Privacy & Data Protection

Fingerprint scanning on blue technology illustration

PRIVACY & DATA PROTECTION

Privacy and Data Protection are interrelated concepts that involve complex statutory, regulatory and common law requirements and restrictions. Privacy and data breaches – whether accidental or intentional – are frequent front-page news stories that damage corporate reputations and have led to an increasing number of class action lawsuits. Our privacy and data protection lawyers help clients examine the impact of privacy and data protection laws and regulatory requirements upon their businesses and implement measures to reduce risks.

Canada has a complex network of laws governing privacy and data protection compliance, including private-sector, health-sector and public sector statutes, sector-specific privacy obligations, statutory privacy torts, and evolving common law torts such as “intrusion upon seclusion” and “publicity given to private life.” To provide support to our client, our lawyers routinely prepare and adopt practices and procedures that ensure compliance We advise clients on establishing a comprehensive privacy compliance infrastructure, so that they can reduce the risk of privacy complaints, investigations by privacy commissioners and other regulatory bodies, and privacy-related litigation. An effective compliance infrastructure can also help clients to mitigate the damage of any risks that may materialize.

Our lawyers regularly develop organizational and employee privacy policies and function-specific documents, such as Internet privacy policies, acceptable use policies, and cookies policies. Among other things, McMillan’s data privacy lawyers provide guidance on the application of privacy laws; draft and review privacy policies, consent provisions and information collection procedures; advise on cases of privacy or security breaches; advise on issues related to cross-border transfers of information, including cloud computing; represent clients in privacy-related litigation; and CASL compliance.

Workplace privacy also presents unique issues and challenges. The sheer volume of personal employee information companies handle is just one of the reasons why privacy laws in the workplace are taking centre stage of late. Another emergent workplace privacy issue concerns medical privacy laws in the workplace, which have come to the fore as businesses navigate the legalities of workplace drug testing since Canada legalized marijuana and COVID testing came into play.

McMillan’s workplace privacy lawyers draft and review employee privacy policies, and advise corporations on the application of privacy laws, privacy issues related to searching employees and their property, collection of biometric information, privacy issues unique to unionized workforces, and more.

McMillan’s team also has valuable experience interpreting and applying Canada’s Anti-Spam Legislation (CASL) across organizations, reviewing CASL compliance and training client teams, and dealing with the CRTC and the Privacy Commissioner on CASL compliance matters. Our expertise extends to publication of a legal text, Internet Law Essentials: Canada’s Anti-Spam Law.

Essentially we help clients understand how they can balance compliance with innovation, employer rights, and business needs.

Cybersecurity is no longer solely an issue for IT or technical staff. An effective plan to protect the organization against cyber threats requires insight into both the technical threats and the many and varied ways in which those threats can manifest in personal, physical, and financial damage. Understanding and responding effectively to those threats requires a comprehensive understanding of legal and regulatory obligations and risks, all of which are rapidly evolving.

Among other things, McMillan’s cybersecurity lawyers draft security and data protection policies and protocols; advise on compliance with applicable privacy laws and other legislation; educate managers and directors on the risks associated with a data breach; prepare and implement a notice strategy to respond to data breaches; advise on dealing with the public and regulators following a breach; and assist with internal investigations and obtaining court orders for timely disclosure of necessary information from third parties.

Although organizations may use their best efforts to develop and implement policies and procedures to comply with Canada’s complex and rapidly evolving privacy and data protection regime, disputes regarding breach of privacy and mishandling of personal information are often unavoidable. McMillan helps organizations manage the risk of being drawn into litigation through, for example, inadvertent disclosure of customer information, employee misconduct, or even external hacking of their information systems.

The importance of an immediate and effective response is underscored by the recent wave of reported class actions relating to privacy and data breaches, many of which allege that the organization did not promptly notify individuals who were at risk of harm.

McMillan’s Privacy Group is experienced at resolving disputes in a client-focused way. We pair specialized privacy expertise with McMillan’s renowned Litigation Group to provide a comprehensive team that can advise and represent clients in all types of privacy litigation.

