CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Lenovo and Superfish: Proposed Class Action Proceeds on Privacy Tort and Statutes

Posted in Cybersecurity, Internet of Things, Privacy

A recent privacy decision regarding pre-installed software on laptops may have implications for companies operating not only in the traditional hardware space, but for those companies venturing into the burgeoning “Internet of Things” ecosystem. In short, an Ontario court declined to strike the common law and statutory privacy claims, suggesting that courts are at least… → Read More

U.S. Federal Insurance Office Issues Report Addressing InsurTech and Traditional Insurance

Posted in Big Data, Cybersecurity, Discrimination, FinTech

The Federal Insurance Office, U.S. Department of the Treasury (“FIO”) released its first annual Report on Protection of Consumers and Access to Insurance (the “Report”). The Report reviews developments and concerns relating to five insurance issues: technology; environmental hazards; fairness in insurance practices; fairness in state insurance standards; and retirement and related issues. The Report… → Read More

McCarthy Tétrault Celebrates Data Privacy Day, 2017 With New Cybersecurity Risk Guide

Posted in Cybersecurity, Privacy

In celebration of Data Privacy Day, McCarthy Tétrault is pleased to launch the 2017 edition of our newly designed online Cybersecurity Risk Management Guide, to help clients manage data risks in a quickly evolving business environment.  Data Privacy Day, celebrated on January 28, 2017, is an opportunity for businesses to review privacy and data protection policies,… → Read More

US Federal Regulators Propose Binding Rules to Enhance Banks’ Cybersecurity Practices

Posted in Cybersecurity

On October 19, 2016, three US financial regulators – the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation (collectively, the “Agencies”) – issued a joint Advance Notice of Proposed Rulemaking (“ANPR”) seeking comments by all stakeholders on enhanced cyber risk management… → Read More

What If You “Lost” Your Fingerprint?

Posted in Authentication, Cybersecurity, FinTech

Biometric authentication is becoming increasingly common. Smart phones and computers use it, banks have started to use it (in India, Yes bank unveiled its iris scan-enabled point of sale solution; in the US, Bank of America allows fingerprint authentication to log onto its mobile banking app; in Canada, TD Bank uses voice recognition to identify… → Read More

Impacts of Artificial Intelligence Remain Grey Areas, says White House Report

Posted in AI and Machine Learning, Cybersecurity, Privacy

Earlier this month the Executive Office of the President’s National Science and Technology Council (the “NTSC”) released a report entitled Preparing for the Future of Artificial Intelligence. The report surveys the current state of artificial intelligence (“AI”). The NTSC foretells of a future where AI technologies play a growing role in society – opening up… → Read More

IIROC Issues Cybersecurity Report Cards to Dealer Firms

Posted in Cybersecurity, Regulatory Compliance

IIROC is providing all dealer member firms it regulates (Firms) with a confidential cybersecurity “report card” that will include: an individual assessment of the Firm’s cybersecurity preparedness program a comparison of the Firm’s cybersecurity practices against the industry and other Firms of similar size and business model a list of cybersecurity areas to which the… → Read More

McCarthy Tétrault Advance™: 6th Annual Privacy Law Update (Nov. 2, 2016)

Posted in Cybersecurity, Data Breach, Privacy

Returning for a 6th year, our Annual Privacy Law Update will review what’s new in privacy law. This year’s focus is on the ‘hot button’ issue of employees – snooping, unauthorized access, misconduct and employee-caused breaches. As you have come to expect, this session will provide practical advice for navigating both common and complex privacy… → Read More

CSA Issues New Guidance on Cybersecurity

Posted in Cybersecurity, Regulatory Compliance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (“CSA“) issued CSA Staff Notice 11-332 – Cyber Security (the “2016 Notice”).  The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security (the “2013 Notice”) for reporting… → Read More

NY State Introduces Cybersecurity Regulations for Financial Services: Implications for Canadian Business

Posted in Cybersecurity, Financial, FinTech, Legislation, Regulatory Compliance

The New York State Department of Financial Services announced its  first state-level regulation for cybersecurity. The proposed regulation would apply to regulated banks, insurance companies, and other financial services institutions and has implications for Canadian organizations doing business with these entities. On September 13, 2016, the New York State Department of Financial Services (“DFS“) announced a… → Read More

Public Safety Canada calls for Submissions on New National Cybersecurity Strategy

Posted in Cybersecurity

On August 16, 2016, Public Safety Canada (“PSC”) issued a consultation paper, launching a public consultation as part of PSC’s development of an updated national cybersecurity strategy (the “Consultation Paper”). The consultation will close on October 15, 2016. Business may want to consider making submissions in respect of some key questions posed around possible regulation… → Read More

