Cybersecurity and cyber risk management are fundamental challenges for businesses and organizations of all kinds and sizes. This site provides commentary and insight about recent developments in Canadian cybersecurity law.

 
 

Featured Posts

 

Frequently Asked Questions – PIPEDA’s Security Breach Obligations

Canada’s federal Personal Information Protection and Electronic Documents Act requires an organization that suffers a “breach of security safeguards” involving personal information under its control to keep prescribed records of the breach and, if the breach presents a “real risk of significant harm to an individual”, to promptly report the breach to the Privacy Commissioner and give notice of the breach to affected individuals and certain other organizations and government institutions.

 
Photo by 3dmentat/iStock / Getty Images

Cyber Risk Management Guidance for Canadian Corporate Directors

Directors of Canadian corporations have a legal responsibility to ensure their corporations have appropriate cyber risk management policies and practices and are prepared to respond effectively to cybersecurity incidents.

 
Photo by IvelinRadkov/iStock / Getty Images

Managing privacy and cyber risks in M&A transactions

Privacy and cyber risks are essential considerations for almost all merger, acquisition and financing (“M&A”) transactions. Privacy and cyber risks can affect the viability and value of a transaction, influence the nature and terms of a transaction and, in some circumstances, cause the parties to abandon a transaction. In addition, parties to an M&A transaction and their directors and officers (if applicable) might be legally obligated to address privacy and cyber risks in connection with the transaction and incur potentially significant liabilities if they fail to do so. In Canada, privacy and cyber risks regarding M&A transactions will soon increase significantly as a result of the modernization of Canadian privacy and cybersecurity laws. For those reasons, parties to an M&A transaction should appropriately address privacy and cyber risks throughout the transaction life cycle.

 
 
 

Slightly off topic …

 

Software and SaaS Agreements – Practical Guides

Computer software is an essential tool for almost every organization. The procurement and use of software, including software-as-a-service (commonly known as “SaaS”), can present the customer with potentially significant risks and liabilities, which should be addressed in the applicable agreements. Software License Agreements – A Practical Guide and SaaS Agreements – A Practical Guide provide information and guidance for negotiating software and SaaS agreements.

 
 
Canadian Cybersecurity Law Blog
NIST Cybersecurity Framework 2.0 – A Canadian Perspective
The Vancouver Island University audit report – board oversight of cybersecurity risk management
Cybersecurity guidance for small organizations
Cyber risk management guidance for Canadian corporate directors – 2023 Update
Ransomware attacks – Tips from the trenches
Less is more – Data minimization and privacy/cyber risk management
Managing privacy and cyber risks in M&A transactions
Privacy, cybersecurity and M&A transactions – A cautionary tale
Cyber risk guidance for customers and providers of managed IT services
Improving cybersecurity with internal resources and outsourced services
Privacy Commissioner decision provides guidance for parties to M&A transactions
Cybersecurity framework and incident reporting for Ontario's mortgage brokering sector
OSFI’s new Guideline B-13 – Managing technology and cyber risks
BCFSA finalizes information security and outsourcing guidelines
OSFI updates Technology and Cyber Security Incident Reporting Advisory