SlideShare uma empresa Scribd logo

Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply

T
This account is closed

Canada's Privacy and New Anti-spam Laws: What you need to know to comply webinar

1 de 31
Baixar para ler offline
Canada’s Privacy and New Anti-spam Laws What you need to know to comply
Topics Include • An overview of Canada’s federal and provincial privacy laws • Storing and transferring personal information outside Canada • Video surveillance • Online behavioural advertising • How to respond to a data breach • Canada’s new anti-spam laws 2
Gowlings at a Glance • One of Canada’s largest law firms • Over 750 professionals across 10 offices worldwide • Recognized expertise in Business Law, Advocacy and Intellectual Property Law 3
Gowlings at a Glance www.gowlings.com 4
Canadian Privacy Law 5
Canadian Privacy Law • The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to private sector businesses in most Canadian provinces • Similar laws apply to information collected in Québec, British Columbia and Alberta 6
Canadian Privacy Law • These laws apply to foreign (non-Canadian businesses) that collect, use or disclose personal information about individuals in Canada, even if the business does not have a Canadian presence • Applies to “personal information” – a term that is broadly defined as “information about an identifiable individual” (apart from their business contact information) 7
Storing and Transferring Personal Information 8
Storing and Transferring Personal Information • Privacy laws don’t prevent it, but it is subject to certain legal obligations: • Accountability: The organization is responsible for personal information in its possession and custody, including that transferred to a third-party service provider • Transparency: Canadian customers must be advised if their personal information is going to be transferred or stored outside of Canada 9
Video Surveillance 10
Video Surveillance • PIPEDA and the provincial laws apply to the capturing of video images in the course of commercial activity, whether those images are recorded or not • “Overt” surveillance: • Must give clear notice about the use of cameras on their premises, before people enter the premises (include information on how they can get access to their images) 11
Video Surveillance • “Covert” surveillance: • Allowed only in exceptional circumstances where overt surveillance would compromise the availability and accuracy of the data, and the collection is for the purposes of investigating a breach of law or breach of an agreement 12
Online Behavioural Advertising 13
Online Behavioural Advertising • Online Behavioural Advertising: • Web-based programs that allow businesses to track consumers’ online activities e.g., flash cookies, beacons, tracking pixels, etc. • Contrary to popular belief online behavioural advertising IS classified as “personal information” 14
Online Behavioral Advertising • Permissible, but subject to regulations: • Transparency: • Users must be aware that this tool is being used • Consumers must be able to “opt out” but still be able to use the services • Should not be used on websites targeted at children, due to their inability to give meaningful consent 15
How to Respond to a Data Breach 16
How to Respond to a Data Breach • Federal legislation - PIPEDA • Voluntary security breach notification • Guidelines from Federal Privacy Commissioner • Voluntary but expected 17
How to Respond to a Data Breach • The Guidelines state there are four key steps to consider when responding to a breach: • Breach containment and preliminary assessment • Evaluation of the risks associated with the breach • Notification • Prevention 18
How to Respond to a Data Breach • Alberta Personal Information Protection Act (PIPA) • Private sector organizations are required under mandatory privacy breach notification provisions to notify the Privacy Commissioner • Threshold of notification: “real risk of significant harm” • “Real risk” means “a reasonable degree of likelihood that the harm could result” 19
How to Respond to a Data Breach • Who is responsible for notifying the commissioner? • Organization with control of the personal information, even if the breach occurred at service provider level • Contents of the report • How many people affected • Information released • Circumstances surrounding the breach • What mechanisms are in place to protect data 20
How to Respond to a Data Breach • If “real risk” is determined, the organization is required to notify those affected • The Privacy Commissioner issues a written decision which is available on their website • The Privacy Commissioner will provide direction on what needs to be in the notice 21
How to Respond to a Data Breach • Protect your organization from a data breach • Review privacy policies and procedures regularly • Train staff on how to prevent breaches • Create guidelines on what to do if there is a breach 22
Canada’s New Anti-spam Laws 23
Canada’s New Anti-spam Laws • Slated to come into effect mid to late 2013 • Canada’s Anti-spam Legislation (CASL) will apply to “Commercial Electronic Messages,” prohibiting all but those messages that comply with its requirements • The CRTC and Industry Canada take the position that existing, valid consent may not survive the transition period • Organizations will need to seek new consent from existing mailing lists 24
Canada’s New Anti-spam Laws • Electronic messages must contain prescribed disclosure language • An unsubscribe mechanism • CASL applies to: • An electronic mail account • An instant messaging account • A telephone account; or • Any similar account 25
Canada’s New Anti-spam Laws • Messages that may be exempt • Those sent between employees of an organization relating to the affairs of the organization • Messages sent between two organizations with an existing business relationship relating to their affairs • Those that respond to an inquiry, complaint, etc. 26
Canada’s New Anti-spam Laws • Penalties for violations • A fine of up to $1,000,000 for a violation by an individual • A fine of up to $10,000,000 for a violation by a corporation 27
Canada’s New Anti-spam Laws • Private right of action for persons who allege they have been affected by a violation • Compensation equal to the actual loss or damage suffered; and • $200 for each contravention, not exceeding $1,000,000 for each day on which a contravention occurred 28
Canada’s New Anti-spam Laws • How organizations can ensure they comply • Be aware of requirements for expressed consent • Why? • Who is asking? • Provide contact information (mailing address + telephone numbers, email or web address) • State that consent can be withdrawn 29
Q&A 30
Thank You Visit www.gowlings.com Email: wendy.wagner@gowlings.com taryn.burnett@gowlings.com chris.oates@gowlings.com montréal  ottawa  toronto  hamilton  waterloo region  calgary vancouver  beijing  moscow  london

