Articles 2022

Since the decision in The Brick Warehouse LP v. Chubb Insurance Company of Canada was released in July 2017, several pundits have hailed it as ground-breaking in terms of cyber risks in Canada. However, there are at least three reasons why it is not all that significant to the Canadian cyber insurance market.

On June 23, 2017, the Supreme Court of Canada took a step toward repairing the inequality of bargaining power between parties in the online consumer context. In Douez v Facebook, the Supreme Court ruled that Facebook’s forum selection clause in its “terms of use” was unenforceable because (1) it supported unequal bargaining power between consumers and companies and (2) there was a need to protect the privacy rights of social media users.

With the rise in the collection, use and disclosure of personal information and personal health information across organizations, the prevalence of privacy breaches, and the recognition of common law privacy torts in Ontario, organizations increasingly face legal, financial and reputational consequences from personal information handling practices. This article considers how this evolving area of law may inform an organization’s internal risk management program.

David Young summarizes his testimony before the the House of Commons Standing Committee on Access to Information, Privacy and Ethics on its study of PIPEDA. Read on for David's submissions on consent, the PIPEDA enforcement framework, and how PIPEDA aligns with the forthcoming European General Data Protection Regulation.

Canadian Securities Administrators recently published the results of their review of cyber security disclosure and guidance on appropriate disclosure.

The Federal Court of Canada recently affirmed the application of PIPEDA to a foreign-based website operator. While PIPEDA has been applied to foreign companies before, the decision in A.T. v Globe24h.com and Sebastien Radulescu is the most explicit statement on the issue of extraterritorial application to date.

Recent landmark legislative amendments, regulatory activity, and an unprecedented increase in privacy litigation, damage awards, and class action certifications are among the key trends and legal risks in the Canadian cybersecurity environment. In this must-read article, Alex Cameron examines these trends and key developments to watch in the coming year.

In its recent decision in RBC v. Trang, the Supreme Court of Canada provided guidance to financial institutions holding otherwise “highly sensitive” information on how to determine when that information is somewhat less sensitive, such that it can be disclosed.