Smart Cities: An Opportunity for Engagement on Big Data Governance June 14, 2019 Steve Tenai Smart city initiatives provide a welcome opportunity for public engagement about data governance and privacy in Ontario and beyond.
2019 Privacy Class Actions Update: Why did Casino Rama fail and Bell Mobility succeed? May 31, 2019 Avi Sharabi Why did the Ontario Superior Court of Justice refuse to certify the Casino Rama privacy breach class action, but then certified the Bell Mobility class action less than a week later? This piece offers a few theories explaining the opposing outcomes.
R. v. Jarvis: privacy is not an “all-or-nothing” concept May 02, 2019 Stacey Reisman, Jon Silver, and Ronak Shah In R v. Jarvis, the Supreme Court of Canada established a robust approach to individual privacy rights thereby opening the door for courts to apply Canada’s constitutional privacy framework to alleged invasions of privacy between individuals. The decision has implications in the criminal law context, and beyond.
Protecting Against Developer Error: Addressing Appropriate Data Management Procedures and Measures for Developers Today… and Tomorrow April 17, 2019 William Lim Facebook discovered a data breach in 2013 due to the inadvertent interaction between two of its features. The Privacy Commissioner of Canada (“Commissioner”) investigated the cause and aftermath of the breach and decided that the remedial measures Facebook implemented following this breach was sufficient. Would that decision be upheld by a Court in a claim for negligence? What additional but practical technical measures could Facebook have implemented to avoid being found negligent?
Canada’s Anti-Spam Legislation: Compliance and Enforcement Update From the Regulators February 25, 2019 Amanda Branch An overview of the “Canada’s Anti-Spam Legislation (CASL): A Joint Presentation on Compliance and Enforcement” program hosted by the Ontario Bar Association in November 2018.
Privacy Commissioner’s Consent Guidelines Come Into Force February 24, 2019 Imran Ahmad, Wendy Mee, and Amir Eftekharpour How can organizations ensure that they are obtaining meaningful consent to the collection, use, and disclosure of personal information? The Office of the Privacy Commissioner of Canada weighs in with a guidance document outlining guiding principles and a checklist of "Must-do" and "Should-do" items.
All Eyes on Consequences of Facial Recognition Technology January 21, 2019 Mark Hayes and Adam Jacobs While facial recognition technology is increasingly prevalent in our day-to-day lives, the authors highlight concerns regarding compliance with applicable privacy laws.
Allocating Risk and Preparing For a Data Breach January 21, 2019 Shan Alavi All organizations, large or small, are prone to privacy breaches, the cost of which can cripple an organization that is not prepared to handle such threats. No organization is immune, but every organization can mitigate the risks.
The New and Improved PIPEDA: What you need to know and what you need to do December 11, 2018 Stanislav Bodrov and Logan Wolfe, Strigberger Brown Armstrong LLP and Gearhead Software, With the advent of the GDPR and the amendments to PIPEDA, data breach response plans are no longer optional – they are mandatory - and a misstep could be costly.
Decision Narrows Definition of Facebook Privacy November 20, 2018 Mark Hayes and Adam Jacobs, The Ontario Superior Court recently differentiated between the reasonable expectation of privacy associated with Facebook Messenger and text messages. This article explores whether that distinction was justified.