CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Tag Archives: Privacy Commissioner of Canada

Lawful Access: The Privacy Commissioner Reiterates its Position

Posted in Criminal, Legislation, Privacy

One of the challenging aspects of PIPEDA in recent years has been the new section 7(3)(c.1)(ii), which permits organisations to disclosure personal information to a government institution that has requested the disclosure for the purpose of law enforcement and has stated its “lawful authority” for the request. Organizations faced with such a request almost always… → Read More

Defending a Lawsuit is Not a “Commercial Activity” Under Privacy Legislation

Posted in Privacy

In a case dating back to 2016 but just recently published, the Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff’s personal information for the purpose of defending against a civil lawsuit is not a “commercial activity” and, as such, the Personal Information Protection and Electronic Documents Act,… → Read More

PIPEDA’s global extra-territorial jurisdiction: A.T. v. Globe24h.com

Posted in Privacy

The Federal Court of Canada released a landmark decision finding that the court has the jurisdiction to make an extra-territorial order with world-wide effects against a foreign resident requiring the foreign person to remove documents containing personal information about a Canadian citizen that violates the person’s rights under Canada’s privacy law, the Personal Information Protection… → Read More

Is There a Duty of Device Security? U.S. Regulator Fires Warning Shot Over Obligations of IoT Manufacturers

Posted in Internet of Things, Privacy

A complaint filed by the U.S. Federal Trade Commission (the “FTC”) against D-Link Corporation, a Taiwanese computer networking equipment manufacturer, and its U.S. subsidiary (collectively, “D-Link”) is raising questions about the extent of responsibility that networking equipment manufacturers may have for the security of their products, and how much of that responsibility rests with consumers… → Read More

Supreme Court Renders Landmark Privacy decision in Royal Bank of Canada v. Trang

Posted in Privacy

The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada’s federal privacy law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”), should be interpreted. In Royal Bank of Canada v. Trang, 2016 SCC 50, the Court ruled that courts can use their inherent jurisdiction to make orders permitting… → Read More

Monetizing Data: Seizing Opportunities, Managing Risk – – Please Join Us Wednesday, September 28, 2016 for a McCarthy Tétrault Advance™ Seminar

Posted in Big Data, Privacy

Collect all the data. Store all the data. Once you’ve got a massive reservoir of data, you’ll be able to answer all the questions the business wants to ask, right? Bonus: Anonymize the data, package it all and sell it (or insights from it), thereby driving revenue and leapfrogging over the competition. Not so fast…. → Read More

Insurance Company’s “formal dispute resolution process” Not Formal Enough to Avoid PIPEDA Access Request

Posted in Legislation, Privacy

Background The Office of the Privacy Commissioner of Canada (“OPC”) investigated a complaint made to its Office after an insurance company refused to provide a policyholder access to her personal information relating to a joint home insurance policy she held with her husband. The policyholder had made her original request for access pursuant to the… → Read More

Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations

Posted in Data Breach, Legislation, Privacy, Regulatory Compliance

The Office of the Privacy Commissioner of Canada (“OPC“) has provided its views on the data breach reporting and notification requirements that are soon to be prescribed by regulation under the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (“PIPEDA“). On June 18, 2015, the Digital Privacy Act (also known as Bill S-4)… → Read More

Deadline for Privacy Consent Submissions Extended to July 31, 2016

Posted in Privacy

On May 11, 2016, Privacy Commissioner Daniel Therrien announced the Office of the Privacy Commissioner of Canada (“OPC”) would seek public input on the issue of how Canadians can give meaningful consent to the collection, use and disclosure of their personal information in an increasingly digital age. The OPC has released a discussion paper (“Report”)… → Read More

Privacy Commissioner Seeks Public Input on Consent Model

Posted in Big Data, Internet of Things, Legislation, Privacy

On May 11, 2016, Privacy Commissioner Daniel Therrien announced the Office of the Privacy Commissioner of Canada (“OPC”) would seek public input on the issue of how Canadians can give meaningful consent to the collection, use and disclosure of their personal information in an increasingly digital age. The OPC has released a discussion paper (“Report”)… → Read More

Federal Agency Sanctioned for Private Company’s Actions (or, why there’s one less reality TV show on tonight)

Posted in Privacy, Privacy Act

The Office of the Privacy Commissioner of Canada (“OPC”) has found the Canada Border Services Agency (“CBSA”) responsible for the intrusive actions taken by reality TV producers –  a private sector company – the party that was responsible for obtaining and releasing personal information of a detainee.  While the OPC conceded that the collection of  the detainee’s personal… → Read More

