The changes which are to be ushered in by the General Data Protection Regulation (GDPR) in 2018 are substantial and ambitious. This guide seeks to summarise the key changes that the new law will bring and to highlight the most important actions which organisations should take in preparing to comply with it.
This program will explore the best practices for companies that manage vendors and cybersecurity concerns. Some of the significant questions to be addressed include: What are some best practices for vendor due diligence? How can vendor cybersecurity risks be addressed and mitigated, both contractually and otherwise? What role, if any, should in-house counsel have in vendor management?
This 4th annual LegalSEC study provides key insights into the InfoSec programs and practices specific to legal firms.
In this increasingly connected world, an international cyberattack is no longer a possibility but an inevitability. The difference between success and catastrophe in defending against international cyberattacks comes down to not just preventing them, but responding quickly and appropriately when one does occur. In-house counsel must be prepared to work with internal clients to anticipate potential consequences of an international cyberattack, mitigate the risks of an attack, and implement an agreed strategy that effectively deals with the business and legal risks. This session will give in-house counsel the tools to have constructive conversations with their company's business leaders and technical teams to ensure that their program for dealing with international cyberattacks fits the needs of the company and the customers it serves and addresses the company's legal obligations relating to the attack.
The Canadian government issued this document to provide guidance to private sector organizations, both small and large, when a privacy breach occurs. Organizations should take preventative steps prior to a breach occurring by having reasonable policies and procedural safeguards in place, and conducting necessary training. This guideline is intended to help organizations take the appropriate steps in the event of a privacy breach and to provide guidance in assessing whether notification to affected individuals is required. Not all steps may be necessary, or some steps may be combined.
This is a chart showing the comparison of provincial health information protection legislation in Canada.
This sample provides step by step instructions when setting up the protection of personal data in a new context of risk.
This form lists five main tips that can benefit companies in responding to a privacy regulator.
This articles discusses the ongoing legal, ethical, and social debate regarding the role, if any, to afford personal privacy in a globalized and electronic public health surveillance system during a pandemic response.
This is a list of rules on sharing personal health information.