Primary Contacts

View All Contacts

Lyndsay A. Wasser

Partner, Privacy & Data Protection

Toronto

lyndsay.wasser@mcmillan.ca Phone

416.865.7083

Kristen Pennington

Partner, Privacy & Data Protection | Employment & Labour Relations

Toronto

kristen.pennington@mcmillan.ca Phone

416.865.7943

Deals and Cases

Downloads

Privacy & Data Protection Capabilities

Brochure Download File

Crisis Response Services

Brochure Download File

Data Protection & Privacy Laws 2021

INDEPTH Reprint Download File

Data Protection 2021, Canada Chapter

International Comparative Legal Guides, 8th Edition Download File

Insights (183 Posts)

Clocking In and Opting Out: Quebec CAI Issues Warning About Biometric Time Clocks in the Workplace

Following CAI's recent observations, this bulletin provides guidance to comply with the applicable requirements to implement biometric time clocks in Quebec.

May 24, 2023

Unpacking Bill C-27 – How Organizations Can Prepare for Potential Changes to Canada’s Federal Privacy Laws

Bill C-27 – also known as the Digital Charter Implementation Act, 2022 – completed its second reading in Canada’s House of Commons, bringing Canada one step closer to privacy law reform. Join our discussion on these significant potential developments and what they may mean for your organization.

Details

Thursday, May 18, 2023

AI Regulatory Roundup – International Developments in AI Law and Policy

An overview of recent Canadian and international developments related to the regulation of artificial intelligence technologies.

May 2, 2023

ISED Releases Companion to Proposed AI Law: Timelines, Guidelines, and Enforcement

Summary of ISED's AIDA companion policy and key takeaways for business involved in developing and using artificial intelligence (AI) systems

Apr 17, 2023

Privacy Breaches in M&A Deals and the Importance of Data Security Diligence

Data security issues pose risks to a transaction, but can be mitigated with effective data security diligence, and other contractual strategies.

Apr 3, 2023

British Columbia’s Privacy Regulator Issues New Privacy Breach Guidance: Here’s What You Need to Know

BC Privacy Commissioner's recent guidance relating to privacy breaches acknowledges that breach notification can be a useful tool to mitigate harm.

Feb 16, 2023

Quebec Superior Court Orders That Corporations Must Provide Information to Police – Even Where Data Stored Abroad

The Quebec Superior Court rules the American companies may have to produce documents stored abroad to aid in Canadian criminal investigations.

Jan 24, 2023

Employment and Privacy Implications of Recent BC Time Theft Case

A recent BC decision has affirmed the position that employee Time Theft is just cause for dismissal.

Jan 23, 2023

Cybersecurity Threats to the Canadian Mining Industry: Is your Business Ready?

Mining firms are vulnerable to cybersecurity attacks but through incident response planning can minimize the risk of exposure.

Jan 10, 2023

Modernization of the Investment Canada Act is Underway

The Canadian federal government introduced Bill C-34, An Act to Amend the Investment Canada Act, to modernize Canada’s national security regime.

Dec 12, 2022

Privacy, Technology and Cybersecurity Issues in Tech Transactions

Full evaluation of a target's privacy, technology and cybersecurity compliance in due diligence is critical for transactions involving technology companies.

Dec 6, 2022

The Exclusion of Intrusion Upon Seclusion: Ontario Court of Appeal definitively determines that “Database Defendants” cannot be held liable for intrusions committed by third-party hackers

The Court of Appeal for Ontario released a trio of decisions that materially impact the viability of class actions following a data breach.

Dec 1, 2022

McMillan’s Annual Privacy, Data Protection and Cybersecurity Client Seminar

Join McMillan's Privacy & Data Protection Group on Wednesday, December 7th for an overview of recent significant legal developments, tips on complying with new and forthcoming obligations under Quebec’s Bill 64, and discussions about hot topics in data management.

Details

Wednesday, December 7, 2022

Act 25 and Confidentiality Incidents – The first Draft Regulations… remain a draft!

Draft regulation under Act 25 regarding protection of personal information, confidentiality incidents and register of confidential incidents are not in force.

Nov 15, 2022

The Road to Canada’s Open Banking Framework: Updates from the Working Group Meetings

Four working groups have been working to develop common rules, accreditation criteria, and technical standards for open banking in Canada.

Nov 2, 2022

Let’s Get Digital – Canadian Government Consults on Model Digital Trade Policy

The Canadian government develops Model International Digital Trade Policy and requests to join the Digital Economic Partnership Agreement.

Nov 1, 2022

British Columbia Privacy Commissioner Releases Guidance on Collecting Personal Information for Political Activities

BC Privacy Commissioner releases guidance on how federal and provincial political organizations can conform to BC's privacy legislation when campaigning.

