Podcasts about pipeda

Today’s headline news for Canadian IT solution providers: The AI supply chain squeeze: Yesterday, we brought you a special mid-day look at the new partner platform and AI Factory announcements from Dell Technologies World. But if you look past the glitz of the main stage, there was a sobering reality check delivered during the partner-specific keynote. Pete Trizzino, president of global sales at Dell Technologies, warned partners that supply constraints are officially back. Driven by voracious hyperscaler demand for AI infrastructure, the squeeze on GPUs, CPUs, and memory is tightening rapidly. In fact, Trizzino warned that the supply chain issues we are starting to see now could be significantly worse in 2027. For Canadian MSPs and VARs, this is the klaxon sounding for hardware lifecycle planning. Partners need to be having capacity conversations with their clients today, locking in orders, and potentially leveraging IT financing to bridge the gap while hardware makes its way through a congested supply chain. CIRA targets the MSP model: Closer to home, the Canadian Internet Registration Authority (CIRA) is preparing to launch a new channel-oriented product platform at the ChannelNEXT conference in Toronto later this month. Led by channel executive Tim Brien, the upcoming platform marks a dedicated pivot toward a managed service provider model. As Canadian organizations face an increasingly complex threat landscape complicated by strict data privacy regulations like Law 25 and PIPEDA, the demand for sovereign, domestic cybersecurity infrastructure is accelerating. By embracing a multi-tenant channel model, CIRA aims to provide Canadian solution providers with a localized alternative for DNS and enterprise security services, removing the administrative friction of scaling broad deployments. PraisonAI zero-day and Operation Ramz: In the cybersecurity space, threat actors are actively exploiting a critical authentication bypass vulnerability in PraisonAI (CVE-2026-44338). The zero-day flaw was targeted within hours of its disclosure, meaning anyone building agentic AI pipelines with the framework needs to apply patches immediately. On a positive note, INTERPOL has announced the results of Operation Ramz, a massive cybercrime crackdown across 13 countries in the Middle East and North Africa that resulted in 201 arrests and the seizure of dozens of malware and phishing servers. In Brief: Lumina emerges from stealth: Cybersecurity startup Lumina has officially launched an AI-native platform designed to reduce alert noise by 87 percent across cloud, identity, and endpoint environments. With security operations centers overwhelmed by false positives, Lumina is using AI to automatically triage and contextualize threats, freeing up analysts to focus on genuine incidents. Nordian and Starlink partner up: Connectivity provider Nordian has signed a reseller agreement with Starlink to embed high-speed satellite internet directly into industrial equipment. Targeted at the agriculture, mining, and transportation sectors, this allows Canadian edge deployments in remote areas to maintain constant connectivity, enabling real-time telemetry and predictive maintenance. Noah Labs builds local AI: Software developer Noah Labs is building Sentinel, an AI-native integrated development environment designed to run 100 percent on-device. As data sovereignty becomes critical, Sentinel allows developers to build and test AI models locally, removing the risk of exposing sensitive proprietary data to public cloud APIs during the development phase. NSF’s deep-tech initiative: The United States National Science Foundation has announced a $1.5 billion X-Labs initiative to fund deep-tech research. The massive influx of capital is expected to heavily influence cross-border commercialization and innovation in North America, focusing on autonomous systems, quantum networking, and advanced materials. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Tuesday, May 19, 2026, and here’s what’s happening in the channel today. Yesterday, we brought you a special mid-day look at Dell’s new Modern Partner Platform and the massive expansion of the Dell AI Factory. But if you look past the glitz of the main stage, there was a very sobering reality check delivered during the partner-specific keynote. Pete Trizzino, president of global sales at Dell Technologies, took the stage to warn partners that supply constraints are officially back. Driven by the voracious hyperscaler demand for AI infrastructure, the squeeze on GPUs, CPUs, and memory is tightening rapidly. In fact, Trizzino warned that the supply chain issues we are starting to see now could be significantly worse in 2027. For Canadian MSPs and VARs, this is the klaxon sounding for hardware lifecycle planning. If you are waiting until the quarter a client needs a server refresh, you are going to be too late. Partners need to be having these capacity conversations with their clients today, locking in orders, and potentially leveraging IT financing and distribution partners to bridge the gap while hardware makes its way through a congested supply chain. Closer to home, the Canadian Internet Registration Authority, or CIRA, is preparing to launch a new, heavily channel-oriented product platform later this month at the ChannelNEXT conference in Toronto. Led by channel executive Tim Brien, the upcoming platform marks a dedicated pivot toward a true managed service provider model for the national internet registry. For years, Canadian organizations have faced an increasingly complex threat landscape complicated by strict data privacy regulations like Law 25 and PIPEDA. The demand for sovereign, domestic cybersecurity infrastructure is accelerating. By embracing a multi-tenant channel model, CIRA aims to provide Canadian solution providers with a localized alternative for DNS and enterprise security services. The new program is designed to allow channel partners to self-provision services, exert granular control over technical deployments, and scale enterprise-grade security offerings to their small and medium-sized business clients. Ultimately, this move is intended to remove the administrative friction associated with scaling broad deployments, allowing