate in Canada: Recent Developments and Emerging Trends

January 30, 2019

Join leading lawyers from Blakes for an interactive discussion that will span a cross-section of recent developments and hot-button topics such as: Emerging class action risks National and multijurisdictional class actions Cybersecurity and data breaches Employment, competition and securities class actions Settlement structures and considerations Following the seminar, we invite you to join us for cocktails and networking. Mandatory Continuing…

OSFI Releases Advisory on Technology and Cybersecurity Incident Reporting Obligations

January 28, 2019

On January 24, 2019, the Office of the Superintendent of Financial Institutions (OSFI) published the Technology and Cybersecurity Incident Reporting Advisory (Advisory) applicable to all federally regulated financial institutions (FRFIs). The Advisory creates new incident reporting obligations for FRFIs and is effective as of March 31, 2019. Service providers to FRFIs should also familiarize themselves with FRFIs’ obligations under the…

What to Expect Come November 2018: Privacy Commissioner’s Final Guidelines on Mandatory Breach Reporting under PIPEDA

October 30, 2018

On October 29, 2018, the Office of the Privacy Commissioner of Canada (OPC) published the final guidance intended to assist organizations in complying with the mandatory breach reporting and record-keeping requirements under the Personal Information Protection and Electronic Documents Act (PIPEDA), which come into effect on November 1, 2018. As of November 1, organizations subject to PIPEDA will be required to notify…

Privacy Commissioner Publishes Draft Guidelines for Mandatory Breach Reporting under PIPEDA

September 19, 2018

On September 17, 2018, the Office of the Privacy Commissioner of Canada (OPC) published draft guidelines on mandatory breach reporting under the Personal Information Protection and Electronic Documents Act (PIPEDA). The guidelines are intended to assist organizations in meeting their breach reporting and record-keeping obligations under PIPEDA’s mandatory breach reporting regime, which comes into force on November 1, 2018. Organizations…