Nov 1, 2022

Stop Snooping: Alberta Privacy Commissioner Finds Employee Snooping Results in Real Risk of Harm

An overview of a recent Alberta Privacy Commissioner breach notification decision relevant to employee snooping.

Sep 21, 2022

Lessons learned from Alberta’s Office of the Information and Privacy Commissioner (OIPC) 11-Year Report

An overview of Alberta's Office of the Information and Privacy Commissioner 11-Year Report.

Sep 21, 2022

The Case of the Missing Computers: Lessons Learned from Health Canada

A look at the takeaways from the recent audit of Health Canada's IT systems.

Sep 21, 2022

Data Security – The Increasing Danger of Vishing Attacks

This bulletin provides guidance regarding voice phishing, or "vishing" attacks. As they rise in popularity, companies must take action to protect their assets.

Sep 16, 2022

New Guidance on Ontario’s Workplace Monitoring Disclosure Regime

This bulletin provides guidance regarding Ontario's new electronic monitoring disclosure obligations for employers under the Employment Standards Act.

Sep 15, 2022

Part 3 | Privacy 101 – Obligations Under Québec’s New Act 25: How to ensure your business’ biometric data complies with the law

If you do business in Québec, even though you are outside the province, this podcast explains why its new Act 25, in force on September 22, 2022, affects your operations. Discover your responsibilities surrounding biometric data and disclosure obligations to the Québec privacy regulator.

Sep 15, 2022

Part 2 | Privacy 101 – Obligations Under Québec’s New Act 25: Why you must now record and report privacy violations

If you do business in Québec, even though you are outside the province, this podcast explains why its new Act 25, in force on September 22, 2022, affects your operations. Discover why your business needs to develop, implement and maintain a register of confidentiality incidents and what your reporting obligations responsibilities are surrounding breach reporting.

Sep 15, 2022

Part 1 | Privacy 101 – Obligations Under Québec’s New Act 25: Why your business needs a privacy officer now

If you do business in Québec, even though you are outside the province, this podcast explains why its new Act 25, in force on September 22, 2022, affects your operations. Learn why you need a privacy officer, how to properly delegate this role, and what can happen if you don’t comply.

Sep 15, 2022

Avoiding the Perils of a Connected World: New Best Practices for Risk Mitigation

Recently announced updated guidance from the Canadian Center for Cyber Security provides new and important considerations for business activity.

Aug 31, 2022

Act 25 – First Draft Regulation, On Your Marks, Get Set, Go!

First draft regulation under Act 25 regarding the protection of personal information and confidentiality incidents.

Jul 27, 2022

OSFI Adds to its Existing Technology and Cyber Risk Requirements with Guideline B-13

OSFI issued final Guideline B-13 – Technology and Cyber Risk Management, key takeaways summarized.

Jul 26, 2022

Canadian Privacy Regulators Clarify Requirements for Mobile Apps

A recent joint investigation of Canadian privacy commissioners provides guidance for organizations using mobile apps.

Jul 5, 2022

Federal Government Proposes New Act to Reinforce Critical Cyber Security in Canada

Bill C-26, An Act respecting cyber security, would do two things: amend the Telecommunications Act and enact the Critical Cyber Systems Protection Act.

Jul 5, 2022

Privacy Reform is on the Table Once More: Canada Introduces the Digital Charter Implementation Act, 2022

New federal privacy legislation has been introduced. If passed, Bill C-27 will materially change the legal landscape for privacy and data protection in Canada.

Jun 22, 2022

The Anti-Racism Data Act

BC Government passed the Anti-Racism Data Act to safely collect demographic information to address gaps in BC programs and services.

Jun 15, 2022

Legislative Amendments Affecting Québec’s Employers

The webinar discusses the rigorous language obligations imposed by Bill 96 on businesses and its significant impact on employers, as well as the recent significant changes to both Québec’s occupational health and safety legislation and Québec’s privacy legislation which employers should be aware of.

Details

Wednesday, June 29, 2022

Taking Control: Proactive Data Breach Preparedness and Responsible Incident Management

Join us on Tuesday, June 21st as members of our Privacy and Technology Groups discuss how your organization can proactively prepare in order to be in control if and when an incident occurs and to take measured and responsible steps to prevent and manage the associated legal and business risks.

Details

Tuesday, June 21, 2022

Federal Privacy Commissioner Releases Key Recommendations for a New Federal Private Sector Privacy Law

The Office of the Privacy Commissioner of Canada released a summary of its key recommendations for a new federal private sector privacy law in Canada

May 17, 2022

Open Banking: What it is and what it means for you

As we have received a number of questions from clients regarding our open banking bulletins, we are putting together an interdisciplinary panel of experts to take a deep dive into the implications of an open banking system in Canada, exciting developments & expectations for further progression.