partners to integrate CIRA capabilities directly into their existing recurring revenue security stacks. In the cybersecurity space, it has been a busy 24 hours. First, a major warning for developers and security teams working with autonomous agents: threat actors are actively exploiting a critical authentication bypass vulnerability in PraisonAI, tracked as CVE-2026-44338. The zero-day flaw was targeted within hours of its disclosure, meaning anyone building agentic AI pipelines with the framework needs to apply patches immediately. On a more positive note, INTERPOL has announced the results of Operation Ramz, a massive, coordinated cybercrime crackdown across thirteen countries in the Middle East and North Africa. The first-of-its-kind operation resulted in 201 arrests and the disruption of major cybercrime networks, including the seizure of dozens of malware and phishing servers that have been targeting businesses globally. In Brief: Cybersecurity startup Lumina emerges from stealth today with an AI-native platform designed to reduce alert noise. Connectivity provider Nordian has signed a reseller agreement with Starlink to embed high-speed satellite internet into industrial equipment. Software developer Noah Labs is building Sentinel, an AI-native integrated development environment designed to run entirely on-device. And the United States National Science Foundation has announced a 1.5 billion dollar X-Labs initiative to fund deep-tech research. Full details and expanded stories on all of our In Brief items can be found in the show notes or the blog post at ChannelBuzz.ca. Later today on In The Channel, we have more from Las Vegas. I’ll be sitting down with Alan Ashby, Dell’s senior director of Americas data center presales, to break down the practical realities of the AI infrastructure boom for mid-market partners. And if you haven‘t heard yesterday’s episode yet, that’s probably because there wasn’t one, because outside of Dell Technologies World, it was Victoria Day back home. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Rob Falzon, Head of Engineering in the Office of the CTO at Check Point Software Technologies Canada’s data sovereignty landscape is shifting faster than most organizations realize – and according to Rob Falzon, Head of Engineering in the Office of the CTO at Check Point Software Technologies, the conversation isn’t happening early enough. In this episode, Falzon breaks down the regulatory pressure building around Canadian data – including Quebec’s Law 25, Bill C-8, and new federal PIPEDA reform expected this spring that is expected to include data sovereignty provisions. He draws a sharp distinction between data residency (where data sits at rest) and data sovereignty (control over the entire processing chain) that many partners and their customers are still conflating – and explains why contracts alone can’t solve the problem. Falzon unpacks the CLOUD Act dimension: if data lives in the U.S., it is accessible to the U.S. government regardless of where your company is headquartered or what your service agreement says. For MSPs, the conversation turns to opportunity. Recent research from Kiteworks found that 23% of Canadian organizations experienced a data sovereignty incident last year, and mid-market firms lag enterprise by 15 to 25 percentage points in sovereignty maturity – despite facing the same penalties. Falzon’s advice: lead with risk, not product. He also raises a recent U.S. legal judgment holding that all data entered into ChatGPT belongs to OpenAI – and asks whether organizations using AI services even know where that data is going. Check Point launched a dedicated Canadian data region for CloudGuard WAF in March, opening doors to government and regulated-sector contracts that were previously unavailable to partners. But Falzon’s bigger point is this: the regulatory picture is still coming into focus, and MSPs who get educated now – before the legislation fully lands – have a real chance to stake out expertise and become the trusted voice in the room when urgency hits. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. There’s a phrase you’re probably hearing more and more in customer conversations: data sovereignty. And if you’re not hearing it yet, you probably will soon. Canada’s regulatory landscape around data is shifting fast. Quebec’s Law 25 is already in force with real financial penalties. Bill C-8, the Critical Cyber Systems Protection Act, is working its way through committee. New federal privacy reform is expected this spring, and underneath all of that, there’s a growing realization that the old assumption—that if it’s okay for the U.S., it’s okay for us—may not hold up much longer. My guest today is Rob Falzon, Head of Engineering in the Office of the CTO at Check Point Software Technologies. Rob has spent over 30 years in large-scale security architecture, including government work, and he’s been with Check Point for over two decades. He’s based here in Canada and has a front-row seat to how this market handles security and compliance differently from the rest of the world. We’re going to talk about what’s driving the urgency around data sovereignty in Canada right now, the distinction between data residency and data sovereignty that a lot of partners are still conflating, and what it all means practically for MSPs serving the Canadian mid-market. Let’s get right into it—my chat with Rob Falzon. Rob, thanks for taking the time. I appreciate it. Robert Falzon: No trouble. Robert Dutt: You’ve been in the industry a long time, with Check Point for two decades, and you’ve had a front-row seat to how the Canadian market specifically handles security and compliance. For an audience of Canadian VARs and MSPs, how has the data conversation in Canada changed over, say, the last 18 months or so? It feels like something’s shifted in that discussion. Robert Falzon: Yeah, there’s been a significant shift. In the past, obviously, we’ve seen the changes that have happened with our neighbors to the south and how the climate and atmosphere have changed. It’s caused folks in Canada to have a closer look at what their various different arrangements are from a trust perspective, and what their comfort level might be in where they store their data