Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
This article, which reviews the Canadian Consumer Privacy Protection Act, first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines.
In June 2022, Bill C-27, or “An Act to enact the Consumer Privacy Protection Act (the Act) and, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts” (Bill C-27) was introduced by the Minister of Innovation, Science and Industry, and underwent First Reading, as a replacement to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). (This is in fact the second effort by the federal government to enact this replacement to PIPEDA. In 2021, Bill C-11 (An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts) — the mooted replacement for PIPEDA — passed Third Reading of the legislative process, but Canada then had a federal election, and as a result Bill C-11 died prior to being enacted.) Prior to the introduction of the Act, there were concerns that it would effectively be a “’Made in Canada’ GDPR”. However, while the Act has taken the lead from the EU General Data Protection Regulation in introducing financially enormous penalties, as well as the right of data portability and the right to be forgotten, enough of the original PIPEDA remains such that the Act is now effectively a PIPEDA/GDPR hybrid.
*May exclude premium content
By Josh Hummel
Federal Court Decision Among the First to Allow a Data Breach Liability Claim to Proceed Under Common Law Bailment Theory
Data breach lawsuits have often struggled to match up the unique realities of data breaches with traditional theories of legal liability. A recent decision from the Southern District of Indiana, however, cut through these issues by allowing a class action claim to proceed on a theory of liability often proposed by commentators as a solution to the data breach liability conundrum but until recently almost uniformly rejected by courts: the common law theory of bailment.
AI Regulation in the U.S.: What’s Coming, and What Companies Need to Do In 2023
By Kim Peretti, Dan Felz and Alysa Austin
Part Two of a Two-Part Article
In Part One, the authors addressed the industries most affected by AI, and began the discussion on U.S. federal and state regulations to expect in 2023. Part Two, continues the discussion on potential federal AI regulation and what companies can do to prepare.
Legal Operations Success In 2023
By Ari Kaplan
Strategies for Navigating an Uncertain Economy, Leveraging CLM Technology to Streamline Processes, and Embracing Change
During a recent discussion with a select group of leaders in legal operations in highly-regulated organizations, several key themes emerged that are likely to drive new initiatives in 2023.
Federal Jury Rejects First Amendment Defense In ‘MetaBirkins’ NFT Standoff
By Todd Larson and Yonatan Shefa
Leading the charge in thorny IP issues have been cases addressing whether NFT makers who utilize other parties’ trademarks can turn to the First Amendment as a defense to trademark infringement. This article analyzes the summary judgment decision that set the stage for trial in Hermes International, and provides some takeaways concerning the legal landscape for NFTs moving forward.