Details

Thursday, June 2, 2022

Cybersecurity Webinar: A New World Order – Cybersecurity Risks, Mitigation Strategies and Opportunities for Canadians in a Rapidly Changing Global Environment

We are more reliant on technology today than ever before. It impacts all facets of modern life, including by enabling communication, automation, transportation and analytics. While technology offers powerful solutions to facilitate and expedite our daily routines, it can also be a key vulnerability with respect to the protection of sensitive data including personal, professional and/or proprietary information.

In this webinar, we are privileged to hear from experts with an array of professional backgrounds as they offer insight into the macro and micro implications of cybersecurity and discuss best practices for protecting private information.

Details

Tuesday, April 26, 2022

Data Collection and Protection in the Automotive Sector

Join us on Thursday, April 28, 2022 as members of McMillan's Privacy & Data Protection Group discuss privacy and data protection issues relevant to the automotive industry.

Details

Thursday, April 28, 2022

Federal Government Appoints Open Banking Lead

The federal government has named Abraham Tachjian to lead the development of open banking in Canada, following an open letter from prominent fintech executives.

Mar 23, 2022

Pay No Attention to the Blinking Red Light: Employee Monitoring Laws Announced in Ontario

The Ontario Ministry of Labour has released Bill 88, the Working for Workers Act, 2022, requiring employers to disclose digital employee monitoring practices.

Mar 3, 2022

Couldn’t Scrape By: BC Court Rejects Certification of Class Action against Facebook

BC Court dismisses certification application for class action against Facebook for allegedly scraping user data from their messenger app.

Feb 17, 2022

Privacy, Please: Firm that Breached Instagram’s Privacy Policies Loses Class Action Ruling

A discussion of the recent B.C. Supreme Court decision certifying a class action against a U.S.-based marketing firm that breached Instagram privacy rules.

Feb 15, 2022

PropTech: Property Technology, the New Frontier in Real Property, Part 2: Benefits

In this bulletin, we discuss the benefits of using PropTech for businesses in the real estate space and for consumers of such products.

Jan 11, 2022

PropTech: Property Technology, the New Frontier in Real Property, Part 1: Introduction

In this 3-part series, we explain the concept of PropTech, highlight its benefits and outline associated risks.

Jan 11, 2022

Clearview AI Ordered to Comply with Provincial Regulators’ Privacy Recommendations

Canada’s provincial privacy regulators have issued orders against Clearview AI forcing it comply with the
recommendations of a 2020 joint investigation.

Jan 5, 2022

Canadian Centre for Cyber Security Releases Ransomware Playbook

Ransomware attacks are on the rise. The Canadian Centre for Cyber Security released a ransomware playbook to help companies prepare for and respond to attacks.

Dec 21, 2021

Smartphone Apps Beware – Babylon Health investigation provides insight into compliance with Alberta privacy laws

Key takeaways from the Office of the Information and Privacy Commissioner of Alberta (OIPC)s report re: investigation of the Babylon by Telus Health app.

Dec 15, 2021

Special Committee Releases Report Suggesting Changes to Modernize BC’s Private Sector Privacy Law

We will touch on a few notable recommendations to amend PIPA that may affect the processes and procedures of businesses governed by PIPA.

Dec 15, 2021

Urgent Cybersecurity Alert Regarding Apache Log4j

Canada’s Minister of National Defence has issued a statement regarding a recently identified critical vulnerability in the Apache Log4j logging product.

Dec 13, 2021

Canada Partners with the European Commission to Examine Use of Digital Credentials

Increased standards for digital credentials improve privacy and global functionality - but what does this mean for businesses who use them?

Dec 7, 2021

Bill 64: A Checklist to Help Businesses Comply with Modern Privacy Requirements in Québec

The new changes to Quebec's privacy legislation usher in the modern era of privacy laws. This checklist establishes priorities and timelines for companies.

Dec 1, 2021

Risks of Anonymized and Aggregated Data

This article discusses how the anonymized and aggregated data poses risks to businesses, and how to stay compliant with the applicable privacy requirements.

Dec 1, 2021

Proposed Changes to FIPPA: Two Steps Forward, One Step Back

The BC government recently introduced a bill to amend FIPPA that introduces new requirements for managing and protecting privacy.