and how they manage that data—and where their customers are based as well. I think that’s been the primary change in the last few months specifically. For a long time, we’ve had this feeling that Canada and the U.S. have been sort of the same. There wasn’t really a big concern because we have agreements back and forth. A lot of the recent changes have forced us to really revisit those arrangements and see: are we actually making sure that the information is safe and protected? As a result of that, we’ve been getting those questions at Check Point, and it’s incumbent upon us to manage it in such a way that our customers get the security and safety they need while meeting their business requirements. Robert Dutt: From the regulatory side of things, there’s a lot going on. We have Quebec’s Law 25 in place with real penalties behind it. We have Bill C-8 working its way through committee. There’s going to be PIPEDA reform coming up sometime fairly soon, which is rumored to include data sovereignty provisions. Back in November, the government introduced the Digital Sovereignty Framework. For a Canadian MSP who hasn’t been tracking all of this closely, what’s the picture they need to have in their head right now of the regulatory scene? Robert Falzon: Well, like you pointed out, there’s no comprehensive federal law just yet. As you mentioned, there are a number of things on the table and we have some direct focus now from the federal government. There’s a minister assigned specifically for AI that’s taking a very close look at how Canada is managing that. We also have this provincial patchwork. Ontario probably has the most established AI-specific roles so far. Alberta’s Privacy Commissioner also has a report they released last year talking about Alberta creating its own AI law and updating its privacy legislation. All of these changes are happening fairly quickly right now, and it’s incumbent upon MSPs to make sure they’re aware of what these changes are and where they are operating their businesses. There are two aspects to this. The first is the business side: if you have customers that want to consume your services, you need to make sure your services are consumable by them—that you are meeting their data regulation requirements and that the residency and sovereignty requirements these new pieces of legislation introduce are met by whatever services you’re providing. The challenge is that there’s not a lot of clarity right now around what these actual services are. Maybe AI is touching it, or some security component is touching it, but maybe it’s a different type of service related to marketing. This is going to be a challenge for MSPs to make sure they understand their compliance obligations and to closely look at their service offerings. They need to start to decouple what we used to think was an accepted understanding—that if it was okay for the U.S., it was okay for us. It’s not going to be the same anymore. Robert Dutt: There’s another piece of legislation, not necessarily on our side, but the CLOUD Act hanging over all this. Can you walk us through how the CLOUD Act changes the calculus for Canadian organizations using a U.S.-headquartered cloud or security provider? Robert Falzon: There are a few things here to unpack. First of all, it’s not finalized; there are still a lot of negotiations underway. This started back in 2021 or 2022, and obviously, when that started, we were in a completely different geopolitical context than we have today. That’s transformed things into a more complex policy debate and even, to some degree, a national security debate. For us, we’re going to have to start looking very carefully about what regulations we put in place at the federal level that impact us from a legal compliance perspective. Is your CISO well aware of what your obligations are under this? I think if I look at what’s going to change, we’re still going to have to start hosting much of the information we work with in Canada. Anything related to security rule sets, business transaction information—all of this is going to have to be stored in Canada. If you are still leveraging contracts that you might have in the U.S., you’re going to have to look at how you separate out those specific types of data that are protected by law and have them processed and stored in Canada. You may not be able to get out of some of these hosting contracts in the U.S., but the fact is, if that data is in the U.S., it’s going to be available to the U.S. government. If that availability contravenes any legislation we have here, it’s something you’re going to be liable for. Robert Dutt: A lot of times, maybe at the customer level and the partner level, there’s some conflation between data residency and data sovereignty. Can you break that apart? I think when a lot of people hear, “We have a Canadian data center,” they assume the compliance checkbox is checked. Robert Falzon: Yeah. The difference fundamentally is essentially data at rest versus data in motion. If you are storing databases or static information about customers, that data must be resident in Canada. Data sovereignty is essentially the entire chain. Any processing has to be done in Canada, storage has to be done in Canada—the data cannot leave the country or its control sphere the entire time it’s in your possession. I think that’s a critical differentiation because they are often, as you say, conflated to be the same thing. Robert Dutt: What does a sovereignty-defensible architecture actually look like? What are the non-negotiables to make sure you’re covered off there, especially as a service provider? Robert Falzon: You have to look at all of your vendors. You have to make sure that not only are you managing your data effectively yourself, but that all of the vendors you interact with are also following the same guidelines. The challenge here is that we are so integrated with U.S. providers—cloud providers, data center providers. All of those things need to come together, and we need to be aware at all times where this information is stored. Our understanding of where that data is has to improve, so we need better tools to manage that visibility. But we also need to start making actual changes in our infrastructure to make sure it physically