CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Tag Archives: cybersecurity

Three Cybersecurity Trends Driving the Bank of Canada’s Call for Cybersecurity to be Treated as a ‘Public Good’

Posted in Cybersecurity, Financial

The June 2017 Financial System Review released by the Bank of Canada warns that Canada’s financial institutions have reached a point of interconnectedness that could allow a cyber-attack to rapidly transmit stress throughout Canada’s financial system, leading to prolonged service interruption, compromised data integrity or a loss of confidence in the financial system. Such an attack… → Read More

European Banking Authority Responds to European Commission Public Consultation on Fintech: Potential Takeaways for Canada

Posted in AI and Machine Learning, Big Data, Cybersecurity, Financial, FinTech

In March 2017, the European Commission issued a public consultation document on Fintech.  The goal of the European Commission (EC) document is to further the objective of a digital single market within Europe.  This will be done by supporting the development of digital infrastructure,  improving access to goods and services, and ensuring rules foster technological… → Read More

Lenovo and Superfish: Proposed Class Action Proceeds on Privacy Tort and Statutes

Posted in Cybersecurity, Internet of Things, Privacy

A recent privacy decision regarding pre-installed software on laptops may have implications for companies operating not only in the traditional hardware space, but for those companies venturing into the burgeoning “Internet of Things” ecosystem. In short, an Ontario court declined to strike the common law and statutory privacy claims, suggesting that courts are at least… → Read More

U.S. Federal Insurance Office Issues Report Addressing InsurTech and Traditional Insurance

Posted in Big Data, Cybersecurity, Discrimination, FinTech

The Federal Insurance Office, U.S. Department of the Treasury (“FIO”) released its first annual Report on Protection of Consumers and Access to Insurance (the “Report”). The Report reviews developments and concerns relating to five insurance issues: technology; environmental hazards; fairness in insurance practices; fairness in state insurance standards; and retirement and related issues. The Report… → Read More

McCarthy Tétrault Celebrates Data Privacy Day, 2017 With New Cybersecurity Risk Guide

Posted in Cybersecurity, Privacy

In celebration of Data Privacy Day, McCarthy Tétrault is pleased to launch the 2017 edition of our newly designed online Cybersecurity Risk Management Guide, to help clients manage data risks in a quickly evolving business environment.  Data Privacy Day, celebrated on January 28, 2017, is an opportunity for businesses to review privacy and data protection policies,… → Read More

US Federal Regulators Propose Binding Rules to Enhance Banks’ Cybersecurity Practices

Posted in Cybersecurity

On October 19, 2016, three US financial regulators – the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation (collectively, the “Agencies”) – issued a joint Advance Notice of Proposed Rulemaking (“ANPR”) seeking comments by all stakeholders on enhanced cyber risk management… → Read More

What If You “Lost” Your Fingerprint?

Posted in Authentication, Cybersecurity, FinTech

Biometric authentication is becoming increasingly common. Smart phones and computers use it, banks have started to use it (in India, Yes bank unveiled its iris scan-enabled point of sale solution; in the US, Bank of America allows fingerprint authentication to log onto its mobile banking app; in Canada, TD Bank uses voice recognition to identify… → Read More

Impacts of Artificial Intelligence Remain Grey Areas, says White House Report

Posted in AI and Machine Learning, Cybersecurity, Privacy

Earlier this month the Executive Office of the President’s National Science and Technology Council (the “NTSC”) released a report entitled Preparing for the Future of Artificial Intelligence. The report surveys the current state of artificial intelligence (“AI”). The NTSC foretells of a future where AI technologies play a growing role in society – opening up… → Read More

IIROC Issues Cybersecurity Report Cards to Dealer Firms

Posted in Cybersecurity, Regulatory Compliance

IIROC is providing all dealer member firms it regulates (Firms) with a confidential cybersecurity “report card” that will include: an individual assessment of the Firm’s cybersecurity preparedness program a comparison of the Firm’s cybersecurity practices against the industry and other Firms of similar size and business model a list of cybersecurity areas to which the… → Read More

CSA Issues New Guidance on Cybersecurity

Posted in Cybersecurity, Regulatory Compliance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (“CSA“) issued CSA Staff Notice 11-332 – Cyber Security (the “2016 Notice”).  The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security (the “2013 Notice”) for reporting… → Read More

NY State Introduces Cybersecurity Regulations for Financial Services: Implications for Canadian Business

Posted in Cybersecurity, Financial, FinTech, Legislation, Regulatory Compliance

The New York State Department of Financial Services announced its  first state-level regulation for cybersecurity. The proposed regulation would apply to regulated banks, insurance companies, and other financial services institutions and has implications for Canadian organizations doing business with these entities. On September 13, 2016, the New York State Department of Financial Services (“DFS“) announced a… → Read More

Public Safety Canada calls for Submissions on New National Cybersecurity Strategy