Nov 5, 2021

Privacy Commissioner Releases More Guidance for Video Teleconferencing Companies

Video teleconferencing companies face unique cybersecurity and data privacy risks. The OPC has new guidance on how these companies can best address them.

Nov 3, 2021

McMillan’s Annual Privacy, Data Protection and Cybersecurity Webinar

Our lawyers will provide an overview of important case law developments, regulatory guidance, upcoming statutory changes, and hot topics in Privacy, Data Protection & Cybersecurity

Details

Wednesday, November 10, 2021

Bill 64 Enacted: Québec’s Modern Privacy Regime

An in-depth analysis of Quebec's 2021 modernization of its private-sector privacy legislation.

Oct 15, 2021

Privacy Implications of an Open Banking System in Canada

Canada’s Advisory Committee on Open Banking's final report- the privacy and data security implications of an open banking system in Canada.

Oct 12, 2021

Alberta Recognizes Privacy Tort of Public Disclosure of Private Facts

The Alberta Court of Queen’s Bench recognized the tort of public disclosure of private facts for the first time; In deciding the recognize the tort...

Sep 27, 2021

Open Banking in Canada: Could 2023 be the Year?

An overview of the Advisory Committee on Open Banking's final report on bringing open banking to Canada.

Aug 11, 2021

Is Private Sector Privacy Legislation Looming in Ontario?

Ontario government seeks input on privacy policy proposals, signaling that Ontario private sector privacy legislation may be on the horizon

Jul 5, 2021

The Balancing of Privacy Rights and the Open Court Principle: Disclosure of Private Information in Litigation

The Supreme Court of Canada’s decision in Sherman Estate v Donovan offers clarity on when the open court principle will give ground to the right to privacy.

Jun 23, 2021

No Damages for Minor Stress and Inconvenience: Quebec Court Dismisses Data Breach Class Action

In March, the Québec Superior Court released a rare decision in which it dismissed a privacy class action on the merits.

Jun 9, 2021

Canadian Privacy Commissioners Issue Joint Guidance on Vaccine Passports

Commissioners warn that privacy considerations must be “front and centre” as organizations develop and implement vaccine passports in the coming months

May 25, 2021

FCAC’s Submission on Open Banking: Finding the Right Balance to Achieve Consumer Protection and Broad Financial Sector Participation

The authors discuss the Financial Consumer Agency of Canada's submission to the Advisory Committee on Open Banking.

Mar 30, 2021

Big Brother’s Access Limited – Canadian Privacy Commissioners Rule Clearview AI’s Facial Recognition Tool in Breach of Canadian Privacy Laws

Privacy Commissioners find Clearview AI's use of facial recognition software on images it scraped from the Internet to be in breach of privacy laws.

Feb 17, 2021

Potential Overhaul of Canadian Privacy Law – Is Your Organization Ready?

Details

January 20, 2021 - 11:00 pm to 2:00 pm ET

International Comparative Legal Guide (ICLG) – Cybersecurity Canada 2021

The International Comparative Legal Guide (ICLG) - Cybersecurity Canada 2021 guide covers common issues in cybersecurity laws and regulations.

Dec 3, 2020

Another Leap Forward for Canadian Privacy Laws

The Digital Charter Implementation Act, 2020 received its first reading in the House of Commons. If passed, the Act will radically change Canadian Privacy Law.

Nov 19, 2020

Canada’s New Cybersecurity Certification Goes Live

The federal government has launched a voluntary CyberSecure program to help small and medium-sized organizations protect against cybersecurity threats

Oct 13, 2020

Reporting and Recording Breaches of Security Safeguards – The OPC releases new resources for businesses

Office of the Privacy Commissioner of Canada ("OPC") released a number of new resources to assist organizations with their breach assessment, reporting and recording obligations.

Sep 28, 2020

COVID-19 Realities Push Ontario Government to Launch Public Consultation to Improve the Province’s Privacy Laws

The Ontario government launched public consultations to guide their modernization of private-sector privacy laws within the province.

Aug 19, 2020

Alberta’s New Liability Management Framework: A Teaser of What’s Coming

Government of Alberta announces changes to the regulatory regime that governs oil and gas liabilities.

Aug 4, 2020

Global Privacy Authorities Remind Video Teleconferencing Companies of Privacy Expectations

Global privacy authorities published a letter to remind video teleconferencing companies of their obligations regarding user's privacy.