resides in Canada. And then we need to look at the rule sets you’re using to manage that data. Do you have the proper security context to store and manipulate that information strictly in Canada as per data sovereignty regulations? Robert Dutt: Let’s bring this to the partner level. There’s a recent survey from Kiteworks that shows 23% of Canadian organizations experienced a data sovereignty incident last year. Mid-market firms lag enterprise by 15 to 25 percentage points in maturity, but they face the same penalties. For an MSP serving that mid-market space, where’s the actual opportunity in terms of educating and compliance? Robert Falzon: Well, if MSPs are at the stage where they’re concerned and trying to get information, imagine where many of our customers are standing. Customers are trusting their partners to provide them with guidance and leadership. If we think about verticals like healthcare, financial services, or the public sector—these are not organizations that typically have heavy internal services or the skill sets to make these decisions about where their cloud data is processed. They’re relying on partners for that. If there are issues, the buck stops with the customer themselves. By helping to educate their customers—making them aware of coming changes, understanding the differences between sovereignty and residency, and looking at their other vendors—partners can take a leadership position. There’s a bit of a vacuum right now in speaking with both partners and customers, where everybody’s just going, “I wonder what’s going to happen next? Am I even ready for this?” It’s a great opportunity to improve their business. Robert Dutt: Is the first question to that customer the general, “Do you know where your data is living and who has access to it?” Or what’s the first concrete question an MSP can take to their customers? Robert Falzon: Well, there are a whole lot of things. First, partners are going to have a better understanding of their customer profile. If they have customers with significant multi-cloud complexity or exposure to the CLOUD Act, they’ll want to start by talking to them about their immediate risk. The challenge we often have is that we want to go in and talk about how a product or service is going to make a difference. Ultimately, what we really need to do is share the conversation about risk. The risk conversation is often overlooked in favor of saying, “I’d like this customer to buy some more Check Point.” But at the end of the day, all of that comes back to their understanding of what the risk is. I would start with risk: talk about what’s in the CLOUD Act, talk about complexity, and talk to them about AI data exfiltration and how that impacts leakage from a legal perspective. Stay away from conversations about specific products and focus on the business outcomes for the customers. That’s what’s going to get you the traction. Robert Dutt: Check Point launched a dedicated Canadian region for CloudGuard Web Application Firewall in March at the Victoria Privacy Summit. What’s driving security vendors specifically to put in infrastructure in Canada right now? Robert Falzon: This is an interesting question because it’s really not a “right now” thing. This is something we’ve been actively looking at for some time. It’s not as easy as just saying, “I’m going to do this in Canada only.” There’s a lot of backend stuff that has to happen. Five years ago, the technology and infrastructure available were somewhat limited. You have to be able to trust the infrastructure you’re placed in. It’s taken years to get here, and we’re quite confident in our ability to deliver the exact same level of quality as we did when it was solely based in the U.S. Countries around the world are starting to take a close look at their most important assets—data and intellectual property—and seeing how easily technology is being used to gain access to private information. Companies would be well-served to understand that this has been a long cycle; it’s not something that just happened overnight. Robert Dutt: For a partner who’s already selling Check Point solutions, what practically changes for them now that this Canadian data region is in place? What deals or conversations does it unlock? Robert Falzon: Certainly anywhere where privacy is paramount, it’s going to have a huge impact because you can start the conversation with the understanding that anything we’re talking about today is going to be data resident and data sovereign to your Canadian customers. That immediately sets you apart from many other vendors who cannot make that claim. If you can address the concern of privacy legislation right out of the gate, then you can focus on the actual business outcomes. It’s going to open doors with agencies very sensitive to this—government entities at the municipal, federal, and provincial levels that might have been off-the-table to a partner that didn’t have solutions meeting those criteria. Robert Dutt: For the MSP who’s a little earlier in the process, what’s the first practical step internally to make sure you’re building this out as an opportunity? Robert Falzon: You have to be extremely well-educated in the legal aspects because you’re going to want to make sure you have a compliance story and accountability you can speak to with your customers. But looking at all the uncertainty relating to AI and machine learning, being able to tie data residency and sovereignty into how that impacts their ability to utilize these new technologies would be a real door opener. There’s a tremendous amount of misunderstanding and lack of information available to customers currently running these solutions. If I were a partner today, I’d be looking at how I have the conversation about security, privacy, and data sovereignty in terms of their ability to be more competitive in the future by leveraging these advanced technologies in a secure way. Robert Dutt: What’s the risk of doing nothing? If I’m a partner and I decide to just keep selling the same way and assume data sovereignty is someone else’s problem, what does that look like 12 months from now? Robert Falzon: Hopefully your customers are already taking a zero-trust approach, so it might be easy to say, “I’ll wait until this settles a