Recomendados

Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk Endcode_org
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends Endcode_org
 
California Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnCalifornia Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnKloudLearn
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
S719a
S719aS719a
S719aecommerce
 
IAB Online Content Regulation
IAB Online Content RegulationIAB Online Content Regulation
IAB Online Content RegulationEndcode_org
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoTLAURA VIVET
 

Recomendados

Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk Endcode_org
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends Endcode_org
 
California Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnCalifornia Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnKloudLearn
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
S719a
S719aS719a
S719aecommerce
 
IAB Online Content Regulation
IAB Online Content RegulationIAB Online Content Regulation
IAB Online Content RegulationEndcode_org
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoTLAURA VIVET
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10Zarrar Siddiqui
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal IssuesIkuo Takahashi
 
Hengesbaugh
HengesbaughHengesbaugh
HengesbaughOnkar Sule
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines Skyhigh Networks
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Canadian Breach Regulations: Introduction and Overview
Canadian Breach Regulations: Introduction and OverviewCanadian Breach Regulations: Introduction and Overview
Canadian Breach Regulations: Introduction and OverviewResilient Systems
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
ICANN WhoIs Backgrounder
ICANN WhoIs BackgrounderICANN WhoIs Backgrounder
ICANN WhoIs BackgrounderInternet Law Center
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 

Mais conteúdo relacionado

Mais procurados

Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal IssuesIkuo Takahashi
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines Skyhigh Networks
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Canadian Breach Regulations: Introduction and Overview
Canadian Breach Regulations: Introduction and OverviewCanadian Breach Regulations: Introduction and Overview
Canadian Breach Regulations: Introduction and OverviewResilient Systems
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 

Mais procurados (20)

Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal information
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
 
Hengesbaugh
HengesbaughHengesbaugh
Hengesbaugh
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
Canadian Breach Regulations: Introduction and Overview
Canadian Breach Regulations: Introduction and OverviewCanadian Breach Regulations: Introduction and Overview
Canadian Breach Regulations: Introduction and Overview
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
ICANN WhoIs Backgrounder
ICANN WhoIs BackgrounderICANN WhoIs Backgrounder
ICANN WhoIs Backgrounder
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law Update
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 

Semelhante a Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply

How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
Manufacturing Success Seminar - April 29, 2015
Manufacturing Success Seminar - April 29, 2015Manufacturing Success Seminar - April 29, 2015
Manufacturing Success Seminar - April 29, 2015This account is closed
 
Putting The Consumer First
Putting The Consumer FirstPutting The Consumer First
Putting The Consumer FirstVivastream
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Lisa Abe-Oldenburg, B.Comm., JD.
 
