Information and Privacy Commissioner of Ontario Rejects Privilege Claim, Orders Production of Cybersecurity Report

When responding to a cyberattack, an organization will likely need to retain external cybersecurity, ransomware and digital forensics experts. Their work product (reports and other documents related to the incident or the organization’s data security practices) may later become the subject of a production request by either a regulator or plaintiff in litigation. It is therefore important to consider in advance if and how such work product may be protected by privilege in order to be able to respond adequately to such a request.

This issue – whether such documents are protected by privilege – arose in a recent decision of the Information and Privacy Commissioner of Ontario (the “IPC”).

Read More

Dentons Data In Conversation Podcast Series

Dentons Data in Conversation is brought to you by the Firm’s Transformative Technologies and Data Strategy group. In the past weeks, we have seen unprecedented public health measures taken by countries and governments, forcing companies to conform quickly and embrace new ways of doing business. In a series of podcasts, we will give timely updates on the digital and privacy implications surrounding COVID-19, and the implications for businesses that are adopting transformative technologies to keep the workforce moving. 

If you require any assistance regarding specific legal issues, please reach out to a member of Dentons’ Transformative Technology and Data Strategy group, Dentons’ Cybersecurity and Privacy group, or other legal counsel.

Read More

Changes Coming to British Columbia’s Privacy Law

On February 18, 2020, the British Columbia Legislature appointed a special committee to review that province’s Personal Information Protection Act (“PIPA“), the private sector privacy law applicable to British Columbia organizations.

PIPA came into effect in January 2004, and pursuant to s. 59, a special committee must review the Act every 6 years and submit a report. The report may include recommended amendments. In a period in which numerous privacy laws, both domestic and international are being revised, the move by the province comes as no surprise.

Also under review in a separate process is the federal private sector legislation, the Personal Information Protection and Electronic Documents Act (“PIPEDA“).

Read More

At What Point Does the Failure of an Organization’s Security Safeguards Amount to Recklessness?

The tort of intrusion upon seclusion, as set out by the Ontario Court of Appeal in Jones v Tsige, requires the defendant’s conduct to be intentional, or, at a minimum, reckless. The question is: at what point does the failure of an organization’s security safeguards amount to recklessness? This was the question addressed by the Ontario Superior Court of Justice in the recent case, Wilson-Flewelling v Queensway Carleton Hospital, 2019 CanLII 65155 (ON SCSM) (“Queensway Carleton Hospital”).

The facts

The court heard that the Plaintiff, Ms. Wilson-Flewelling, had attended the defendant hospital (“Hospital”) to book a surgical procedure, that the Hospital’s medical office administrator had left a completed surgical booking package in the Hospital’s dedicated, locked drop box, and that the Plaintiff had unexpectedly received the package in the mail a week later.

Read More

Privacy Commissioner Issues Notice of Consultation on Artificial Intelligence

The Office of the Privacy Commissioner of Canada (“OPC“) has released a Consultation Paper on artificial intelligence (“AI“), saying that it is of the opinion that “responsible innovation involving AI systems must take place in a regulatory environment that respects fundamental rights and creates the conditions for trust in the digital economy to flourish. “

The OPC intends to examine AI in the context of the legislative reform policy analysis as it relates specifically to the Personal Information Protection and Electronic Documents Act (“PIPEDA“). The OPC is clear that it has concerns about AI, stating:

“In our view, AI presents fundamental challenges to all PIPEDA principles and we have identified several areas where the Act could be enhanced.”

Read More

Canadian Competition Bureau Calls on Businesses to Provide Information on Anti-competitive Conduct in the Digital Economy

Like regulatory agencies everywhere, Canada’s Competition Bureau (the “Bureau”) is grappling with the fast-changing digital economy and its implications for competition and innovation. The development of new technologies, their rapid uptake by business, and the deployment of new data-driven business models has left regulators – chiefly privacy and competition regulators – examining whether these new types of business models now pose regulatory threats not previously appreciated.

On May 22, 2019 the federal government unveiled a Digital Charter with 10 principles by which the government proposes Canada should adapt to an economy characterized by artificial intelligence and data-driven products and services.

Read More

The Limits of Data Localization Laws: Trade, Investment, and Data

On the 8th and 9th of June, 2019, the G20 Ministerial Meeting on Trade and Digital Economy took place in Tskuba, Japan. In a Ministerial Statement released after the meeting, the Ministers reaffirmed their commitments to transborder data flows noting that it generates higher productivity, greater innovation, and improved sustainable development, while acknowledging certain challenges related to “privacy, data protection, intellectual property rights, and security”.

Indeed, with the increasing importance of data in everything from cloud computing, the internet of things and big data analytics, the free flow of data is essential to unlocking the full potential of global e-commerce and modern business in data driven economy.

Read More