Lisa R. Lifshitz

Lisa R. Lifshitz

Lisa R. Lifshitz is a partner in Torkin Manes’ Business Law Group, specializing in technology and privacy law, and is the leader of the firm’s Technology, Privacy and Data Management Group. She has been nationally and internationally recognized for her technology law expertise and enjoys writing and speaking on technology law issues. She is the immediate past president of the Canadian IT Law Association. The views presented here are the author's alone.

She can be reached by email.

A Fine Mess: the U.K. Information Commissioner's Office's proposed GDPR fines

The calm of the lazy, hazy July summer was recently shattered by two announcements from the U.K. Information Commissioner’s Office that sent a shiver down the spine of many companies. Demonstrating that Europe’s privacy regulators are not afraid to flex their muscles and use their authority to levy significant financial penalties to drive compliance with the EU General Data Protection Regulation, the ICO’s proclamation of its intention to levy significant fines against British Airways and Marriott International, Inc. showcases the truly incredible power of increased financial penalties under this law.

Tech competence should be required

Arguably, all lawyers should understand basic information security practices and ensure they have reasonable policies and measures in place to protect client data against intrusion.

Combatting cyber threats: CSE releases new baseline cybersecurity controls

On April 5, 2019, the Canadian Centre for Cyber Security released the Baseline Cyber Security Controls for Small and Medium Organizations intended to assist small and medium organizations in Canada that want recommendations to improve their cyber security resiliency.

Federal Court makes clear: Website scraping is illegal

As a general rule, we all know it is not a good idea to scrape content from a website, yet some companies persist in this behaviour contrary to law and best practice.

The many lessons of the Equifax data breach

The Equifax decision and related compliance agreement between the OPC and Equifax Canada that that sets out detailed timelines for various corrective measures to be put in place by Equifax Canada regarding consent, safeguards and accountability in addition to six years of third party audits, offers a treasure trove of practical lessons for organizations looking to comply with the Personal Information Protection and Electronic Documents Act (as well as some surprises).

United States Federal Trade Commission strikes one for children’s privacy

On Feb. 27, the U.S. Federal Trade Commission announced that operators of the video networking app Musical.ly (now known as TikTok), had agreed to pay US$5.7 million to settle allegations that they had illegally collected personal information from children in violation of the Children’s Online Privacy Act. The order marks the highest civil penalty ever obtained by the FTC in a children’s privacy case.

OSFI unveils new technology and cybersecurity breach requirements

In addition to ensuring their compliance with Canada’s new federal mandatory data breach and breach-of-security-safeguards reporting requirements under the private sector Personal Information Protection and Electronic Documents Act, federally regulated financial institutions will soon have additional regulatory reporting requirements regarding technology and cybersecurity incidents, thanks to a recent Advisory promulgated by The Office of the Superintendent of Financial Institutions.

Dude, where’s my data? The OPC’s privacy guidance to cannabis retailers and purchasers

With much fanfare, recreational cannabis became legal in Canada on October 17, 2018. On December 17, 2018, the Office of the Privacy Commissioner of Canada published preliminary guidance for cannabis retailers and customers regarding the protection of personal information collected during such transactions, including online transactions.

Ethics by design: Canada adopts AI ethics and data protection declaration

Canada has added its voice to the global chorus of data protection and privacy commissioners calling for fairness, transparency and privacy by design as 'core values' in the development of artificial intelligence by co-sponsoring the Declaration on Ethics and Data Protection in Artificial Intelligence.

Security by design: California’s new IoT security laws

On Sept. 28, California became the first U.S. state to specifically regulate the security of connected devices, otherwise known as the Internet of Things or IoT devices.