bit.” It’s not crazy to think that could still be effective. But if one waits too long and it becomes legislation, now you’re playing catch-up. You won’t be perceived as a leader in the space, and as we know, it’s much harder to win business away from someone else than it is to keep business you already have. Robert Dutt: Last question: what’s the thing about data sovereignty in Canada right now that you think isn’t getting enough attention? Robert Falzon: I think honestly, the conversation about data sovereignty and residency itself is not mentioned enough. It seems to be addressed after the fact. I’m starting to see it come to the forefront, but I still don’t have conversations on a daily basis about this. Even though this announcement was made, I’m still not getting a lot of phone calls about what this means for me, and I would have expected to get a lot more. If we look forward five years, we’ll look back at this and go, “Wow, I can’t believe we only just got that then.” Things are moving so rapidly. If we look at the adoption of AI internal to large corporations—I’ll ask them if they are using AI services, where those services are based, and what the legal ramifications are. Nobody is talking about where the data from ChatGPT lives. There was a legal judgment in the U.S. a couple of weeks back where it was agreed that all data entered into ChatGPT belongs to them—it belongs to OpenAI. Imagine if that’s your company’s data, and you don’t even know it’s leaving because the services you’ve invested in are hosting data all over the world and not in Canada. That’s a risk that’s really not being discussed in an appropriate way. Robert Dutt: It’s an interesting indicator. If the conversation isn’t happening early, it suggests we’re still early in the cycle, and that’s an opportunity for an MSP to stake out a brand in this space. Robert Falzon: Exactly. At this very moment, anyone in the partner ecosystem should be looking at their internal systems and processes and finding out how compliant they are personally. If you don’t understand your internal architecture and what partnerships you have in your own pipeline, you’re going to be well behind when it actually comes to implementation. Robert Dutt: Great insights. Thank you very much for your time, Rob. Robert Falzon: Thank you so much. Robert Dutt: There you have it, Rob Falzon from Check Point Software Technologies. I’d like to thank Rob for his time and for a conversation that I think went well beyond the usual talking points. Thank you for listening. Here’s a few things that stood out for me from this conversation. First, there’s a really important distinction between data residency and data sovereignty that Rob laid out cleanly. Residency is about where the data sits at rest. Sovereignty is about the entire chain—processing, storage, the works—and making sure none of it leaves the country’s control sphere. If your customers think having a Canadian data center checks the compliance box, that’s a conversation worth having with them. Second, there was that striking point about AI data exfiltration. A recent U.S. legal judgment held that all data entered into ChatGPT belongs to OpenAI. If your customers are using AI services and don’t know where that data is going and who owns it once it gets there, that’s a risk that most people simply aren’t talking about yet. And that brings me to what I think was the most telling moment: Rob’s candid admission that even after Check Point’s Canada data region announcement, he’s not getting a lot of calls about data residency. That tells me we’re still early. The regulatory picture is coming into focus, but it’s not fully formed yet, and a lot of partners and customers are in wait-and-see mode. That’s actually an opportunity. If you’re an MSP who moves now—gets educated on the regulatory landscape, audits your own internal compliance, and starts leading the sovereignty conversation with your customers—you have a chance to stake out real expertise and become the trusted voice before this becomes urgent and everyone’s scrambling. Follow or subscribe to the show. You can find In The Channel on Apple Podcasts, Spotify, YouTube, and most podcast directories. Ratings and reviews are always appreciated—they help other folks in the channel find us. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Send us Fan MailWe are back again, and why so Serious?We are well into to season 7 of the Serious Privacy podcast, with dr. K Royal, Ralph O'Brien and Paul Breitbarth.  Ahead of IAPP Washington DC, we discuss the new Oklahoma SB546, the Global CBPR forum meeting in Lima Peru, regulatory capture, Trademarking your image, Delve compliance controversy and the HUGE news of court cases regarding Social Media addiction which may open the floodgates to more cases... and much much more!CBPR updates: Social Media addiction case: Image Trademarking: Delve controversy: Also this season, we will keep you up to date of developments in the data protection and privacy community, artificial intelligence and some cybersecurity. And of course we'll bring you interviews with great guests! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Rob Scott, co-founder of Monjur Rob Scott, co-founder of Monjur and managing partner at Scott & Scott LLP, joins the podcast to talk about what’s broken in the average MSP’s contract stack and what it takes to fix it. Rob has spent more than 27 years at the intersection of technology and law, and his firm works with over a thousand managed service providers across North America. The conversation covers the three biggest areas of contract risk Rob sees across the MSP community: agreements that haven’t kept pace with the services being delivered, unaddressed vendor and third-party liability, and missing data processing agreements in an increasingly complex regulatory environment. Rob walks through practical provisions most MSPs don’t have but should, including a “security recommendations” clause that shifts liability to customers who decline recommended protections. Rob also digs into why AI is changing the contracting equation in both directions – from the new service attachments MSPs need when delivering AI-powered services, to the risks of using unsupervised LLMs for contract drafting – and offers a candid assessment of where Canadian MSPs stand relative to their American counterparts when it comes to contracting maturity. The conversation wraps with a practical starting checklist for MSPs who know their contracts are out of date but don’t know where to begin. