Articles 2023

Generative AI tools like ChatGPT, Cohere, and DALL-E2 are popular tools that allow organizations to generate images, text, sounds and creative content based on a prompt. While these tools can provide practical benefits such as improved efficiency and productivity, they raise privacy risks which are important to mitigate.

The Federal Court of Appeal recently upheld the ruling of the Federal Court wherein it was held that the Personal Information Protection and Electronic Documents Act (PIPEDA) should apply to Google’s search engine results, as they have a commercial interest in it by way of ads and also connecting two players.

Redirecting bank wire transfers has become an increasingly common method of fraud, frequently perpetuated through hacking or otherwise impersonating individuals representing a business. In the aftermath, there is often dispute about who bears responsibility for the financial loss: the company that mistakenly sent funds to the wrong bank, or the company whose email was hacked.

In a matter of months, generative AI has been adopted ravenously by the public, thanks to programs like ChatGPT. The increasing use (or proposed use) of generative AI by organizations has presented a unique challenge for regulators and governments across the globe. This article summarizes some of the key legislation or proposed legislation around the world that tries to strike the balance between fostering innovation while mitigating risks associated with the technology.

Facial recognition technology has become increasingly popular among businesses for various applications, including security, marketing, and customer service. However, with the widespread adoption of this technology, there are growing concerns over its potential impact on privacy, human rights, and data protection.

On April 4, 2023, Canada’s Privacy Commissioner, Philippe Dufresne, launched an investigation into OpenAI after having received a complaint alleging the collection, use and disclosure of personal information without consent.  

In this article, we focus on the importance of data security diligence, tips for the diligence process, and mitigation strategies for companies that have identified risks and wish to proceed with the deal. We also discuss the need to assess and quickly remediate any flaws in a target company’s data security posture following a transaction.

The U.S. National Institute of Standards and Technology recently released version 1.0 of its Artificial Intelligence Risk Management Framework. The goal of the framework is to provide a voluntary, rights-preserving, sector- and use-case agnostic guide for AI actors to implement in order to promote trustworthy and responsible AI systems.

In the wake of various high-profile security breaches, now may be a good time for businesses to re-acquaint themselves with the applicable Canadian statutory framework for the protection of personal information, as well as implement or update policies and procedures around breach detection and notification.

2022 was an eventful year for privacy law in Canada. The Canadian privacy landscape saw significant changes, as stakeholders at all levels recognized the need to keep up with a data-driven world. This article summarizes the top five recent developments that businesses and stakeholders should be aware of.