Putting the Consumer First
Putting the Consumer FirstPutting the Consumer First
Putting the Consumer FirstVivastream
 
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...Dr. Oliver Massmann
 
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsTara Aaron
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?walescva
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxNargis Parveen
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinWhitmeyerTuffin
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 

Semelhante a Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply (20)

How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
Manufacturing Success Seminar - April 29, 2015
Manufacturing Success Seminar - April 29, 2015Manufacturing Success Seminar - April 29, 2015
Manufacturing Success Seminar - April 29, 2015
 
Putting The Consumer First
Putting The Consumer FirstPutting The Consumer First
Putting The Consumer First
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
 
Putting the Consumer First
Putting the Consumer FirstPutting the Consumer First
Putting the Consumer First
 
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
 
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffin
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 

Mais de This account is closed

Le gestion de crise : considérations juridiques et pratiques pour traverser l...
Le gestion de crise : considérations juridiques et pratiques pour traverser l...Le gestion de crise : considérations juridiques et pratiques pour traverser l...
Le gestion de crise : considérations juridiques et pratiques pour traverser l...This account is closed
 
CPD Professionalism Program for General Counsel
CPD Professionalism Program for General CounselCPD Professionalism Program for General Counsel
CPD Professionalism Program for General CounselThis account is closed
 
Financing nuclear projects — A. Abdel Aziz
Financing nuclear projects — A. Abdel AzizFinancing nuclear projects — A. Abdel Aziz
Financing nuclear projects — A. Abdel AzizThis account is closed
 
Nuclear Supply Chain Symposium - Canadian Contracting Models
Nuclear Supply Chain Symposium - Canadian Contracting ModelsNuclear Supply Chain Symposium - Canadian Contracting Models
Nuclear Supply Chain Symposium - Canadian Contracting ModelsThis account is closed
 
Trans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual PropertyTrans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual PropertyThis account is closed
 
Life Sciences Licensing — Trends and Issues
Life Sciences Licensing — Trends and IssuesLife Sciences Licensing — Trends and Issues
Life Sciences Licensing — Trends and IssuesThis account is closed
 
Legal issues associated with project management and consulting
Legal issues associated with project management and consultingLegal issues associated with project management and consulting
Legal issues associated with project management and consultingThis account is closed
 
Cross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for BusinessCross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for BusinessThis account is closed
 
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and UnderstandPLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and UnderstandThis account is closed
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThis account is closed
 
IP ownership for R&D companies: Cautionary tales and best practices
IP ownership for R&D companies: Cautionary tales and best practicesIP ownership for R&D companies: Cautionary tales and best practices
IP ownership for R&D companies: Cautionary tales and best practicesThis account is closed
 
Employment and Labour Law Seminar - May 5, 2015
Employment and Labour Law Seminar - May 5, 2015Employment and Labour Law Seminar - May 5, 2015
Employment and Labour Law Seminar - May 5, 2015This account is closed
 
Employment and Labour Law Seminar - May 6, 2015
Employment and Labour Law Seminar - May 6, 2015Employment and Labour Law Seminar - May 6, 2015
Employment and Labour Law Seminar - May 6, 2015This account is closed
 
Social Media and the Workplace: Navigating in a New World
Social Media and the Workplace: Navigating in a New WorldSocial Media and the Workplace: Navigating in a New World
Social Media and the Workplace: Navigating in a New WorldThis account is closed
 
Top 10 Developments in Employment, Labour & Human Rights Law
Top 10 Developments in Employment, Labour & Human Rights LawTop 10 Developments in Employment, Labour & Human Rights Law
Top 10 Developments in Employment, Labour & Human Rights LawThis account is closed
 
Disability Accommodation in the Workplace
Disability Accommodation in the WorkplaceDisability Accommodation in the Workplace
Disability Accommodation in the WorkplaceThis account is closed
 
Enforceability of Termination Provisions
Enforceability of Termination ProvisionsEnforceability of Termination Provisions
Enforceability of Termination ProvisionsThis account is closed
 
Employment & Labour Law Panel Discussion - April 29th, 2015
Employment & Labour Law Panel Discussion - April 29th, 2015Employment & Labour Law Panel Discussion - April 29th, 2015
Employment & Labour Law Panel Discussion - April 29th, 2015This account is closed
 
Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1This account is closed
 

Mais de This account is closed (20)

Brands, Trademarks, and Advertising
Brands, Trademarks, and AdvertisingBrands, Trademarks, and Advertising
Brands, Trademarks, and Advertising
 
Le gestion de crise : considérations juridiques et pratiques pour traverser l...
Le gestion de crise : considérations juridiques et pratiques pour traverser l...Le gestion de crise : considérations juridiques et pratiques pour traverser l...
Le gestion de crise : considérations juridiques et pratiques pour traverser l...
 
