Addressing the Cyber Risks of Remote Work – Personal Devices and Leakage

Based on all reports, the global pandemic and the resulting move to “work from home” has caused the cyber risk to organizations to elevate. As organizations move beyond the immediacy of the crises and begin to plan for the medium term, it is a good time to revisit cyber security and, in particular, the risks associated with increased reliance on remote work.

Addressing the Cyber Risks of Remote Work – Physical Security Risks

Based on all reports, the global pandemic and the resulting move to “work from home” has caused the cyber risk to organizations to elevate. As organizations move beyond the immediacy of the crises and begin to plan for the medium term, it is a good time to revisit cyber security and, in particular, the risks associated with increased reliance on remote work.

Extraordinary Times – Limitations on Liberty and Privacy under the Health Protection and Promotion Act

On April 1, 2020, Ontario’s Chief Medical Officer urged his local public health counterparts to order COVID-19 patients and their contacts into quarantine. The situation, according to the Chief Medical Officer, is such that measures need to be put in place in order to manage this pandemic. Extraordinary times call for extraordinary measures and implementing the broad order-making powers of medical officers of health under the Health Protection and Promotion Act (HPPA) may be where we are headed. This means placing limitations on a person’s liberty and privacy.

Employers Take Note: New PHIPA Amendments

On March 25, 2020, the provincial government passed Bill 188, Economic and Fiscal Update Act, 2020, which amends various statutes, including the Personal Health Protection Information Act, 2004 (PHIPA). Included among these amendments are new requirements for health information custodians relating to electronic audit logs, requirements for “consumer electronic service providers,” the ability of justices to make production orders, administrative penalties that can be issued by the Information and Privacy Commissioner of Ontario (Commissioner) and a significant increase in the amount of penalties and possible imprisonment for offences. Unless otherwise indicated, these amendments came into force on March 25, 2020.

Ten Incident Response Tips – Part 2

In Part 1 of this two-part series on data security incident response, we identified five “norms” to guide your incident response process…

Ten Incident Response Tips – Part 1

Responding to a data security incident is as much art as science. Whatever size your organization and whatever risks you face, you should have a detailed incident response plan to guide the efforts of a defined incident response team…

Hicks Morley Information and Privacy Post – 2013

Dear Friends: It’s early October 2013, and here’s what’s on our minds. With great pleasure, we’ve released this year’s Information and Privacy Post – a review of 60 information management and privacy cases that caught our attention in the last year. We like the exercise of producing the Post because pulling together and organizing recent…

Hicks Morley Information and Privacy Post – 2011/2012

Dear Friends: It’s late August 2012, and here’s what’s on our minds. Our Information and Privacy Post is back. This edition contains 61 case summaries relating to the protection of confidential business information, electronic evidence, freedom of information, privacy, privilege and production. It has been a remarkable year. Canadian privacy law, in particular, has made…