Jul 29, 2020

Bill 64: Modernizing Québec’s Privacy Regime

Bill 64: Modernizing Québec's Privacy Regime

Jul 23, 2020

Supreme Court of Canada Affirms the Genetic Non-Discrimination Act, Weighing Autonomy, Privacy, and Accessibility of Insurance

Impacts on insurers from recent decision in which SCC upholds protections for privacy and autonomy through the Genetic Non-Discrimination Act

Jul 22, 2020

Significant Expansion of Ontario’s Personal Health Information Protections amid COVID-19: What you need to know

Bill 188 made significant amendments to PHIPA, which affect technology companies, and potentially insurers, who provide access to personal health information.

Jul 15, 2020

The Road to a “New Normal”: Contact Tracing and Privacy Considerations in Canada

Provinces across Canada are starting to lift COVID-19 restrictions and resume some economic and other activities.

Jun 1, 2020

Privacy Penalties – Canadian Competition Bureau Wades Into Privacy Enforcement

Organizations operating in Canada are advised to immediately review their privacy-related policies and marketing to avoid false or misleading representations

May 26, 2020

Privacy Commissioner Releases Tips for Secure Videoconferencing

It goes without saying that organizations’ use of videoconferencing is at an all-time high as many businesses have converted to remote work.

May 5, 2020

Shedding “Light” on a New Privacy Tort

An Ontario court has recently recognized the privacy tort of "false light publicity".

Mar 3, 2020

Consumer-Directed Finance: Canada’s Answer to Open Banking

An overview of the Advisory Committee on Open Banking's recent report entitled Consumer-directed finance: the future of financial services.

Feb 26, 2020

As the “New NAFTA” Approaches Ratification, Regulated Foreign Entities Should Anticipate Stricter Record-Keeping Requirements

A summary of notable amendments to the federal Bank Act and Insurance Companies Act that Bill C-4 (CUSMA) will bring into force.

Feb 25, 2020

How Should AI be Regulated in Canada? Speak now, or forever hold your peace!

Many organizations recognize the potential benefits that artificial intelligence can bring to their business. Canadian regulations coming sooner than later.

Feb 24, 2020

2019 Year in Review: Privacy, Data Protection & Cybersecurity

Focusing our discussion on significant advancements, findings and key takeaways, we will present a “Year in Review” session that will cover many of the notable developments that occurred in 2019.

Feb 4, 2020

New Transparency Requirements: Private Companies in British Columbia Now Required to Collect and Disclose Shareholder Information

Amendments to British Columbia Business Corporations Act require all privately held companies to maintain transparency registers of all significant individuals.

Jan 31, 2020

New Year, New Laws? Canada Sets its Privacy Law Resolutions

A number of recent developments suggest that momentum for significant reform to Canadian privacy and data protection laws is building.

Jan 28, 2020

Keepin’ It “Real”: OPC Finds that PIPEDA Applies to Foreign-Incorporated Business

Keepin' It "Real": OPC Finds that PIPEDA Applies to Foreign-Incorporated Business

Jan 15, 2020

Under the Influence: The Canadian Competition Bureau’s Stand on Misleading Product Endorsements

The Competition Bureau has sent letters to advertisers and advertising agencies warning them to ensure that their Influencer advertising complies with the law.

Dec 30, 2019

Contact Information Posted on Websites Not Necessarily Up for Grabs

Investigation findings of the Office of the Privacy Commissioner highlight issues surrounding the use of personal contact information posted on websites

Dec 19, 2019

IIROC Introduces Mandatory Reporting of Cybersecurity Incidents for Dealers

On November 14, 2019, IIROC amended its Dealer Member Rules to require mandatory reporting by dealer members that suffer a cybersecurity incident or breach.

Dec 9, 2019

One-Year Anniversary of Mandatory Data Breach Reporting: Lessons the OPC Has Learned and What Businesses Need to Know

November 1st, 2018 marked a year since reporting data breaches became mandatory under the Personal Information Protection and Electronic Documents Act ("PIPEDA")

Nov 11, 2019

OPC Maintains Status Quo on Transborder Data Flows…At Least for Now!

Feedback from stakeholders regarding its consultation on transfers for processing and transborder data flows, Office of the Privacy Commissioner of Canada has decided to maintain the status quo.

Sep 23, 2019

Top of the Class: New Cybersecurity Program to Certify Privacy-Minded Businesses

The federal government has launched a new cybersecurity certification program aimed at helping small and medium-sized businesses protect against cyber threats.

