As a general rule, we all know it is not a good idea to scrape content from a website, yet some companies persist in this behaviour contrary to law and best practice.
The Equifax decision and related compliance agreement between the OPC and Equifax Canada that that sets out detailed timelines for various corrective measures to be put in place by Equifax Canada regarding consent, safeguards and accountability in addition to six years of third party audits, offers a treasure trove of practical lessons for organizations looking to comply with the Personal Information Protection and Electronic Documents Act (as well as some surprises).
On Feb. 27, the U.S. Federal Trade Commission announced that operators of the video networking app Musical.ly (now known as TikTok), had agreed to pay US$5.7 million to settle allegations that they had illegally collected personal information from children in violation of the Children’s Online Privacy Act. The order marks the highest civil penalty ever obtained by the FTC in a children’s privacy case.
In addition to ensuring their compliance with Canada’s new federal mandatory data breach and breach-of-security-safeguards reporting requirements under the private sector Personal Information Protection and Electronic Documents Act, federally regulated financial institutions will soon have additional regulatory reporting requirements regarding technology and cybersecurity incidents, thanks to a recent Advisory promulgated by The Office of the Superintendent of Financial Institutions.
With much fanfare, recreational cannabis became legal in Canada on October 17, 2018. On December 17, 2018, the Office of the Privacy Commissioner of Canada published preliminary guidance for cannabis retailers and customers regarding the protection of personal information collected during such transactions, including online transactions.
Canada has added its voice to the global chorus of data protection and privacy commissioners calling for fairness, transparency and privacy by design as 'core values' in the development of artificial intelligence by co-sponsoring the Declaration on Ethics and Data Protection in Artificial Intelligence.
On Sept. 28, California became the first U.S. state to specifically regulate the security of connected devices, otherwise known as the Internet of Things or IoT devices.
It’s fair to say that new breach-reporting requirements represent a sea change in how many organizations will manage their unauthorized disclosures of personal information.
As the use of AI proliferates and as the systems themselves become more autonomous, the risk that they will cause harm to property or individuals naturally increases. It is now unclear how and if the existing Canadian legal framework will apply to damages or losses resulting from AI use or operation.
A recent decision of the Federal Court has confirmed that, under its existing legislation, the Canadian Security Intelligence Service cannot obtain warrants to collect information or intelligence if the requested warrant has extraterritorial effect.