On May 24, Canada’s federal privacy regulator, the Office of the Privacy Commissioner, released a critical interpretation document intended to guide how companies subject to the federal private sector privacy act, the Personal Information Protection and Electronic Documents Act, will be allowed to collect, use and disclose personal information, as viewed from the perspective of the reasonable person.
Artificial intelligence and the Internet of Things are hot subjects (and buzzwords) for lawyers in 2018. Beyond the hype, however, lies a plethora of legal and business issues.
You could well be excused for not noticing the recent passage of the U.S. Clarifying Lawful Overseas Use of Data Act on March 23, 2018. Better known by its catchy acronym, the Cloud Act, the law was tacked on to the 2,232-page, US$1.3-trillion omnibus budget bill one day ahead of its vote and was signed into law by President Donald Trump without the benefit of the usual congressional scrutiny, hearings or significant public debate.
Whether because of nostalgia, a desire to save costs, ignorance, concerns of business interruption or sheer laziness, there have been countless stories in the press demonstrating that companies and individuals continue to use outdated versions of various critical software programs, including those that connect to the internet.
A recent decision from the Office of the Privacy Commissioner of Canada has provided some useful guidance in connection with minimum security standards required for Internet of Things/web-connected devices, particularly those that collect personal information and data from children.
Well, it’s awards season again. With the Golden Globes just passed and the Oscars to come, I present to you my nominations for the most egregious practices that I have observed in technology vendors’ statements of work in 2017.
Recently, the freshly minted Cyber Unit of the United States Securities and Exchange Commission showed its teeth when it obtained an emergency court order to stop an allegedly fraudulent Initial Coin Offering involving a Quebec-based company, PlexCorps, its founder Dominic Lacroix and his partner, Sabrina Paradis-Royer.
As autonomous car technology advances, privacy concerns relating to these vehicles are also growing given that these cars will be capable of recording a tremendous amount of data about (and from) their users and the environment around them.
Ramsomware is not new — it has been around since the early 1990s — but what is new is the increasing threat posed by the efficiencies of a cloud-based delivery system known as ransomware as a service.
It’s been a long wait. More than two years have passed since Ottawa amended Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act, by enacting Bill S-4, the Digital Privacy Act, to establish mandatory data breach reporting requirements. Yet, ss. 10.1 through 10.3, the provisions outlining the obligations for breach reporting and notification, still are not in force pending the creation of necessary regulations.