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. My guest today is Rob Scott. Rob is the co-founder of Monjur and managing partner at Scott & Scott LLP, where he’s spent more than 27 years at the intersection of technology and law. His firm works with over a thousand managed service providers across North America on their contracts, and he recently launched Monjur Pilot, an AI-powered legal assistant built specifically for MSP contracting. Now, I know what you’re probably thinking – contracts aren’t exactly the sexiest topic in the channel. But here’s the thing. Most MSPs, I think, know their contracts are out of date, and they also know that they should do something about it. They just don’t. And in a world where the threats are evolving, AI is changing the service landscape, and the regulatory environment, particularly here in Canada, keeps getting more complex, the gap between what your contracts say and what your business actually does is becoming a real liability. Rob has seen what happens when that gap catches up to you, and he’s got some very practical advice about what to do about it. Let’s get right into it. My chat with Rob Scott. Rob, thanks for taking the time. I appreciate it. Rob Scott: Thank you for having me. Robert Dutt: You’ve been working with MSPs on their contracts for, I think it’s over two decades. What’s the state of the contract stack for the average MSP in 2026, and how wide is the gap between what most MSPs are actually running on and what they should be running on? Rob Scott: That’s a great question. When I look at contracts, I see three big areas of risk for MSPs. One is that their agreements don’t keep up with their services. In the MSP world, that means you’re offering compliance advisory services without proper compliance advisory contracts. We call that service attachment for managed compliance. You’re now working with clients in and around AI and AI products, which are using a pre-AI customer contract. These are the things that change with frequency in IT, and for MSPs, that means one area of contract protection – static agreements don’t fit with emerging service offerings like tech. Sometimes their agreements don’t keep up with their services, and other times, their agreements are not reflected for trends in the marketplace or specific risks. For example, ransomware attacks or emerging cybersecurity risks. MSPs don’t frequently have, for example, very clear-cut exclusions from responsibility for the criminal acts of third parties. Similarly, their contracts don’t limit their liability for acts or omissions of vendors. We monitor the terms and conditions of over 1,200 vendors in the MSP channel, and our clients get their customers to sign a waiver for any acts or omissions of those third parties. That’s an area – what I call vendor risk – which many MSPs are exposed. Then the third big category is regulatory risk, operating with customers in regulated markets without the appropriate data protection agreements and data processing agreements that are required by both international, federal, and state laws. Those are the areas where most MSPs have been underserved by traditional legal services, which have caused many to move in the direction of do-it-yourself, which has many exposing themselves to unsupervised LLMs. While contracting for MSPs is very complex, they really have not been well-served by traditional legal services. Robert Dutt: The open LLMs is what keeps me up at night. Shadow AI is a concern for lawyers, or at least us, as much as it is for MSPs. Shadow AI in their customers’ organizations, us for different reasons. But the MSPs are faced with a challenging choice between choosing fast and inexpensive do-it-yourself legal protection that lacks accountability and supervision, or traditional legal services that can be slow, can be expensive, and can be out of touch with what MSPs do. Many of my clients have shared stories about interactions with lawyers, not fondly, in part because the lawyers had no clue what they did, and they felt like they were paying the legal fees to explain to the lawyers what an MSP does. Rob Scott: And so it’s been a challenge for many MSPs to get legal protection that’s both fast, affordable, and offered by MSP-specific attorneys. Robert Dutt: You touch on the problem of keeping up with technology trends. I’m thinking in broader terms than that. What about whole directions of risk, I guess I would say. The example I think of is we’re doing a lot of tracking of the trend of abuse of trust. Attackers not breaking in, but logging in through trusted identities, VPNs, software supply chain attacks, those kinds of things. Basically, when the threat itself has shifted so fundamentally, how far behind are most MSPs in terms of accounting for that in their contracts? Rob Scott: I would say very far behind. I would say overall, the customers that we talk to, the people we meet, are either on some do-it-yourself approach that really hasn’t been updated by an experienced attorney, or hasn’t been updated recently to reflect the emerging threat landscape as you described it. But we’re constantly updating our agreements to properly reflect detailed terms and conditions about these emerging threats. And I’ll give you an example. We have in our MSA a provision called security recommendations. And what that provision says is the MSP may from time to time give the customer recommendations about security compliance. For example, multi-factor authentication. And if the client does not accept or move forward with those proposals, anything that happens as a result that those things could have prevented is 100% on the customer – the MSP is off the hook. And so when I think about emerging technology and the changing threat landscape, a lot of it has to do with how you manage the communications and the risk associated with that. And MSPs have had the hard choice in the past of having to either tell a client, “No, I’m not going to support you,” or, “Hey, I’m going to give