German Regulator Finds Banks’ Data Rules “impede non-bank competitors”

The re-posting of this article is part of a cross-posting agreement with CyberLex. “Open Banking” is an emerging term in financial services / financial technology that refers, among other things, to the use of open application programming interfaces (“APIs“) enable third party developers to build applications and services around a financial institution. This requires a […]

Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations

The re-posting of this article is part of a cross-posting agreement with CyberLex. The Office of the Privacy Commissioner of Canada (“OPC“) has provided its views on the data breach reporting and notification requirements that are soon to be prescribed by regulation under the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (“PIPEDA“).

Privacy Commissioner Seeks Public Input on Consent Model

The re-posting of this article is part of a cross-posting agreement with CyberLex. On May 11, 2016, Privacy Commissioner Daniel Therrien announced the Office of the Privacy Commissioner of Canada (“OPC”) would seek public input on the issue of how Canadians can give meaningful consent to the collection, use and disclosure of their personal information […]

Spokeo: Will U.S. Supreme Court’s Decision Impact Privacy Damages in Canada?

The re-posting of this article is part of a cross-posting agreement with CyberLex. The Spokeo decision’s requirement that there be a concrete injury in order to ground privacy damages is not just a U.S. issue. Canadian courts have been wrestling for some time with the question of what damages look like in the context of […]

IIROC Releases Two Cybersecurity Resources: Best Practices Guide and Incident Planning Guide

The re-posting of this article is part of a cross-posting agreement with CyberLex. Last week, the Investment Industry Regulatory Organization of Canada (“IIROC“) published two detailed guides to help IIROC-regulated firms protect themselves and their clients against cyber threats and attacks.  The creation of these guides was telegraphed at the beginning of the year  in IIROC’s annual consolidated […]

The Internet of Things: Guidance, Regulation and the Canadian Approach

The re-posting of this article is part of a cross-posting agreement with CyberLex. The Internet of Things (IoT) has been identified as a disruptive technology, bringing with it both the promise of seamless interconnectivity of devices and, the flip side of that interconnectivity, single-point vulnerability of multiple systems. While businesses rush to embrace the technology, […]

Data Transfers from EU to US “unlawful”; EU Signals Enforcement Actions Possible After January, 2016

The re-posting of this article is part of a cross-posting agreement with CyberLex. On Friday, October 16, 2015, the Article 29 Working Party (“WP29”) released a statement on the decision of the Court of Justice of the European Union (“CJEU”) in the case Schrems v Data Protection Commissioner (C-362-14), the landmark decision which invalidated the […]

Businesses Should Re-evaluate Approach to Privacy with Passage of Digital Privacy Act

The re-posting of this article is part of a cross-posting agreement with CyberLex. The Digital Privacy Act (Bill S-4) passed into law yesterday, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course […]