CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Location of Third-Party’s Server Housing Municipal Data Ordered Disclosed

Posted in Cybersecurity, FIPPA/MFIPPA

Against the backdrop of terrorist attacks, alleged voter fraud and fake news, one would think arguments that the security and integrity of the voting process would be compelling. However, on November 15, 2017 the BC Office of the Information and Privacy Commissioner (“OIPC”) rejected arguments along these lines and ordered the City of Vancouver (“City”)… → Read More

Canadian Securities Administrators Issues Staff Notice providing Cybersecurity and Social Media Guidance

Posted in Cybersecurity

On October 19, 2017, the Canadian Securities Administrators (“CSA”), representing provincial and territorial securities regulators, issued CSA Staff Notice 33-321 – Cyber Security and Social Media (the “Notice”). The Notice serves to publish the results of the CSA’s survey of cybersecurity and social media practices of registered firms dealing in securities, including those registered as… → Read More

Basel Committee on Banking Supervision Issues Consultative Document Highlighting Implications of Fintech on Banks

Posted in AI and Machine Learning, Big Data, Cybersecurity, FinTech, Payments, Privacy

On August 31, the Basel Committee on Banking Supervision (the “BCBS”) published a consultative document on the implications of Fintech for the financial sector. The consultative document was produced by BCBS’s task force mandated with identifying trends in Fintech developments and assessing the implication of those developments on the financial sector. Parts I and II… → Read More

Estonian Blockchain-Based ID Card Security Flaw Raises Issues About Identity

Posted in Cybersecurity, Data Breach, Identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to… → Read More

Three Cybersecurity Trends Driving the Bank of Canada’s Call for Cybersecurity to be Treated as a ‘Public Good’

Posted in Cybersecurity, Financial

The June 2017 Financial System Review released by the Bank of Canada warns that Canada’s financial institutions have reached a point of interconnectedness that could allow a cyber-attack to rapidly transmit stress throughout Canada’s financial system, leading to prolonged service interruption, compromised data integrity or a loss of confidence in the financial system. Such an attack… → Read More

European Banking Authority Responds to European Commission Public Consultation on Fintech: Potential Takeaways for Canada

Posted in AI and Machine Learning, Big Data, Cybersecurity, Financial, FinTech

In March 2017, the European Commission issued a public consultation document on Fintech.  The goal of the European Commission (EC) document is to further the objective of a digital single market within Europe.  This will be done by supporting the development of digital infrastructure,  improving access to goods and services, and ensuring rules foster technological… → Read More

Lenovo and Superfish: Proposed Class Action Proceeds on Privacy Tort and Statutes

Posted in Cybersecurity, Internet of Things, Privacy

A recent privacy decision regarding pre-installed software on laptops may have implications for companies operating not only in the traditional hardware space, but for those companies venturing into the burgeoning “Internet of Things” ecosystem. In short, an Ontario court declined to strike the common law and statutory privacy claims, suggesting that courts are at least… → Read More

U.S. Federal Insurance Office Issues Report Addressing InsurTech and Traditional Insurance

Posted in Big Data, Cybersecurity, Discrimination, FinTech

The Federal Insurance Office, U.S. Department of the Treasury (“FIO”) released its first annual Report on Protection of Consumers and Access to Insurance (the “Report”). The Report reviews developments and concerns relating to five insurance issues: technology; environmental hazards; fairness in insurance practices; fairness in state insurance standards; and retirement and related issues. The Report… → Read More

McCarthy Tétrault Celebrates Data Privacy Day, 2017 With New Cybersecurity Risk Guide

Posted in Cybersecurity, Privacy

In celebration of Data Privacy Day, McCarthy Tétrault is pleased to launch the 2017 edition of our newly designed online Cybersecurity Risk Management Guide, to help clients manage data risks in a quickly evolving business environment.  Data Privacy Day, celebrated on January 28, 2017, is an opportunity for businesses to review privacy and data protection policies,… → Read More

US Federal Regulators Propose Binding Rules to Enhance Banks’ Cybersecurity Practices

Posted in Cybersecurity

On October 19, 2016, three US financial regulators – the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation (collectively, the “Agencies”) – issued a joint Advance Notice of Proposed Rulemaking (“ANPR”) seeking comments by all stakeholders on enhanced cyber risk management… → Read More

What If You “Lost” Your Fingerprint?

