CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Category Archives: Legislation

Subscribe to Legislation RSS Feed

Searches of Electronic Devices at the Canada/US Border

Posted in Legislation, Privacy

The possibility of arbitrary searches of the electronic devices of persons crossing into the US continues to raise concerns among Canadians and, in particular, privacy regulators. Recent statements (and subsequent legislative amendments) are attempting to address some of the legal issues. On June 8, 2017, Daniel Therrien, the Privacy Commissioner of Canada,  sent a follow up… → Read More

Ontario Health Privacy Changes Establish New Breach Notification Requirements

Posted in Legislation, PHIPA

The Ontario Ministry of Health and Long-Term Care intends to ensure that health information custodians (HICs) pay due attention to the personal health information they control by introducing new notification and reporting obligations. If the proposed amendments to O Reg 329/04 under the Personal Health Information Protection Act, 2004 (PHIPA) come into force,[1] notification obligations… → Read More

Lawful Access: The Privacy Commissioner Reiterates its Position

Posted in Criminal, Legislation, Privacy

One of the challenging aspects of PIPEDA in recent years has been the new section 7(3)(c.1)(ii), which permits organisations to disclosure personal information to a government institution that has requested the disclosure for the purpose of law enforcement and has stated its “lawful authority” for the request. Organizations faced with such a request almost always… → Read More

Genetic Discrimination Bill One Step Closer to Becoming Law

Posted in Legislation, Privacy

On March 8, 2017 Liberal backbench MPs united with opposition parties to pass Bill S-201, an act to prohibit and prevent genetic discrimination. As noted in this prior Cyberlex post, Bill S-201 follows the enactment of legislation in the United States and adoption in the United Kingdom of a voluntary code and protects individuals from… → Read More

Bill S-201 and the Protection Against Genetic Discrimination.

Posted in Discrimination, Employment, Legislation, Privacy

You have done testing to determine whether you have a genetic predisposition to certain medical conditions. The results come back: You do. This is important information for you and your doctor to make more informed decisions about your health care.  But now that you know, are there circumstances in which you should be required to… → Read More

Still Good Enough? Amendment to EC Decision on “adequacy” of Canadian Privacy Law in the Works

Posted in European Union, Legislation, Privacy

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states. Readers of this blog will be aware that European privacy law has been in flux in the wake of the Schrems decision, which struck down… → Read More

NY State Introduces Cybersecurity Regulations for Financial Services: Implications for Canadian Business

Posted in Cybersecurity, Financial, FinTech, Legislation, Regulatory Compliance

The New York State Department of Financial Services announced its  first state-level regulation for cybersecurity. The proposed regulation would apply to regulated banks, insurance companies, and other financial services institutions and has implications for Canadian organizations doing business with these entities. On September 13, 2016, the New York State Department of Financial Services (“DFS“) announced a… → Read More

Insurance Company’s “formal dispute resolution process” Not Formal Enough to Avoid PIPEDA Access Request

Posted in Legislation, Privacy

Background The Office of the Privacy Commissioner of Canada (“OPC”) investigated a complaint made to its Office after an insurance company refused to provide a policyholder access to her personal information relating to a joint home insurance policy she held with her husband. The policyholder had made her original request for access pursuant to the… → Read More

EU-US Privacy Shield Adopted: Now What?

Posted in European Union, Legislation, Privacy

On July 12, 2016, the European Commission formally issued its adequacy decision endorsing the EU-US Privacy Shield, following the approval of the deal by the Article 31 Committee on July 8.  Although the European adequacy decision has immediate effect, U.S. organizations will not be able to take advantage of the Privacy Shield until the U.S…. → Read More

Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations

Posted in Data Breach, Legislation, Privacy, Regulatory Compliance

The Office of the Privacy Commissioner of Canada (“OPC“) has provided its views on the data breach reporting and notification requirements that are soon to be prescribed by regulation under the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (“PIPEDA“). On June 18, 2015, the Digital Privacy Act (also known as Bill S-4)… → Read More

Privacy Commissioner Seeks Public Input on Consent Model

Posted in Big Data, Internet of Things, Legislation, Privacy

On May 11, 2016, Privacy Commissioner Daniel Therrien announced the Office of the Privacy Commissioner of Canada (“OPC”) would seek public input on the issue of how Canadians can give meaningful consent to the collection, use and disclosure of their personal information in an increasingly digital age. The OPC has released a discussion paper (“Report”)… → Read More

EU’ve Got Mail: European Commission Seeks Input on Electronic Communications Rules

Posted in European Union, Legislation

Technological advances and the advent of the EU General Data Protection Regulation (“GDPR”) prompted the European Commission (“Commission”) to update the EU’s Privacy and Electronic Communications  Directive. The recommendations made to it last summer suggest  wide-ranging changes are likely, including to rules on the use of cookies, direct digital marketing and on the processing of… → Read More

Multi-use Personal ID Cards: Does Convenience Trump Privacy?

Posted in Big Data, Legislation, Privacy

On January 11, 2016, Manitoba announced its approval of an all-in-one personal identification card (PIC). The PIC will offer Manitobans a combined driver’s licence, photo ID, Personal Health Identification Number (PHIN) and travel document as early as fall 2017.[1] While the consolidation of identification into one location is a blessing for consumers, it raises privacy concerns… → Read More

Europe’s Top Court Invalidates ‘Safe Harbour’ Data Transfer Framework

Posted in European Union, Legislation, Privacy

On October 6, 2015, the Court of Justice of the European Union (“CJEU”) declared that the US-EU Safe Harbour framework is invalid, striking it down in the highly anticipated case of Schrems v. Data Protection Commissioner. The decision is effective immediately, with far-reaching and widespread implications for entities with multinational data flows. Since EU data… → Read More

Domain Name Disputes: What You Need to Know – Part 2

Posted in Legislation

Part 1 of this post provided an overview of the Canadian Internet Registration Authority’s domain name dispute resolution process. Part 2 outlines a similar process available through the World Intellectual Property Organization’s (“WIPO”) Arbitration and Mediation Center. What is WIPO? WIPO is a United Nations agency that provides a global forum for intellectual property services,… → Read More

Domain Name Disputes: What You Need to Know – Part 1

Posted in Legislation

Individuals or businesses may find themselves in a dispute over a domain name, whether as a complainant or the registered owner of the domain name. Depending on the parties involved and where the domain name is registered, two potential avenues for domain name dispute resolution are through: (1) the Canadian Internet Registration Authority (“CIRA”), and… → Read More

Grievors May Be Publicly Identified Despite Privacy Legislation

Posted in Employment, Legislation

Employers will welcome the recent decision by the British Columbia Court of Appeal that the province’s Personal Information Protection Act (PIPA) does not prohibit the public identification of grievors and witnesses in arbitral decisions. Context In grieving the dismissal of a truck driver from his employment, the United Food & Commercial Workers, Local 1518 had… → Read More

New Cybersecurity Legislation in Federal Budget

Posted in Cybersecurity, Legislation

The budget announced by the federal government yesterday promises action on a long standing commitment to improve and enhance cybersecurity in Canada.  The new initiatives, including investment to secure cyber infrastructure and the introduction of new cybersecurity legislation imposing cybersecurity obligations on operators of “vital cyber systems”, should change the cybersecurity landscape in Canada for… → Read More