Articles 2023

The U.S. National Institute of Standards and Technology recently released version 1.0 of its Artificial Intelligence Risk Management Framework. The goal of the framework is to provide a voluntary, rights-preserving, sector- and use-case agnostic guide for AI actors to implement in order to promote trustworthy and responsible AI systems.

In the wake of various high-profile security breaches, now may be a good time for businesses to re-acquaint themselves with the applicable Canadian statutory framework for the protection of personal information, as well as implement or update policies and procedures around breach detection and notification.

2022 was an eventful year for privacy law in Canada. The Canadian privacy landscape saw significant changes, as stakeholders at all levels recognized the need to keep up with a data-driven world. This article summarizes the top five recent developments that businesses and stakeholders should be aware of.

The Court of Appeal for Ontario recently considered and definitively determined the issue of whether organizations that collect and store personal information about individuals for commercial purposes can be held liable for the tort of “intrusion upon seclusion” if they fail to take adequate steps to protect the information from third-party “hackers”.

Having gained substantial leadership experience as a privacy officer, what follows in this article is the perspective the author gained in these unique and essential roles. Each mandate, while quite different in practice, harvested similar lessons that I believe every practitioner working in the privacy sector should adopt to maximize their effectiveness within their organization. The following are seven key lessons every privacy officer or practitioner should know.

On September 22, 2022, the first set of amendments from Bill 64 will come into force. Although most amendments will come into force in September 2023, below we highlight significant changes in force this September.

Mobile applications have become synonymous with organizations’ outreach initiatives. The recent joint investigation by federal and provincial privacy authorities into the Tim Hortons app emphasizes the need for companies to consider Canadian privacy laws when designing their apps.

Shalom Cumbo-Steinmetz and Alina Butt discuss key takeaways from a recent Divisional Court decision overturning certification in a data breach class action involving private health information.

Ronak Shah and George Boynton Payne discuss a growing trend among organizations to include privacy and data governance metrics and disclosure as part of their environmental, social and governance (ESG) reporting framework, and highlight practical steps an organization can take to move beyond a traditional regulatory compliance approach to privacy and security.