In light of the increasing rate of security breaches in industry and government, the US Securities and Exchange Commission (SEC) has issued guidelines encouraging public companies to disclose cyberattacks waged against them. The guidelines apply to both domestic US companies and foreign private issuers, and may therefore apply to Canadian companies registered in the US.
What types of disclosure are required?
A company is obligated to disclose material information relating to risks (e.g., a security system failure) and incidents (e.g., a security breach) if necessary to avoid misleading investors in light of other required disclosures.
When is disclosure required?
In … Continue Reading
With the push from users and legislators towards DNT and with most browsers providing users with the choice of a DNT setting, it is important for businesses to be ahead of the curve. In addition to an organization’s existing policies and safeguards under the Personal Information Protection and Electronic Documents Act (PIPEDA), businesses should have a clear DNT policy and should effectively communicate that policy to the user, explaining exactly what the business is doing with consumer data once a user has chosen not to be tracked.
Privacy versus personalized content – it is the tension that underlies online behavioural advertising (OBA), and increasingly that tension is threatening to snap. OBA is the practice of tracking consumer’s online activities in order to deliver targeted marketing. Businesses stitch together information, like the websites a consumer visits, the content a consumer views and the searches a consumer runs, into a fingerprint of interests and tastes so that the consumer receives more resonant (and ideally more valuable) advertising.
OBA can be extremely valuable to your business. For example, if I purchase peanut butter online, the shopping website may recommend that … Continue Reading