Cybersecurity and cyber risk management are fundamental challenges for businesses and organizations of all kinds and sizes. This site provides commentary and insight about recent developments in Canadian cybersecurity law.


Featured Posts


Frequently Asked Questions – PIPEDA’s Security Breach Obligations

Canada’s federal Personal Information Protection and Electronic Documents Act requires an organization that suffers a “breach of security safeguards” involving personal information under its control to keep prescribed records of the breach and, if the breach presents a “real risk of significant harm to an individual”, to promptly report the breach to the Privacy Commissioner and give notice of the breach to affected individuals and certain other organizations and government institutions.

Photo by 3dmentat/iStock / Getty Images

Cyber Risk Management Guidance for Corporate Directors

Corporate directors have a legal responsibility to ensure that their corporations have appropriate cyber risk management policies and practices, and are prepared to respond effectively to cyber incidents.

Photo by IvelinRadkov/iStock / Getty Images

Regulatory Enforcement Action Emphasizes Need for Information Security Governance Framework

Recent regulatory enforcement action emphasizes that organizations must establish an information security governance framework to ensure that appropriate practices, systems and procedures for the protection of personal information are established, consistently understood and effectively implemented.