you this waiver to sign.” And this whole topic of declination of services around point solutions that deal with emerging threat factors has been a common issue with MSPs. They go to the customer. They’re like, “You’re exposed. You need these advanced security features.” I mean, there’s new stuff all the time, but right now, it’s a lot of focus on zero trust. And so it’s not inexpensive to implement a zero trust model within a business. And if an MSP wants to implement zero trust, the customer has to cooperate to buy those things. And the customer doesn’t understand them well enough to know what they do or why they need it. So their first reaction is to say, “No, it’s too expensive.” And that puts the MSP at risk, because I tell the MSPs, my opinion is their network is only as strong as its weakest link. So if you let these customers on that you know are overly risky, that puts the whole portfolio of customers at risk. And that’s a lot of what you’re talking about with those threat vectors. Those threat actors are thriving on being patient. And it’s not just like, “Do we have guards at the front door?” It’s like, “We need guards in every room.” They’re already in. So that’s one of the things that I think most people think about. Cybersecurity is like hacking events or ransomware events, but so much more of it is they’re in your networks, they’re able to move around, they’re squirreling their way into different areas, and they’re being very patient waiting for that opportune moment. And so it’s not just about keeping people out, it’s also about catching them after they get in. And that’s where a lot of these emerging technologies and emerging threats are posing unique challenges from a cybersecurity perspective. And the question is, “How are your agreements evolving?” And that’s where making sure that your vendors are all on there. So if there’s any act or omission of a vendor, that you can be covered for it. And the things that happen in cybersecurity, like criminal acts of third parties, is expressly excluded. I don’t think you need to go into as much of the specific threats. If you get a strong and enforceable exclusion against the criminal acts of third parties, almost every cybersecurity risk that would be impactful to an MSP is also a criminal act by the person who perpetrates it. Robert Dutt: About a year ago, you did a piece around the theme of “Your MSA is broken and AI is to blame.” We’re a year further in, things have only accelerated. MSPs are selling Copilot bundles, offering AI-powered services. Their customers are deploying AI tools whether the MSP knows about it or not. From the customers’ point of view, how far behind are most MSP contracts relative to the AI services that they’re delivering or their customers are using today? Rob Scott: We came out with a special service attachment for managed AI in 2024. And at that time, people said, “I don’t really need it. We don’t know what we’re doing yet.” Today, people come to Monjur just because of that attachment. And the way that attachment is built is, number one, you don’t have the right definitions in your current agreement for things like AI input, AI output, the model, the trainings – all of these things that are relevant to AI that wouldn’t be in a master services agreement for managed services. Beyond that, you need your service descriptions. Is this AI readiness assessments? Is this app dev? Are we building RPA and automations? What is it exactly that the services entail? And so that’s a big part of it. And our structure is designed to cover just about every AI service that an MSP could do. But it’s also important to make sure that you have the proper exclusions and client obligations. So when you think about exclusions, it’s like the MSP shouldn’t be responsible if the legal world changes and suddenly that client’s use becomes illegal. Think of helping customers deploy voice agents. And then it becomes clear that you can’t use a voice agent to do cold calling, or voice agents get outlawed altogether. It needs to be clear that the MSP is not taking the responsibility for how government reacts to the impact of AI. Similarly, there should be an obligation on the customer’s part to be committed to ethical use of AI. Responsible AI is something that I put in as a mutual obligation to all parties to a contract that I write around AI. I think it’s foundational for humans to be committed to responsible AI. So there’s things – just a few examples – but things that you wouldn’t see in an MSA. So ask yourself, why would you expect your pre-AI MSA to protect you in an AI world? The answer is MSPs increasingly are offering AI-related services under contracts that weren’t built for these services, and those that are, are putting themselves at significant risk. And it’s not necessary, because there is a ready-made solution for MSPs to protect themselves when engaged in selling Copilot, helping clients with AI projects, which we’re all going to be doing. Let’s get it straight. This is not new. This is not a temporary blip. I think the only temporary part of it is this AI distinction. I don’t think there will be, in the long run, a distinction between AI tools and non-AI tools. All tools will be AI. So the way things are going, MSPs need to be prepared for that. All of what so many more MSPs are now in the territory where they would be protected by a specific service attachment that doesn’t exist in their contract stack today. Robert Dutt: The other side of that equation of AI use in the MSP is that a lot of MSPs themselves are tempted to use some of the generic LLMs to draft or review their own contracts. Where do you see the line between that being helpful and that being dangerous? Rob Scott: I don’t think MSPs should be forced to choose between using AI and using attorneys. I think that’s the state of the market today. They’re faced with these unsupervised LLMs that are risky, where there’s no accountability. They’re telling you, “Don’t use this for law,” and you’re using it for law. If you have a bad outcome, whose fault is it? The New York State Senate has got a Senate bill, which I think will be the first of many, that would make it illegal for LLMs to give out legal advice, because it’s doing way more harm than good. I think