Cybersecurity Best Practices for Connected Cars Released

Posted in Cybersecurity, Internet of Things, Standards, Telematics

It has been predicted that by 2020, there will be a quarter billion connected vehicles on the road with connected capabilities; Tesla founder Elon Musk is even more aggressive, predicting fully autonomous vehicles on the roads within two years.  However, some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These… → Read More

Mutual Fund Dealers Association of Canada releases Cyber Risk Management Guidance

Posted in Cybersecurity, Financial, Regulatory Compliance

Earlier last month, the Mutual Fund Dealers Association of Canada (MFDA) released a bulletin providing guidance on cybersecurity and cyber risk management for mutual fund distributors. The goal of the bulletin is to increase awareness for cyber vulnerabilities and to provide guidance for developing and implementing internal cybersecurity policies. The bulletin emphasizes the importance of… → Read More

IOSCO releases “Cyber Security in Securities Market” Report

Posted in Cybersecurity, Regulatory Compliance

The Board of the International Organization of Securities Commissions (IOSCO) released last month the report on its cyber risk coordination efforts.  The goal of the report is to provide an overview of the regulatory issues and challenges faced by various segments of the securities markets, in particular reporting issuers, market intermediaries and asset managers, and… → Read More

S3nd Us teH MoNey: Ransomware Advisory Issued for Canadian Companies

Posted in Criminal, Cybersecurity

Ransomware attacks, in which hackers encrypt all the files on a computer and threaten to delete them unless a ransom is paid, are becoming increasingly common. Disturbingly, they are often successful. Recent victims include individuals like the woman who paid Ukrainian hackers $500 in Bitcoins to prevent them from deleting her husband’s financial statements (and… → Read More

Bank Robbery 2.0: SWIFT Issues Cybersecurity Warning Following Bangladesh Central Bank Theft

Posted in Cybersecurity, Data Breach, Financial

In the wake of a cyberattack in which over $850 million worth of transactions were affected and which implicated the security measures of major banking institutions on several continents, banks were reminded to review and follow their security measures. While Canadian financial institutions were not directly affected, the event (and the subsequent warning) serves as… → Read More

U.S. Online Payment Processor Dwolla Fined $100,000 for Misrepresenting Data Security Practices: Lessons for Canadian Companies

Posted in Cybersecurity, Payments, Regulatory Compliance

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. What is particularly notable is that there was no evidence that… → Read More

Cyberattacks on Infrastructure Continue with no Sign of Slowing Down

Posted in Cybersecurity

Utilities and power producers have an additional business risk that may need to be reprioritized. While there has been a long standing concern of possible cyberattacks against critical infrastructure, the energy industry has been relatively unscathed. Recently, however, there have been various reports of successful attacks worldwide. The Washington Post reported the first known incident… → Read More

Canadian Board Members and Cyber Expertise: New U.S. Bill Proposes Board Level Cybersecurity Expertise – Could Canada Move in the Same Direction?

Posted in Cybersecurity, Governance

Lawmakers south of the border are seeking to force public issuers to disclose cybersecurity expertise at the board level in an effort to improve cybergovernance as the number of reported cyber risk incidents continues to climb. While the Canadian approach to date has been different, Canadian regulators have made clear their expectations that board-level involvement… → Read More

IIROC Releases Two Cybersecurity Resources: Best Practices Guide and Incident Planning Guide

Posted in Cybersecurity, Regulatory Compliance

Last week, the Investment Industry Regulatory Organization of Canada (“IIROC“) published two detailed guides to help IIROC-regulated firms protect themselves and their clients against cyber threats and attacks.  The creation of these guides was telegraphed at the beginning of the year  in IIROC’s annual consolidated compliance report for 2014/2015, released January 27, 2015, and underline IIROC’s increased focus… → Read More

From Government Surveillance to Federal Data Breaches: Privacy Commissioner Tables Annual Report

Posted in Cybersecurity, Data Breach, Privacy, Uncategorized

On December 10, 2015, the Annual Report of the Office of the Privacy Commissioner (“OPC”) on the Privacy Act for 2014-2015 was tabled in Parliament.  The Annual Report provides details on privacy trends and investigations involving Canadian federal departments for the past year. Strategic Privacy Priorities Identified In his opening message, Privacy Commissioner Daniel Therrien… → Read More

Hackable Barbies, malicious POODLEs: PIPEDA compliance and the Internet of Things

Posted in Cybersecurity, Internet of Things

She stands just under a foot tall, has a résumé that includes such storied accomplishments as astronaut, registered nurse, and Presidential candidate.  Whether cropped or worn shoulder-length, her iconic blonde hair has been inspiring popular culture since well before Madonna.  She’s owned more dream homes than most real estate magnates, and earlier last month Barbie… → Read More