Kirsten Thompson, Author at Dentons Data

The Competition Bureau Reviews Privacy Statements for “false or misleading” Representations, Levies $9 Million Fine

Posted on May 22, 2020 By Karl Schober, Sandy Walker and Kirsten Thompson
Categories: Competition, Privacy

The worlds of competition law and privacy law have been spinning closer together in Canada for the past several years. In the Competition Bureau’s Big Data and Innovation paper released in February 2018, the Bureau stated that its “mandate to ensure truth in advertising may overlap with the OPC’s [Office of the Privacy Commissioner’s] mandate to protect privacy rights. Both mandates are important to protect consumers in the digital economy. The Bureau will continue to enforce provisions of the Act even if the offending actions may be subject to enforcement under PIPEDA.”

The Bureau has reiterated this statement (and approach) in a series of speeches, reports and guidance, in which the Bureau has signalled that it would aggressively pursue its goal of enforcing competition law in the digital economy.

Dentons Data In Conversation Podcast Series

Posted on April 17, 2020 By Kelly Osaka, Karl Schober and Kirsten Thompson
Categories: COVID-19, Data

Dentons Data in Conversation is brought to you by the Firm’s Transformative Technologies and Data Strategy group. In the past weeks, we have seen unprecedented public health measures taken by countries and governments, forcing companies to conform quickly and embrace new ways of doing business. In a series of podcasts, we will give timely updates on the digital and privacy implications surrounding COVID-19, and the implications for businesses that are adopting transformative technologies to keep the workforce moving.

If you require any assistance regarding specific legal issues, please reach out to a member of Dentons’ Transformative Technology and Data Strategy group, Dentons’ Cybersecurity and Privacy group, or other legal counsel.

No Vicarious Liability of Employers for Data Breach – A Good News Story from the UK

Posted on April 9, 2020 By Chloe Snider, Kirsten Thompson and Jillian Frank
Categories: Class Actions, Litigation, Privacy, Rogue employees

A continuing anxiety for Canadian business is their liability for the deliberate wrongdoing of an employee, who for reasons of his or her own, steals personal information and releases it publically. Employers with even the most robust of cybersecurity and privacy protections can still fall victim to a rogue employee.

There is currently no final decision in Canada on whether a corporation can be vicariously liable for the actions of a rogue employee who breaches the privacy of the company’s employees or customers. To date, that issue has been addressed only at the certification stage of class proceedings on a preliminary basis.

British Columbia Modifies Data Residency Requirements in Response to COVID-19

Posted on April 4, 2020 By Kirsten Thompson
Categories: COVID-19, Data Localization, Legislation, Privacy

British Columbia has temporarily modified its Freedom of Information and Protection of Privacy Act, R.S.B.C. 1996, c.165 (“FIPPA“) to lift a requirement that personal information handled by public sector agencies, and service providers to those public sector agencies, be kept in Canada.

Under the Order, made on March 26, 2020, “health care bodies”, the Province and certain provincial health-related authorities and ministries may now disclose personal information inside or outside of Canada in accordance with s. 33.2(a) and (c) of FIPPA on the condition that the disclosure is necessary:

a. for the purposes of communicating with individuals respecting COVID-19,
b.

Privacy During a Pandemic: Privacy Commissioners Issue Guidance

Posted on March 20, 2020 By Kirsten Thompson
Categories: Guidance, Privacy

On March 20, 2020 the Office of the Privacy Commissioner of Canada (“OPC“) issued its guidance for privacy during a pandemic. The guidance, Privacy and the COVID-19 outbreak, deals primarily with the ability of an organization to handle personal information during a health emergency. Similar guidance was issued by the Privacy Commissioners in seven other provinces and is linked to within the OPC’s guidance.

Businesses hopeful that there would be some flexibility in the interpretation of the privacy laws during the COVID-19 pandemic will be disappointed. The OPC’s guidance does not offer any information on how businesses – many of which are being forced to rapidly retool existing processes or adopt new digital ones – can think differently about privacy or indicate that the OPC may interpret privacy laws more leniently in the context of an emergency.

Four of a kind: Ontario Recognizes the Fourth Privacy Tort – False Light

Posted on March 12, 2020 By Kirsten Thompson and Meredith Bacal
Categories: False Light, Litigation, Privacy

In late 2019, the Ontario Superior Court recognized the tort of placing a person in a false light for the first time. This landmark decision completes the set of four privacy torts, which are now all recognized in Ontario, and has implications for businesses.

For background on the three other privacy torts, intrusion upon seclusion was recognized by the Ontario Court of Appeal in Jones v Tsige in 2012. Following this landmark ruling, in 2016 and again in 2018, the Ontario Superior Court recognized the tort of public disclosure of private facts.[1] Misappropriation of personality has been recognized in Ontario since the 1970s.[2]

Changes Coming to British Columbia’s Privacy Law

Posted on February 26, 2020 By Kirsten Thompson
Categories: Data, Legislation, Privacy

On February 18, 2020, the British Columbia Legislature appointed a special committee to review that province’s Personal Information Protection Act (“PIPA“), the private sector privacy law applicable to British Columbia organizations.

PIPA came into effect in January 2004, and pursuant to s. 59, a special committee must review the Act every 6 years and submit a report. The report may include recommended amendments. In a period in which numerous privacy laws, both domestic and international are being revised, the move by the province comes as no surprise.

Also under review in a separate process is the federal private sector legislation, the Personal Information Protection and Electronic Documents Act (“PIPEDA“).