CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Tag Archives: privacy

U.S. Consumer Protection Regulator Consults on Use of Alternative Credit Data

Posted in Big Data, Financial, FinTech

On February 16, 2017, the U.S. Consumer Financial Protection Bureau (the “CFPB”) issued a Request for Information (“RFI”) seeking feedback from the public on the use or potential use of alternative data and methodologies to assess consumer credit risk, thereby expanding access to credit for credit invisible segments of the population. Presently, most lenders make… → Read More

Genetic Discrimination Bill One Step Closer to Becoming Law

Posted in Legislation, Privacy

On March 8, 2017 Liberal backbench MPs united with opposition parties to pass Bill S-201, an act to prohibit and prevent genetic discrimination. As noted in this prior Cyberlex post, Bill S-201 follows the enactment of legislation in the United States and United Kingdom and protects individuals from the involuntary disclosure of genetic results. Specifically,… → Read More

Cyberbullying & Revenge Porn: An Update on Canadian Law

Posted in Privacy

The current nature of social media and, more broadly, the Digital Age, continues to create challenges for legislators and law enforcement officials alike. One such challenge arises in the cyberbullying context, where intimate (or otherwise private) images are uploaded to the Internet. These files can be copied, forwarded and shared instantaneously, making them seemingly impossible… → Read More

Bill S-201 and the Protection Against Genetic Discrimination.

Posted in Discrimination, Employment, Legislation, Privacy

You have done testing to determine whether you have a genetic predisposition to certain medical conditions. The results come back: You do. This is important information for you and your doctor to make more informed decisions about your health care.  But now that you know, are there circumstances in which you should be required to… → Read More

The New U.S. Executive Order: Effects on Canadian Privacy Laws and Cross Border Data Transfers

Posted in Privacy

President Donald J. Trump’s executive order issued January 25, 2017, contained one little paragraph with big words about Canadians’—and other non-U.S. citizens’—privacy: Sec. 14.  Privacy Act.  Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections… → Read More

PIPEDA’s global extra-territorial jurisdiction: A.T. v. Globe24h.com

Posted in Privacy

The Federal Court of Canada released a landmark decision finding that the court has the jurisdiction to make an extra-territorial order with world-wide effects against a foreign resident requiring the foreign person to remove documents containing personal information about a Canadian citizen that violates the person’s rights under Canada’s privacy law, the Personal Information Protection… → Read More

Is There a Duty of Device Security? U.S. Regulator Fires Warning Shot Over Obligations of IoT Manufacturers

Posted in Internet of Things, Privacy

A complaint filed by the U.S. Federal Trade Commission (the “FTC”) against D-Link Corporation, a Taiwanese computer networking equipment manufacturer, and its U.S. subsidiary (collectively, “D-Link”) is raising questions about the extent of responsibility that networking equipment manufacturers may have for the security of their products, and how much of that responsibility rests with consumers… → Read More

McCarthy Tétrault Celebrates Data Privacy Day, 2017 With New Cybersecurity Risk Guide

Posted in Cybersecurity, Privacy

In celebration of Data Privacy Day, McCarthy Tétrault is pleased to launch the 2017 edition of our newly designed online Cybersecurity Risk Management Guide, to help clients manage data risks in a quickly evolving business environment.  Data Privacy Day, celebrated on January 28, 2017, is an opportunity for businesses to review privacy and data protection policies,… → Read More

Fintech Regulatory Developments: 2016 Year in Review

Posted in FinTech

This year was a tremendously active year for Fintech in Canada and internationally, and 2017 promises to be even more so.  In the Fall of 2016, we co-authored a comprehensive report together with the Digital Finance Institute, “FinTech in Canada: British Columbia Edition” on the state of the Canadian Fintech ecosystem, highlighting a number of… → Read More

Supreme Court Renders Landmark Privacy decision in Royal Bank of Canada v. Trang

Posted in Privacy

The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada’s federal privacy law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”), should be interpreted. In Royal Bank of Canada v. Trang, 2016 SCC 50, the Court ruled that courts can use their inherent jurisdiction to make orders permitting… → Read More

Chatbots, Open Data and Sandboxes: Trending Topics from the 2016 Money20/20 Conference

Posted in AI and Machine Learning, Financial, FinTech, Mobile Payments, Privacy

With 10,000+ attendees, including more than three thousand companies from seventy-five countries, Money20/20 is the largest annual global event focusing on payments and financial services innovation. The 2016 conference in Las Vegas this October featured a packed agenda of talks by industry and thought leaders on a broad range of current and emerging Fintech issues,… → Read More

