Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
The conclusion of the series on Canada’s recently introduced Consumer Privacy Protection Act looks at hot button enforcement issues in the Act.
Part One of this series discussed the history of Canada’s recently introduced Consumer Privacy Protection Act and reviewed the similarities with GDPR, such as data portability, the right not be forgotten, codes of practice, and a safe harbor provision. Part Two of this analyzed the new compliance requirement of valid consent. Part Three continued the analysis of new compliance requirements, including the content of organizational privacy policies and anonymization of personal information policies, and business transaction policies contained in the Act. Part Four concludes the series with a look at hot button enforcement issues in the Act.
By Larry Gagnon
Developing and delivering an IRP or TTE to improve the effectiveness of your incident response approach, in isolation, does not work. If your incident response preparation activity does not include some fundamental tactical actions, when the time comes and your house is on fire, your breach response will fail to meet your expectations.
By Shanil R. Vitarana
Like other organizations, including law firms, in-house legal departments have not been spared from the “great resignation.” Lawyers and professionals across all industries are actively seeking new opportunities for a host of reasons including better pay, better culture and better balance. When they leave, they take with them not just their talent but the institutional knowledge they’ve accumulated, while their former team members are left to piece things together.
By Kristin L. Burnett
The promise that the crypto and digital assets markets bring comes bundled with uncertainty — especially on the regulatory front. Until jurisdictions adopt unified and consistent frameworks that account for the unique facets and features of cryptocurrencies, institutional investors and other market participants must keep abreast of ever-changing, dynamic laws to avoid sanctions and fines.
By Ella Shenhav and Eric S. Adams
In several recent cases, companies with cyber insurance discovered that provisions in these policies led their insurers to limit coverage. Courts have been strictly construing cyber policies, and have found that the coverage provided is narrow. These decisions hinged upon whether an event constituted a covered “direct” loss and whether intervening actions precluded coverage, like an employee responding to fraudulent communications.