Category: Privacy

The Digitization of Vehicles: Privacy Concerns

November 28, 2019

In this video, Blakes Privacy lawyer Wendy Mee addresses privacy concerns and risks for autonomous vehicles, and what privacy protective measures and controls AV companies can implement in order to ensure that privacy is protected and that privacy risks are minimized.   For further information, please contact: Wendy Mee                      …

What Canadian Businesses Need to Know about the California Consumer Privacy Act

November 12, 2019

Come July 1, 2020, Canadian entities caught under the California Consumer Privacy Act (CCPA) will need to comply with proposed regulations that were recently issued by the Attorney General’s office. The draft rules clarify the intended interpretation of the CCPA and create new substantive requirements with which businesses must comply. The draft regulations are open for public comment until December…

One Year into Mandatory Reporting, Canada’s Privacy Commissioner Releases Key Data Breach Trends

November 7, 2019

To mark the one-year anniversary of mandatory breach reporting under the Personal Information Protection and Electronic Documents Act (PIPEDA), the Office of the Privacy Commissioner of Canada (OPC) published a blog post providing observations, statistics and compliance tips. Since November 2018, organizations that are subject to PIPEDA are required to notify the OPC and affected individuals of a “breach of…

Litigation Risk on the Rise: 3 Trends in Cybersecurity Class Actions in Canada

October 30, 2019

Cybersecurity litigation in Canada is on the rise. Given that the number of data breaches in Canada has been rising exponentially in recent years, the increase in cybersecurity litigation is unsurprising. However, the increase in the volume of breaches, coupled with privacy legislation changes, has resulted in more reporting to the privacy commissioners, attempted class proceedings, and settlements of actions….

When Cyber Threatens Your Deal: 5 Cybersecurity Tips That Could Save Your M&A Transaction

October 21, 2019

In today’s technology-driven business world, organizations are more vulnerable than ever to cybersecurity threats such as data and privacy breaches. As a result, in the context of M&A transactions, assessing the cybersecurity posture of a target entity has become a key due diligence consideration for buyers. Depending on the target’s operations and the industry in which it operates, the level…

Cybersecurity Month: Learn How to Safeguard Your Business from Cyber Threats

October 15, 2019

In an increasingly digitized world, data has become one of the most valuable assets of an organization, and data breaches have become more common and sophisticated. It is often not a matter of “if” but “when” a data breach will occur. A cyberattack can have a devastating financial and reputational effect on your business, costing millions of dollars. As part of…

OPC Concludes Consultation on Transfers for Processing: 2009 Policy Position Remains Status Quo

September 23, 2019

On September 23, 2019, the Office of the Privacy Commissioner of Canada (OPC) concluded its consultation on transfers for processing, initially launched on April 9, 2019. Fortunately, the OPC has determined that its approach to transfers of personal information to service providers for processing, as outlined in its 2009 guidelines for processing personal data across borders (2009 Policy Position), will…

Proposed Privacy Class Action “Collapses in its Entirety” on Commonality

May 8, 2019

On May 7, 2019, in Kaplan v. Casino Rama Services Inc. (Kaplan), the Ontario Superior Court of Justice refused to certify a privacy class action arising out of a criminal cyberattack that included allegations of breach of privacy, breach of contract and negligence. The decision comes on the heels of another recent decision denying certification of a privacy class action,…

Under Cyberattack: How Can Canadian Directors Mitigate Liability?

April 25, 2019

Several former Yahoo! Inc. executives recently settled a derivative action for US$29-million, following data breaches from 2013 and 2014 that compromised approximately three billion accounts. Given the absence of Canadian case law on director liability in the context of a data breach, prudent directors may gain an advantage by reviewing U.S. case law and adapting their strategy and approach to…

OPC Proposes a Reversal in its Approach to Transfers of Personal Information to Service Providers for Processing

April 10, 2019

On April 9, 2019, the Office of the Privacy Commissioner of Canada (OPC) played a belated April Fools’ joke. They launched a consultation on transborder data flows in which they indicated that they were revisiting their long-held position that a transfer of personal information to a service provider for processing does not require consent from the individual, and now propose…