Impacts of Artificial Intelligence Remain Grey Areas, says White House Report

Posted in AI and Machine Learning, Cybersecurity, Privacy

Earlier this month the Executive Office of the President’s National Science and Technology Council (the “NTSC”) released a report entitled Preparing for the Future of Artificial Intelligence. The report surveys the current state of artificial intelligence (“AI”). The NTSC foretells of a future where AI technologies play a growing role in society – opening up… → Read More

Still Good Enough? Amendment to EC Decision on “adequacy” of Canadian Privacy Law in the Works

Posted in European Union, Legislation, Privacy

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states. Readers of this blog will be aware that European privacy law has been in flux in the wake of the Schrems decision, which struck down… → Read More

No Waiver of Privilege for Contractor Emails on Company Account

Posted in E-Discovery, Privacy

Can a company which provides a corporate e-mail account to a contractor, and then gets into a legal dispute with that contractor, use the contractor’s emails in that corporate account in the litigation? The answer appears to be no, in certain circumstances. The Facts A company engaged a contractor who provided it with certain services, and in this… → Read More

Canada-EU Agreement to Share Air Travellers’ Data Doesn’t Fly

Posted in European Union, Privacy

An agreement between Canada and the European Union over the sharing of air passengers’ personal information failed to pass muster in the European Court of Justice because Canada was found to have inadequate privacy protections.  On September 8, 2016, the Court of Justice of the European Union (“CJEU“)  issued an  Opinion on the consistency of Canada… → Read More

Monetizing Data: Seizing Opportunities, Managing Risk – – Please Join Us Wednesday, September 28, 2016 for a McCarthy Tétrault Advance™ Seminar

Posted in Big Data, Privacy

Collect all the data. Store all the data. Once you’ve got a massive reservoir of data, you’ll be able to answer all the questions the business wants to ask, right? Bonus: Anonymize the data, package it all and sell it (or insights from it), thereby driving revenue and leapfrogging over the competition. Not so fast…. → Read More

Insurance Company’s “formal dispute resolution process” Not Formal Enough to Avoid PIPEDA Access Request

Posted in Legislation, Privacy

Background The Office of the Privacy Commissioner of Canada (“OPC”) investigated a complaint made to its Office after an insurance company refused to provide a policyholder access to her personal information relating to a joint home insurance policy she held with her husband. The policyholder had made her original request for access pursuant to the… → Read More

When Loose Lips Will (or Will Not) Sink Ships: Privilege, Privacy and Wilfulness

Posted in Privacy, Privacy Act

The Background On July 26th, 2016, the Supreme Court of British Columbia released an interesting decision that addresses questions regarding: (1) the scope of privilege that applies to work done by lawyers in relation to judicial proceedings; and (2)  the interpretation of BC’s Privacy Act with respect to the requirements of “wilfulness” In Duncan v…. → Read More

Payments Association Adopts Biometric Verification Specification

Posted in Authentication

The Payments Association of South Africa (“PASA”), the payments system management body of that country, recently announced a new biometric verification specification, which is set to become the standard for biometric payments throughout South Africa. The new specification will facilitate biometric authentication on payment cards. Visa and Mastercard are partners in the initiative. Typically, biometric authentication… → Read More

BC Government Explores Smartphone App for ID Authentication

Posted in Authentication, FinTech

According to media reports, the B.C. government is developing a new smartphone app that will one day allow people access to secure government websites, services and databases simply by tapping their new Services Card to their smartphones in order to authenticate their identity. The new chip-enabled Services Cards recently rolled out by the B.C. government… → Read More

If you don’t got it, don’t flaunt it: FTC Issues Warnings to Companies Claiming APEC Privacy Certification

Posted in Privacy, Regulatory Compliance, Standards

The United States Federal Trade Commission (“FTC”) has issued warning letters to 28 companies claiming  to be certified participants in the Asia-Pacific Economic Cooperative (“APEC”) Cross-Border Privacy Rules (“CBPR”) system. This is an important reminder for companies, including Canadian companies, that the use of international certifications  is something in which regulators take a keen interest. Background… → Read More

EU-US Privacy Shield Adopted: Now What?

Posted in European Union, Legislation, Privacy

On July 12, 2016, the European Commission formally issued its adequacy decision endorsing the EU-US Privacy Shield, following the approval of the deal by the Article 31 Committee on July 8.  Although the European adequacy decision has immediate effect, U.S. organizations will not be able to take advantage of the Privacy Shield until the U.S…. → Read More