About Articles The following articles are published by the Privacy Law Section of the Ontario Bar Association. Members are encouraged to submit articles. About Articles

Editors: Amanda Branch and Mitchell Koczerginski


NIST Releases AI Framework: a sign of what’s to come in AI regulation?

  • March 02, 2023
  • Jaime Cardy, Dentons LLP

The U.S. National Institute of Standards and Technology recently released version 1.0 of its Artificial Intelligence Risk Management Framework. The goal of the framework is to provide a voluntary, rights-preserving, sector- and use-case agnostic guide for AI actors to implement in order to promote trustworthy and responsible AI systems.

Privacy Law, Student Forum

Preparing for and Responding to Security Breaches

  • February 21, 2023
  • Roland Hung (Torkin Manes LLP)

In the wake of various high-profile security breaches, now may be a good time for businesses to re-acquaint themselves with the applicable Canadian statutory framework for the protection of personal information, as well as implement or update policies and procedures around breach detection and notification.

Privacy Law, Student Forum

A Year in Review 2022 - Top Five Privacy Developments in Canada

  • January 18, 2023
  • Roland Hung (Torkin Manes LLP)

2022 was an eventful year for privacy law in Canada. The Canadian privacy landscape saw significant changes, as stakeholders at all levels recognized the need to keep up with a data-driven world. This article summarizes the top five recent developments that businesses and stakeholders should be aware of.

Privacy Law, Student Forum

The Exclusion of Intrusion Upon Seclusion: Ontario Court of Appeal definitively determines that “Database Defendants” cannot be held liable for intrusions committed by third-party hackers

  • December 06, 2022
  • Lyndsay Wasser, Mitch Koczerginski (McMillan LLP)

The Court of Appeal for Ontario recently considered and definitively determined the issue of whether organizations that collect and store personal information about individuals for commercial purposes can be held liable for the tort of “intrusion upon seclusion” if they fail to take adequate steps to protect the information from third-party “hackers”.

Privacy Law, Student Forum

Seven Survival Guide Lessons from a Former Chief Privacy Officer

  • November 26, 2022
  • Roland Hung (Torkin Manes LLP)

Having gained substantial leadership experience as a privacy officer, what follows in this article is the perspective the author gained in these unique and essential roles. Each mandate, while quite different in practice, harvested similar lessons that I believe every practitioner working in the privacy sector should adopt to maximize their effectiveness within their organization. The following are seven key lessons every privacy officer or practitioner should know.

Privacy Law, Student Forum

Foreign Companies Should Assess Breach Impact on Canadians as Part of their Initial Assessment

  • October 28, 2022
  • Kirsten Thompson and Jaime Cardy (Dentons)

The Office of the Privacy Commissioner of Canada (OPC) recently issued PIPEDA Findings #2022¬004, which underscores the need for a timely risk assessment that includes Canadians’ personal information. With this Report, the OPC is setting the expectation that while this timeline is flexible, it is not infinitely elastic.

No Coffee Breaks from Privacy Compliance - A Cautionary Tale for App Developers

  • July 07, 2022
  • Roland Hung and Ida Sherkat

Mobile applications have become synonymous with organizations’ outreach initiatives. The recent joint investigation by federal and provincial privacy authorities into the Tim Hortons app emphasizes the need for companies to consider Canadian privacy laws when designing their apps.

Privacy Law, Student Forum

Divisional Court Affirms High Bar in Data Breach Class Actions

  • April 22, 2022
  • Shalom Cumbo-Steinmetz and Alina Butt

Shalom Cumbo-Steinmetz and Alina Butt discuss key takeaways from a recent Divisional Court decision overturning certification in a data breach class action involving private health information.

Privacy Law, Student Forum

ESG as the Next Frontier in Privacy and Data Governance: Moving Beyond Regulatory Compliance

  • April 11, 2022
  • Ronak Shah and George Boynton Payne

Ronak Shah and George Boynton Payne discuss a growing trend among organizations to include privacy and data governance metrics and disclosure as part of their environmental, social and governance (ESG) reporting framework, and highlight practical steps an organization can take to move beyond a traditional regulatory compliance approach to privacy and security.

Privacy Law, Student Forum