Posted in Cybersecurity

On August 16, 2016, Public Safety Canada (“PSC”) issued a consultation paper, launching a public consultation as part of PSC’s development of an updated national cybersecurity strategy (the “Consultation Paper”). The consultation will close on October 15, 2016. Business may want to consider making submissions in respect of some key questions posed around possible regulation… → Read More

Cybersecurity Best Practices for Connected Cars Released

Posted in Cybersecurity, Internet of Things, Standards, Telematics

It has been predicted that by 2020, there will be a quarter billion connected vehicles on the road with connected capabilities; Tesla founder Elon Musk is even more aggressive, predicting fully autonomous vehicles on the roads within two years.  However, some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These… → Read More

Mutual Fund Dealers Association of Canada releases Cyber Risk Management Guidance

Posted in Cybersecurity, Financial, Regulatory Compliance

Earlier last month, the Mutual Fund Dealers Association of Canada (MFDA) released a bulletin providing guidance on cybersecurity and cyber risk management for mutual fund distributors. The goal of the bulletin is to increase awareness for cyber vulnerabilities and to provide guidance for developing and implementing internal cybersecurity policies. The bulletin emphasizes the importance of… → Read More

IOSCO releases “Cyber Security in Securities Market” Report

Posted in Cybersecurity, Regulatory Compliance

The Board of the International Organization of Securities Commissions (IOSCO) released last month the report on its cyber risk coordination efforts.  The goal of the report is to provide an overview of the regulatory issues and challenges faced by various segments of the securities markets, in particular reporting issuers, market intermediaries and asset managers, and… → Read More

S3nd Us teH MoNey: Ransomware Advisory Issued for Canadian Companies

Posted in Criminal, Cybersecurity

Ransomware attacks, in which hackers encrypt all the files on a computer and threaten to delete them unless a ransom is paid, are becoming increasingly common. Disturbingly, they are often successful. Recent victims include individuals like the woman who paid Ukrainian hackers $500 in Bitcoins to prevent them from deleting her husband’s financial statements (and… → Read More

Bank Robbery 2.0: SWIFT Issues Cybersecurity Warning Following Bangladesh Central Bank Theft

Posted in Cybersecurity, Data Breach, Financial

In the wake of a cyberattack in which over $850 million worth of transactions were affected and which implicated the security measures of major banking institutions on several continents, banks were reminded to review and follow their security measures. While Canadian financial institutions were not directly affected, the event (and the subsequent warning) serves as… → Read More

U.S. Online Payment Processor Dwolla Fined $100,000 for Misrepresenting Data Security Practices: Lessons for Canadian Companies

Posted in Cybersecurity, Payments, Regulatory Compliance

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. What is particularly notable is that there was no evidence that… → Read More

Cyberattacks on Infrastructure Continue with no Sign of Slowing Down

Posted in Cybersecurity

Utilities and power producers have an additional business risk that may need to be reprioritized. While there has been a long standing concern of possible cyberattacks against critical infrastructure, the energy industry has been relatively unscathed. Recently, however, there have been various reports of successful attacks worldwide. The Washington Post reported the first known incident… → Read More

Canadian Board Members and Cyber Expertise: New U.S. Bill Proposes Board Level Cybersecurity Expertise – Could Canada Move in the Same Direction?

Posted in Cybersecurity, Governance

Lawmakers south of the border are seeking to force public issuers to disclose cybersecurity expertise at the board level in an effort to improve cybergovernance as the number of reported cyber risk incidents continues to climb. While the Canadian approach to date has been different, Canadian regulators have made clear their expectations that board-level involvement… → Read More

IIROC Releases Two Cybersecurity Resources: Best Practices Guide and Incident Planning Guide

Posted in Cybersecurity, Regulatory Compliance

Last week, the Investment Industry Regulatory Organization of Canada (“IIROC“) published two detailed guides to help IIROC-regulated firms protect themselves and their clients against cyber threats and attacks.  The creation of these guides was telegraphed at the beginning of the year  in IIROC’s annual consolidated compliance report for 2014/2015, released January 27, 2015, and underline IIROC’s increased focus… → Read More

From Government Surveillance to Federal Data Breaches: Privacy Commissioner Tables Annual Report

Posted in Cybersecurity, Data Breach, Privacy, Uncategorized

On December 10, 2015, the Annual Report of the Office of the Privacy Commissioner (“OPC”) on the Privacy Act for 2014-2015 was tabled in Parliament.  The Annual Report provides details on privacy trends and investigations involving Canadian federal departments for the past year. Strategic Privacy Priorities Identified In his opening message, Privacy Commissioner Daniel Therrien… → Read More

The New York Department of Financial Services Proposes Cybersecurity Regulations

Posted in Cybersecurity, Financial

  The New York Department of Financial Services (“DFS”) had announced in March of 2015 that as part of its plan to address a possible Cyber 9/11, it would revamp examinations of banks and insurance companies to incorporate new, targeted assessments of cybersecurity preparedness, and would consider steps to address the cybersecurity of third-party vendors…. → Read More