Ten Incident Response Tips – Part 1

Responding to a data security incident is as much art as science. Whatever size your organization and whatever risks you face, you should have a detailed incident response plan to guide the efforts of a defined incident response team…

Federal Privacy Commissioner Weighs In Against Sharing Details of Employee Discipline

In a recently released decision summary, the Office of the Privacy Commissioner of Canada (OPC) held that a bank acted properly in deciding not to tell the victim of unauthorized access precisely how it had punished its offending employee (Employee). The victim, the complainant in this case, was a neighbour of the Employee who happened…

Federal Government Consults on PIPEDA Data Breach Regulations

On March 4, 2016, the federal government posted Data Breach Notification and Reporting Regulations (Regulations) for public discussion. Amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) enacted by the Digital Privacy Act (Bill S-4) will, upon proclamation, require private sector organizations to notify the public in circumstances where security safeguards involving their…

Hicks Morley Information and Privacy Post – 2013

Dear Friends: It’s early October 2013, and here’s what’s on our minds. With great pleasure, we’ve released this year’s Information and Privacy Post – a review of 60 information management and privacy cases that caught our attention in the last year. We like the exercise of producing the Post because pulling together and organizing recent…

New Privacy Legislation in Manitoba

Organizations with operations in Manitoba need to be aware that the Manitoba Legislature has recently passed new privacy legislation that will apply to the private sector and, to a lesser degree, to the not-for-profit sector – The Personal Information Protection and Identity Theft Prevention Act (“PIPITPA” or the “Act”). PIPITPA will establish rules for the…

The Science of Data Breach Prevention and the Art of Breach Response

Organizations should be paying close attention to data loss prevention and response in light of recent developments. Recent media frenzies over the loss of portable storage devices illustrate that individuals’ fears and perceptions can cause great pressure on organizations even when the risk of real harm to individuals is remote. In addition, the risk of…

Hicks Morley Information and Privacy Post – 2011/2012

Dear Friends: It’s late August 2012, and here’s what’s on our minds. Our Information and Privacy Post is back. This edition contains 61 case summaries relating to the protection of confidential business information, electronic evidence, freedom of information, privacy, privilege and production. It has been a remarkable year. Canadian privacy law, in particular, has made…

How the New Privacy Tort Will Affect Employers

On January 18th, 2012, the Court of Appeal for Ontario in Jones v. Tsige recognized a new “intrusion upon seclusion” civil cause of action. In this FTR Now, we describe the new cause of action (or “tort”) and identify its significance to employers. THE INTRUSION UPON SECLUSION TORT Under Ontario law it is now clear…