CPD Professionalism Program for General Counsel
CPD Professionalism Program for General CounselCPD Professionalism Program for General Counsel
CPD Professionalism Program for General Counsel
 
Financing nuclear projects — A. Abdel Aziz
Financing nuclear projects — A. Abdel AzizFinancing nuclear projects — A. Abdel Aziz
Financing nuclear projects — A. Abdel Aziz
 
Nuclear Supply Chain Symposium - Canadian Contracting Models
Nuclear Supply Chain Symposium - Canadian Contracting ModelsNuclear Supply Chain Symposium - Canadian Contracting Models
Nuclear Supply Chain Symposium - Canadian Contracting Models
 
Trans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual PropertyTrans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual Property
 
Life Sciences Licensing — Trends and Issues
Life Sciences Licensing — Trends and IssuesLife Sciences Licensing — Trends and Issues
Life Sciences Licensing — Trends and Issues
 
Legal issues associated with project management and consulting
Legal issues associated with project management and consultingLegal issues associated with project management and consulting
Legal issues associated with project management and consulting
 
Cross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for BusinessCross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for Business
 
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and UnderstandPLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud Services
 
IP ownership for R&D companies: Cautionary tales and best practices
IP ownership for R&D companies: Cautionary tales and best practicesIP ownership for R&D companies: Cautionary tales and best practices
IP ownership for R&D companies: Cautionary tales and best practices
 
Employment and Labour Law Seminar - May 5, 2015
Employment and Labour Law Seminar - May 5, 2015Employment and Labour Law Seminar - May 5, 2015
Employment and Labour Law Seminar - May 5, 2015
 
Employment and Labour Law Seminar - May 6, 2015
Employment and Labour Law Seminar - May 6, 2015Employment and Labour Law Seminar - May 6, 2015
Employment and Labour Law Seminar - May 6, 2015
 
Social Media and the Workplace: Navigating in a New World
Social Media and the Workplace: Navigating in a New WorldSocial Media and the Workplace: Navigating in a New World
Social Media and the Workplace: Navigating in a New World
 
Top 10 Developments in Employment, Labour & Human Rights Law
Top 10 Developments in Employment, Labour & Human Rights LawTop 10 Developments in Employment, Labour & Human Rights Law
Top 10 Developments in Employment, Labour & Human Rights Law
 
Disability Accommodation in the Workplace
Disability Accommodation in the WorkplaceDisability Accommodation in the Workplace
Disability Accommodation in the Workplace
 
Enforceability of Termination Provisions
Enforceability of Termination ProvisionsEnforceability of Termination Provisions
Enforceability of Termination Provisions
 
Employment & Labour Law Panel Discussion - April 29th, 2015
Employment & Labour Law Panel Discussion - April 29th, 2015Employment & Labour Law Panel Discussion - April 29th, 2015
Employment & Labour Law Panel Discussion - April 29th, 2015
 
Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1
 

Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply

  • 1. Canada’s Privacy and New Anti-spam Laws What you need to know to comply
  • 2. Topics Include • An overview of Canada’s federal and provincial privacy laws • Storing and transferring personal information outside Canada • Video surveillance • Online behavioural advertising • How to respond to a data breach • Canada’s new anti-spam laws 2
  • 3. Gowlings at a Glance • One of Canada’s largest law firms • Over 750 professionals across 10 offices worldwide • Recognized expertise in Business Law, Advocacy and Intellectual Property Law 3
  • 4. Gowlings at a Glance www.gowlings.com 4
  • 6. Canadian Privacy Law • The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to private sector businesses in most Canadian provinces • Similar laws apply to information collected in Québec, British Columbia and Alberta 6
  • 7. Canadian Privacy Law • These laws apply to foreign (non-Canadian businesses) that collect, use or disclose personal information about individuals in Canada, even if the business does not have a Canadian presence • Applies to “personal information” – a term that is broadly defined as “information about an identifiable individual” (apart from their business contact information) 7
  • 8. Storing and Transferring Personal Information 8
  • 9. Storing and Transferring Personal Information • Privacy laws don’t prevent it, but it is subject to certain legal obligations: • Accountability: The organization is responsible for personal information in its possession and custody, including that transferred to a third-party service provider • Transparency: Canadian customers must be advised if their personal information is going to be transferred or stored outside of Canada 9
  • 11. Video Surveillance • PIPEDA and the provincial laws apply to the capturing of video images in the course of commercial activity, whether those images are recorded or not • “Overt” surveillance: • Must give clear notice about the use of cameras on their premises, before people enter the premises (include information on how they can get access to their images) 11
  • 12. Video Surveillance • “Covert” surveillance: • Allowed only in exceptional circumstances where overt surveillance would compromise the availability and accuracy of the data, and the collection is for the purposes of investigating a breach of law or breach of an agreement 12
  • 14. Online Behavioural Advertising • Online Behavioural Advertising: • Web-based programs that allow businesses to track consumers’ online activities e.g., flash cookies, beacons, tracking pixels, etc. • Contrary to popular belief online behavioural advertising IS classified as “personal information” 14
  • 15. Online Behavioral Advertising • Permissible, but subject to regulations: • Transparency: • Users must be aware that this tool is being used • Consumers must be able to “opt out” but still be able to use the services • Should not be used on websites targeted at children, due to their inability to give meaningful consent 15
  • 16. How to Respond to a Data Breach 16
  • 17. How to Respond to a Data Breach • Federal legislation - PIPEDA • Voluntary security breach notification • Guidelines from Federal Privacy Commissioner • Voluntary but expected 17
  • 18. How to Respond to a Data Breach • The Guidelines state there are four key steps to consider when responding to a breach: • Breach containment and preliminary assessment • Evaluation of the risks associated with the breach • Notification • Prevention 18
  • 19. How to Respond to a Data Breach • Alberta Personal Information Protection Act (PIPA) • Private sector organizations are required under mandatory privacy breach notification provisions to notify the Privacy Commissioner • Threshold of notification: “real risk of significant harm” • “Real risk” means “a reasonable degree of likelihood that the harm could result” 19
  • 20. How to Respond to a Data Breach • Who is responsible for notifying the commissioner? • Organization with control of the personal information, even if the breach occurred at service provider level • Contents of the report • How many people affected • Information released • Circumstances surrounding the breach • What mechanisms are in place to protect data 20
  • 21. How to Respond to a Data Breach • If “real risk” is determined, the organization is required to notify those affected • The Privacy Commissioner issues a written decision which is available on their website • The Privacy Commissioner will provide direction on what needs to be in the notice 21
  • 22. How to Respond to a Data Breach • Protect your organization from a data breach • Review privacy policies and procedures regularly • Train staff on how to prevent breaches • Create guidelines on what to do if there is a breach 22
  • 24. Canada’s New Anti-spam Laws • Slated to come into effect mid to late 2013 • Canada’s Anti-spam Legislation (CASL) will apply to “Commercial Electronic Messages,” prohibiting all but those messages that comply with its requirements • The CRTC and Industry Canada take the position that existing, valid consent may not survive the transition period • Organizations will need to seek new consent from existing mailing lists 24
  • 25. Canada’s New Anti-spam Laws • Electronic messages must contain prescribed disclosure language • An unsubscribe mechanism • CASL applies to: • An electronic mail account • An instant messaging account • A telephone account; or • Any similar account 25
  • 26. Canada’s New Anti-spam Laws • Messages that may be exempt • Those sent between employees of an organization relating to the affairs of the organization • Messages sent between two organizations with an existing business relationship relating to their affairs • Those that respond to an inquiry, complaint, etc. 26
  • 27. Canada’s New Anti-spam Laws • Penalties for violations • A fine of up to $1,000,000 for a violation by an individual • A fine of up to $10,000,000 for a violation by a corporation 27
  • 28. Canada’s New Anti-spam Laws • Private right of action for persons who allege they have been affected by a violation • Compensation equal to the actual loss or damage suffered; and • $200 for each contravention, not exceeding $1,000,000 for each day on which a contravention occurred 28
  • 29. Canada’s New Anti-spam Laws • How organizations can ensure they comply • Be aware of requirements for expressed consent • Why? • Who is asking? • Provide contact information (mailing address + telephone numbers, email or web address) • State that consent can be withdrawn 29
  • 30. Q&A 30
  • 31. Thank You Visit www.gowlings.com Email: wendy.wagner@gowlings.com taryn.burnett@gowlings.com chris.oates@gowlings.com montréal  ottawa  toronto  hamilton  waterloo region  calgary vancouver  beijing  moscow  london