Posted in Authentication, Cybersecurity, FinTech

Biometric authentication is becoming increasingly common. Smart phones and computers use it, banks have started to use it (in India, Yes bank unveiled its iris scan-enabled point of sale solution; in the US, Bank of America allows fingerprint authentication to log onto its mobile banking app; in Canada, TD Bank uses voice recognition to identify… → Read More

Impacts of Artificial Intelligence Remain Grey Areas, says White House Report

Posted in AI and Machine Learning, Cybersecurity, Privacy

Earlier this month the Executive Office of the President’s National Science and Technology Council (the “NTSC”) released a report entitled Preparing for the Future of Artificial Intelligence. The report surveys the current state of artificial intelligence (“AI”). The NTSC foretells of a future where AI technologies play a growing role in society – opening up… → Read More

IIROC Issues Cybersecurity Report Cards to Dealer Firms

Posted in Cybersecurity, Regulatory Compliance

IIROC is providing all dealer member firms it regulates (Firms) with a confidential cybersecurity “report card” that will include: an individual assessment of the Firm’s cybersecurity preparedness program a comparison of the Firm’s cybersecurity practices against the industry and other Firms of similar size and business model a list of cybersecurity areas to which the… → Read More

McCarthy Tétrault Advance™: 6th Annual Privacy Law Update (Nov. 2, 2016)

Posted in Cybersecurity, Data Breach, Privacy

Returning for a 6th year, our Annual Privacy Law Update will review what’s new in privacy law. This year’s focus is on the ‘hot button’ issue of employees – snooping, unauthorized access, misconduct and employee-caused breaches. As you have come to expect, this session will provide practical advice for navigating both common and complex privacy… → Read More

CSA Issues New Guidance on Cybersecurity

Posted in Cybersecurity, Regulatory Compliance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (“CSA“) issued CSA Staff Notice 11-332 – Cyber Security (the “2016 Notice”).  The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security (the “2013 Notice”) for reporting… → Read More

NY State Introduces Cybersecurity Regulations for Financial Services: Implications for Canadian Business

Posted in Cybersecurity, Financial, FinTech, Legislation, Regulatory Compliance

The New York State Department of Financial Services announced its  first state-level regulation for cybersecurity. The proposed regulation would apply to regulated banks, insurance companies, and other financial services institutions and has implications for Canadian organizations doing business with these entities. On September 13, 2016, the New York State Department of Financial Services (“DFS“) announced a… → Read More

Public Safety Canada calls for Submissions on New National Cybersecurity Strategy

Posted in Cybersecurity

On August 16, 2016, Public Safety Canada (“PSC”) issued a consultation paper, launching a public consultation as part of PSC’s development of an updated national cybersecurity strategy (the “Consultation Paper”). The consultation will close on October 15, 2016. Business may want to consider making submissions in respect of some key questions posed around possible regulation… → Read More

Cybersecurity Best Practices for Connected Cars Released

Posted in Cybersecurity, Internet of Things, Standards, Telematics

It has been predicted that by 2020, there will be a quarter billion connected vehicles on the road with connected capabilities; Tesla founder Elon Musk is even more aggressive, predicting fully autonomous vehicles on the roads within two years.  However, some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These… → Read More

Mutual Fund Dealers Association of Canada releases Cyber Risk Management Guidance

Posted in Cybersecurity, Financial, Regulatory Compliance

Earlier last month, the Mutual Fund Dealers Association of Canada (MFDA) released a bulletin providing guidance on cybersecurity and cyber risk management for mutual fund distributors. The goal of the bulletin is to increase awareness for cyber vulnerabilities and to provide guidance for developing and implementing internal cybersecurity policies. The bulletin emphasizes the importance of… → Read More

IOSCO releases “Cyber Security in Securities Market” Report

Posted in Cybersecurity, Regulatory Compliance

The Board of the International Organization of Securities Commissions (IOSCO) released last month the report on its cyber risk coordination efforts.  The goal of the report is to provide an overview of the regulatory issues and challenges faced by various segments of the securities markets, in particular reporting issuers, market intermediaries and asset managers, and… → Read More

S3nd Us teH MoNey: Ransomware Advisory Issued for Canadian Companies

Posted in Criminal, Cybersecurity

Ransomware attacks, in which hackers encrypt all the files on a computer and threaten to delete them unless a ransom is paid, are becoming increasingly common. Disturbingly, they are often successful. Recent victims include individuals like the woman who paid Ukrainian hackers $500 in Bitcoins to prevent them from deleting her husband’s financial statements (and… → Read More

Bank Robbery 2.0: SWIFT Issues Cybersecurity Warning Following Bangladesh Central Bank Theft

Posted in Cybersecurity, Data Breach, Financial

In the wake of a cyberattack in which over $850 million worth of transactions were affected and which implicated the security measures of major banking institutions on several continents, banks were reminded to review and follow their security measures. While Canadian financial institutions were not directly affected, the event (and the subsequent warning) serves as… → Read More