Legacy software poses an increasing data security risk to corporations, argues Lisa Lifshitz
How not to deck the halls with boughs of folly when smart shopping, writes Lisa Lifshitz
Office of the Privacy Commissioner’s blog post describes data breaches, numbers and trends
Open source status quo is challenged by developers unsatisfied with current state of ethics, writes Lisa Lifshitz
Lisa Lifshitz writes California’s new privacy law may be new benchmark for similar laws across the U.S
The calm of the lazy, hazy July summer was recently shattered by two announcements from the U.K. Information Commissioner’s Office that sent a shiver down the spine of many companies. Demonstrating that Europe’s privacy regulators are not afraid to flex their muscles and use their authority to levy significant financial penalties to drive compliance with the EU General Data Protection Regulation, the ICO’s proclamation of its intention to levy significant fines against British Airways and Marriott International, Inc. showcases the truly incredible power of increased financial penalties under this law.
Arguably, all lawyers should understand basic information security practices and ensure they have reasonable policies and measures in place to protect client data against intrusion.
On April 5, 2019, the Canadian Centre for Cyber Security released the Baseline Cyber Security Controls for Small and Medium Organizations intended to assist small and medium organizations in Canada that want recommendations to improve their cyber security resiliency.
As a general rule, we all know it is not a good idea to scrape content from a website, yet some companies persist in this behaviour contrary to law and best practice.
The Equifax decision and related compliance agreement between the OPC and Equifax Canada that that sets out detailed timelines for various corrective measures to be put in place by Equifax Canada regarding consent, safeguards and accountability in addition to six years of third party audits, offers a treasure trove of practical lessons for organizations looking to comply with the Personal Information Protection and Electronic Documents Act (as well as some surprises).