Aug 14, 2019

Last Chance for Late National Phase Entry into Canada

It is official - Canada's new Patent Rules will come into force on October 30, 2019.

Aug 9, 2019

“Gonna stand my ground; And I won’t back down”¹ – The OPC charges forward with its controversial consultation on transborder dataflows/transfers for processing

On June 11, 2019, the Office of the Privacy Commissioner of Canada (“OPC”) published a reframed discussion document (the “Reframed Discussion”)

Jun 24, 2019

TOP TWELVE THINGS TO KNOW – New Canadian Trademarks Act June 17, 2019

On June 17, 2019 major changes to Canada’s Trademarks Act will come into force.

Jun 4, 2019

Proposed Digital Charter Could Bring Sweeping Changes to Canadian Privacy Laws

On May 21, 2019, the Canadian federal government released a proposed Digital Charter

May 23, 2019

Is Data Residency Coming to Canada? The OPC Signals a Major Change to its Policy Position on Transborder Dataflows

On April 9, 2019, the Office of the Privacy Commissioner of Canada (“OPC”) initiated a consultation on transborder dataflows under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) (the “Consultation”).

Apr 15, 2019

Financial Institutions: OSFI’s Heightened Cyber Security Incident Reporting Obligations Now In Effect

OSFI published the Technology and Cyber Security Incident Reporting Advisory, which sets out OSFI's expectations for reporting technology and cyber security incidents.

Apr 8, 2019

OSFI Boots Up Cyber Safety with its New Advisory on Technology and Cyber Security Incident Reporting

On January 24, 2019, the Office of the Superintendent of Financial Institutions (“OSFI”) published the Technology and Cyber Security Incident Reporting Advisory (the “Advisory”), which sets out OSFI’s expectations for reporting technology and cyber security incidents.

Feb 6, 2019

The Privacy Commissioner’s Guide to Protecting Personal Information in Cannabis Transactions

The Office of the Privacy Commissioner of Canada recently released a guidance document for Canadian private sector cannabis retailers who collect personal information from their customers.

Jan 30, 2019

Consent Unnecessary to Disclose Credit File to Statistics Canada

A recent OPC investigation highlights the need to proceed with caution when asked to disclose personal information to a government institution.

Dec 30, 2018

What Can and Should the Law Do About ‘Deepfake’: An Update

This update looks at several additional causes of action and discusses how we can limit the deleterious social consequences of deepfake videos.

Dec 5, 2018

Will my Securities Investigation Evidence be Subject to FIPPA?

It is generally safe to assume that records given to government institutions will be subject to freedom of information/access to information legislation.

Nov 26, 2018

Privacy, Data Protection & Cybersecurity Seminar

McMillan is pleased to host its third annual Privacy, Data Protection & Cybersecurity Seminar in Toronto.

Details

November 13, 2018 - 8:30 am to 12:15 pm

Is your Privilege Protected? Ontario Court Revisits Doctrine of “Implied Waiver of Privilege” in Recent Decision

Recent case law from Ontario confirms that a party seeking to rely on parts of privileged document cannot simultaneously claim privilege over the same document.

Aug 23, 2018

A $250,000 Reminder that “CASL” is Not Just an Anti-Spam Law

July, 2018, the CRTC announced it took enforcement action against Datablocks and Sunlight Media - the first time action is taken under Canada's "Anti-Spam Law"

Jul 16, 2018

PIPEDA’s Breach Reporting Requirements Finalized, to Come Into Force November 1, 2018

Personal information where it is reasonable in the circumstances to believe that the breach creates a "real risk of significant harm"[1] to affected individuals

May 15, 2018

Recent Privacy Concerns Call for Increased Transparency and Control

In the midst of the Cambridge Analytica data scandal, businesses should consider whether their data handling practices are consistent with user expectations

Apr 26, 2018

Practicing Safe Text: Drafting Tips from the Stormy Daniels NDA

Stormy Daniels launches complaint asking a California court to find the NDA invalid and confirm she was free to speak publicly about an alleged 2006 sexual affair with Mr. Trump

Mar 22, 2018

If Online Reputation is Everything, Who Wants a Do-Over?

The Office of the Privacy Commissioner of Canada recently released a draft policy position regarding the protection of online reputation.

Mar 16, 2018

BC Court of Appeal Rules Absolute Privilege Precludes Claim for Breach of Privacy

The British Columbia Court of Appeal rules that absolute privilege precludes claim for breach of privacy.