Privacy Commissioner Releases Survey Results on Canadian Businesses

Posted in Data Breach, Privacy

Canadian businesses report increased knowledge of privacy issues, but little progress in implementing privacy policies or  response plans for data breaches – placing them at risk for new enforcement activities and fines. The Office of the Privacy Commissioner of Canada (“OPC“) recently commissioned a telephone survey of 1,016 Canadian companies to find out how Canadian businesses fare… → Read More

Privacy Commissioner Targets IoT Health Devices in Sweep

Posted in Big Data, Internet of Things, Privacy, Telematics, Wearables

What rumours is your fitness tracker spreading about you?  In its latest Internet of Things themed sweep, the Office of the Privacy Commissioner of Canada reviews what personal information is being collected about Canadians by “smart” health and fitness devices. Many of us will remember Time Magazine’s audaciously titled September 2013 issue, which splashed the… → Read More

U.S. Online Payment Processor Dwolla Fined $100,000 for Misrepresenting Data Security Practices: Lessons for Canadian Companies

Posted in Cybersecurity, Payments, Regulatory Compliance

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. What is particularly notable is that there was no evidence that… → Read More

New PIPEDA Data Breach Regulations Proposed

Posted in Data Breach, Privacy

On March 9, 2016 the Department of Innovation, Science and Economic Development Canada released a discussion paper on the new data breach regulations being proposed. The Ministry is accepting public submissions until May 31, 2016 on the proposed Data Breach Notification and Reporting Regulations. Background The Digital Privacy Act (also known as Bill S-4), which… → Read More

From Government Surveillance to Federal Data Breaches: Privacy Commissioner Tables Annual Report

Posted in Cybersecurity, Data Breach, Privacy, Uncategorized

On December 10, 2015, the Annual Report of the Office of the Privacy Commissioner (“OPC”) on the Privacy Act for 2014-2015 was tabled in Parliament.  The Annual Report provides details on privacy trends and investigations involving Canadian federal departments for the past year. Strategic Privacy Priorities Identified In his opening message, Privacy Commissioner Daniel Therrien… → Read More

The Internet of Things: Guidance, Regulation and the Canadian Approach

Posted in Cybersecurity, Internet of Things, Privacy

The Internet of Things (IoT) has been identified as a disruptive technology, bringing with it both the promise of seamless interconnectivity of devices and, the flip side of that interconnectivity, single-point vulnerability of multiple systems. While businesses rush to embrace the technology, the regulators have begun considering the issues raised by it. What is the Internet… → Read More

SCC to Consider Provincial Privacy Commissioner Powers to Compel Production of Privileged Documents

Posted in FIPPA/MFIPPA, Uncategorized

The Supreme Court of Canada is revisiting the issue of whether a privacy commissioner can force disclosure of documents where solicitor-client privilege is asserted. In 2008, the Supreme Court considered a privacy commissioner’s powers under Canada’s federal private sector legislation and concluded (in Canada (Privacy Commissioner) v. Blood Tribe Department of Health, 2008 SCC 44) that the… → Read More

The Privacy Commissioner of Canada Comments on Proposed UAV Regulation

Posted in UAVs

The Office of the Privacy Commissioner of Canada (OPC) released its comments on the notice of proposed amendment (NPA) to the Civil Aviation Regulations published by Transport Canada in the CARAC Activity Reporting Notice, no. 2015-12 (May 28, 2015). The proposed amendment is to develop regulations for unmanned air vehicles (UAVs) (see summary here).The OPC… → Read More

Transparency Reporting Guidelines Released for Businesses

Posted in Privacy

On June 30, 2015, Industry Canada released new federal transparency reporting guidelines developed in consultation with the Office of the Privacy Commissioner of Canada, government departments and industry stakeholders. The guidelines are intended to assist private organizations with reporting to their customers regarding the management and sharing of their customers’ personal information with government (including… → Read More

Businesses Should Re-evaluate Approach to Privacy with Passage of Digital Privacy Act

Posted in Privacy

The Digital Privacy Act (Bill S-4) passed into law yesterday, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy… → Read More

Canada’s Privacy Commissioner Sets Priorities for Next Five Years

Posted in Privacy

Privacy Commissioner Daniel Therrien, speaking to the International Association of Privacy Professionals (IAPP) Canada Privacy Symposium, held May 28, 2015 in Toronto, previewed the four priorities that his office expects to pursue over the next five years.  They are: The economics of personal information; Government surveillance; Reputation and privacy; and The body as personal information. His report… → Read More

Car Infotainment Systems, Fitness Trackers the Focus of Forthcoming Privacy Studies

Posted in Privacy, Telematics, Wearables

This week the Office of the Privacy Commissioner (OPC) announced $440,000 in funding for nine new privacy research projects that will explore emerging and evolving privacy issues. The OPC’s choice of projects telegraphs its areas of interest and can signal future areas of increased activity for the OPC. The resulting research reports often set benchmark privacy expectations for  these… → Read More