snIP/ITs Insights on Canadian Technology and Intellectual Property Law

Tag Archives: cybersecurity

European Banking Authority Responds to European Commission Public Consultation on Fintech: Potential Takeaways for Canada

Posted in Big Data, Cybersecurity, Financial, Fintech

In March 2017, the European Commission issued a public consultation document on Fintech.  The goal of the European Commission (EC) document is to further the objective of a digital single market within Europe.  This will be done by supporting the development of digital infrastructure,  improving access to goods and services, and ensuring rules foster technological development.

The European Banking Authority (EBA) published its response to the public consultation in June 2017.  The EBA response is significant because it sheds light on how European banks are approaching the areas of artificial intelligence, roboadvisors, crowdfunding, and big data.  Institutions in other countries, … Continue Reading

McCarthy Tétrault launches CyberLex blog

Posted in Consumer Protection, Data Breach, Privacy

McCarthy Tétrault has just launched its twelfth blog, CyberLex, at http://www.canadiancybersecuritylaw.com. This blog discusses trends and developments in cybersecurity, privacy and data protection law in Canada and internationally; offers practical suggestions and insights on how these issues affect companies in a wide variety of industries; and provides guidance on how to address various challenges and opportunities created by technology and legislative developments.

Please visit the blog!… Continue Reading

U.S. regulators review brokerage cybersecurity, provide guidance

Posted in Data Breach, Regulatory Compliance

Earlier this month, the U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) each released reports addressing cybersecurity. FINRA’s report targeted its broker-dealer members, and the SEC’s report targeted broker-dealers and investment advisers, but the twin reports provide a roadmap to cybersecurity for financial market participants generally, both in the US and Canada.

There can be no doubt that cybersecurity is top-of-mind for those regulating the Canadian financial market. For example, the Canadian Securities Administrators recently published CSA Staff Notice 11-326 – Cyber Security in which it stated “[s]trong and tailored cyber security measures are an … Continue Reading

Cybersecurity Governance and D&O liability

Posted in Data Breach

Introduction

The assessment of a corporation’s cyber risks is part of a board of directors’ general risk oversight responsibilities. Since lawsuits, including class actions, are often commenced soon after a data breach, directors and officers should now consider that the board’s oversight of cyber risks may also be closely and thoroughly scrutinized in future litigation and regulatory investigations.

On October 20, 2014, a New Jersey Court dismissed a shareholder derivative suit that sought damages notably from the directors and officers of Wyndham Worldwide Corp. (“WWC”) for several data breaches[1]. This decision is the first decision issued … Continue Reading

The most hackable month of the year: steps companies can take to protect themselves from data breaches

Posted in Data Breach, E-Commerce, Privacy

In a few short days it will be Cyber Monday, the kickoff to the financial madness that is the holiday shopping season. For cybercriminals and fraudsters, December represents the mother lode of hackable data.

How big is the risk?

The malevolently-inclined are getting more ambitious (a 2014 study by the Ponemon Institute that evaluated security-breach costs in the retail sector suggests that average size of a breach is about 30,000 records) and more damaging (average loss is now about $105 per stolen record). The same study estimated that the average cost of a cybercrime for the retailer is about $3.15-million. … Continue Reading

Network Breached? Then Report It – New SEC Guidance on Cybersecurity Disclosure Obligations

Posted in Privacy, Regulatory Compliance

In light of the increasing rate of security breaches in industry and government, the US Securities and Exchange Commission (SEC) has issued guidelines encouraging public companies to disclose cyberattacks waged against them. The guidelines apply to both domestic US companies and foreign private issuers, and may therefore apply to Canadian companies registered in the US.

What types of disclosure are required?

A company is obligated to disclose material information relating to risks (e.g., a security system failure) and incidents (e.g., a security breach) if necessary to avoid misleading investors in light of other required disclosures.

When is disclosure required?

In … Continue Reading