Insights Header image
Insights Header image
Insights Header image

CSA Staff Notice 11-326 – Cyber Security

October 2013 Securities Bulletin 2 minute read

Introduction

On September 26, 2013, the Canadian Securities Administrators (“CSA”) issued Staff Notice  11-326 Cyber Security (“Staff Notice”). The Staff Notice highlights the importance of strong and individually-tailored cyber security measures for issuers, registrants and regulated entities, as such controls promote the reliability of their operations and the security of their confidential information. The Staff Notice identifies two major types of cyber threats in particular that have increased in sophistication and frequency: Denial of Service attacks and Advanced Persistent Threats.

CSA Recommendations for Issuers

The CSA notes that issuers, registrants and regulated entities should be aware of the risks and challenges posed by cyber crime and should take appropriate measures to protect themselves. In particular, the CSA provides the following guidance:

  • Those issuers, registrants and regulated entities that have not yet addressed the issue should consider how to best address the risks of cyber crime, including:
    • Educating staff regarding security of information and computer systems,
    • Following guidance and best practices from industry and security associations, and
    • Conducting appropriate third-party vulnerability and security assessments;
  • Those issuers, registrants and regulated entities that have already taken steps to address the issue should review their cyber security risk control measures on a regular basis;
  • Issuers should consider whether any issues with respect to cyber crime are such that they need to be disclosed in a prospectus or continuous disclosure filing;
  • Registrants should consider whether they are able to manage cyber crime risk in accordance with prudent business practices; and
  • Regulated entities should consider the measures necessary to address the risks of cyber crime.

The Staff Notice further notes that the CSA will consider these issues in its reviews of issuer disclosure and in its oversight of registrants and regulated entities going forward.

by Alexis Marach

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2013

Insights (5 Posts)View More

Featured Insight

Buyer’s Remorse: Asset Purchaser Liable for Pre-Closing Employment Liabilities of Vendor

In a recent British Columbia decision, an asset purchaser was held liable for the pre-closing employment-related liabilities of the vendor.

Read More
Nov 29, 2024
Featured Insight

Reducing NSF Fees: Proposed Regulations Amending the Financial Consumer Protection Framework Regulations

The Governor in Council announced a proposal to amend regulations aimed at reducing non-sufficient funds (NSF) fees.

Read More
Nov 27, 2024
Featured Insight

Federal Court of Appeal Upholds Arrears Interest on Non-Existent Tax Debts: Bank of Nova Scotia v Canada, 2024 FCA 192

The Federal Court of Appeal upheld the charging of "arrears interest" on notional income tax liabilities that are completely offset by carry-backs.

Read More
Nov 27, 2024
Featured Insight

Capital Markets Tribunal Decision Confirms Legality of Hedging Transactions Despite Public Interest Concerns

The recent ruling by the Capital Markets Tribunal underscores the inherent tension between investor protection and the goals of market efficiency and fostering.

Read More
Nov 27, 2024
Featured Insight

Here We Go Again: Employers Ordered to Pay $10,000 in Moral and Punitive Damages for Improper Termination Conduct

Three recent Ontario decisions reinforce the importance of proper termination protocols due to the ever-evolving risk of moral and punitive damage awards.

Read More
Nov 27, 2024