Mar 8, 2018

Canadian Anti-Spam Law: What you still need to know about CASL

Join the discussion where legal and industry leaders will provide the latest updates on CASL and how organizations are rising to the compliance challenge.

Details

November 30, 2017 - 3:30 pm to 5:00 pm

Ransomware and its Spawns

Nov 29, 2017

McMillan’s Second Annual Privacy, Cybersecurity and Data Protection Seminar

Members of McMillan’s Privacy, Cybersecurity, Data Protection groups will be discussing, for the second year running, how client and in-house counsel can educate their firms on how to navigate through privacy in the workplace, cyber security risks and data protection issues on Tuesday Nov 14, 2017.

Details

November 14, 2017

Prying Eyes: Risk of Employee ‘Snooping’ and How to Reduce it

Prying Eyes: Risk of Employee ‘Snooping' and How to Reduce it

Nov 7, 2017

CSA Provides Guidance to Registrants on Cyber Security and Social Media

Nov 1, 2017

Cybersecurity – The Legal Landscape in Canada

Oct 25, 2017

McMillan’s Employment & Labour Relations Group Seminar

Please join us for a practical and in-depth discussion aimed at HR professionals, in-house counsel and operations managers, who want to prepare and better understand how Bill1 48 will impact their business.

Details

September 28, 2017

Sneak Peek at PIPEDA’s Breach Reporting Requirements – Proposed Regulations Released for Comment

Sneak Peek at PIPEDA's Breach Reporting Requirements - Proposed Regulations Released for Comment

Sep 8, 2017

Server Location Not Definitive in Determining Jurisdiction Over Foreign Defendant

Aug 31, 2017

Cybercrime Insurance Coverage Caselaw: Welcome to Canada?

Aug 21, 2017

Supreme Court of Canada Turns the Other Cheek: Facebook’s “Terms and Conditions” – Forum Selection Clause Unenforceable

Supreme Court of Canada Turns the Other Cheek: Facebook's "Terms and Conditions" – Forum Selection Clause Unenforceable

Jun 29, 2017

Taking CASL by Storm: Compliance Tips for Investment Fund Managers

Jun 15, 2017

CASL Private Right of Action Delayed; Enforcement by CRTC Continues

Jun 7, 2017

Know your Obligations: Workplace Privacy in BC

Jun 6, 2017

Data protection in the field of employment in Canada

Employee personal information handled by an organization is far greater than the personal information collected by the organization about customers and third parties

Jun 6, 2017

Privacy in the Workplace, 4rd Edition

Privacy in the Workplace 3rd Edition

May 17, 2017

The tides are changing for cyber regulation, and you may need to take action in order to stay afloat

Apr 5, 2017

Are Canadian Businesses Ready For a Cyber Attack?

Apr 3, 2017

We’ve Overpaid, Now What? OLRB Confirms Employers’ Obligations in Addressing Pension Overpayments

We've Overpaid, Now What? OLRB Confirms Employers' Obligations in Addressing Pension Overpayments

Mar 3, 2017

Are You Ready for CASL’s Private Right of Action?

Are You Ready for CASL's Private Right of Action?

Jan 30, 2017

CSA Provides Cybersecurity Risk Disclosure Guidance and Best Practices for Reporting Issuers

Jan 6, 2017

The Cybersecurity Implications of Driverless Cars

Dec 14, 2016

Privilege wins out over Document Production Requests, Orders and FOI Legislation – SCC Confirms Status of Solicitor-Client Privilege and Litigation Privilege

Privilege wins out over Document Production Requests, Orders and FOI Legislation - SCC Confirms Status of Solicitor-Client Privilege and Litigation Privilege

Nov 30, 2016

McMillan Cybersecurity Article Series

Cybersecurity and cyber risk are growing areas of concern for businesses, governments and individuals.

Nov 8, 2016

“Going Dark” – No Easy Answers on the Cybersecurity Horizon

"Going Dark" – No Easy Answers on the Cybersecurity Horizon

Nov 8, 2016

Privacy, Data Protection and Cybersecurity Seminar

As organizations are increasing their investment in data safeguards, McMillan’s Privacy Group would like to help our clients understand their core privacy, data protection and cybersecurity obligations and related legal issues.

Details

November 3, 2016 - 7:30 am to 12:30 pm EST

2016 Annual Employment and Labour Seminar

McMillan's Labour and Employment Group invites you to join us at our annual employment and labour seminar.

Details

8:00 AM - 11:30 AM