the one thing to think about the perspective on this is lawyers are getting sanctioned and held in criminal contempt for using AI, and the AI is making mistakes. If it’s going undetected by the lawyers, why do you think you’re in a position to supervise the AI to protect your legal interests? I mean, it gets it wrong so much. The accuracy of legal outputs from unsupervised LLMs is so low that it is like playing Russian roulette. So I don’t blame the MSP. I just think that the future is attorney-supervised AI, where the customer starts with a template that is lawyer grade. I think if you put Monjur Pilot up against these unsupervised LLMs and you draft an agreement starting with a Monjur template versus starting with nothing and an unsupervised LLM, your first pass is a totally different thing. And then the second thing is lawyers need to be in the loop at the last mile. You should be able to press a button within your AI and say, “Submit for legal review,” and the lawyer should be able to just look at it in-app and finish what you built. So you start with a legal template that’s legal grade. You operate in a legal-grade AI environment that has the proper guardrails, and you make sure that attorneys supervise all of the work that the clients are doing, so that the MSP no longer has to choose between fast and inexpensive and slow and sometimes cost-prohibitive. So we think that AI unlocks something pretty special for the Monjur subscriber, which is the benefit of having your lawyers at your fingertips 24/7 through a trained AI legal assistant. But that’s not a replacement for your lawyers. It just supplements your relationship with your lawyer. So in this way, we deliberately call them legal assistants because they play the same role as a legal assistant in a law firm. The legal assistants don’t practice law without the lawyer supervision. They help the clients get better service from the lawyers. And that’s the role of AI in the Monjur vision, which is attorney-supervised LLMs that provide a safety layer on top of the LLM of your choosing. So our system is called “at any LLM,” but in each instance, we’ve implemented prevention of hallucination and preservation of context through RAG architecture that allows our legal assistants to give responses that the lawyers feel they can stand behind and nevertheless supervise. Robert Dutt: Our audience is primarily Canadian MSPs and other types of IT solution providers. You serve over a thousand MSPs across North America, including Canada. What are the things that Canadian MSPs need to be thinking about in their contracts that their American friends don’t? I’m thinking PIPEDA, I’m thinking Quebec’s Law 25, the cross-border data question and data sovereignty, but I’m curious what you see as the biggest gaps from the Canadian side specifically. Rob Scott: I think the ones that you mentioned are sort of at the surface, in the sense that those are concrete, objective things. Like, the data processing agreement for our US customers has different regulations in it than our Canadian customers, and the Canadian ones contain the laws that you mentioned. The bigger issue that I see in Canada is a cultural issue. This idea that contracts are not important because we’re not in America where everybody sues at the drop of a hat. We don’t value legal protection in the same way that people might in the US, because the threat of litigation in their mind is lower than maybe the threat of litigation in the minds of the MSPs in America. My response to that is I acknowledge the differences between the US and Canada as relates to litigation and dispute resolution, but I don’t think that that means that Canadian MSPs don’t benefit from having great contracts. It’s more of a question of what level of risk is being mitigated and the best way to mitigate it. I fear that too often in Canada, it’s not a question of does your DPA properly reflect Law 25 or PIPEDA. It’s a question of, are your agreements well thought out at all, because maybe you don’t think that it’s that important to have good agreements. And it’s about 15 years culturally and mindset-wise behind the MSP market that I began working on. Where early on in America, there was a large sentiment that a handshake deal is good enough. I deal with my friends and I don’t perceive a high risk of litigation. And if someone wants to get out of my contract, they’re not happy with me, I let them go anyway. Why do I need all this paperwork? And I think that’s a big thing that we have to work on for education with MSPs in Canada, which is you don’t have to be in a litigious market like America to benefit from good contracts. Robert Dutt: Well, and here’s an interesting aspect to that cultural thing too. A lot of Canadian MSPs are serving clients on both sides of the border, or are using US-based vendor tools to deliver services to their Canadian customers. How should MSPs be thinking – even if they’re functional just in Canada in terms of customer base – how should they be thinking about cross-border exposure in their contracts? Rob Scott: Well, look, I think that unless you know, for example, where every data subject resides in every system that you manage, you could be in Canada with customers with data subjects in their systems that you manage all over the US. And the laws run by where the data subject resides. So that’s one of the big challenges. And then the other challenge is, don’t you want to put yourself in the position where you can say yes to as many deals and customers as possible? And don’t you want to make sure that you have compliant agreements that will allow you to operate in multiple markets? And we have a lot of MSPs, I would say, that are on the Monjur platform that are enjoying dual libraries. So a set of agreements in English for the US, a set of agreements in Canada in English for English-speaking provinces, and then a set of agreements in Quebec, specifically for Quebecois law, presented in French. So we do offer some granularity in terms of localization in each market. And our strategy is we partner with local law firms in each jurisdiction to localize and maintain the updates of our agreements. And so we have a law firm that we work with in Quebec and several others in other provinces, including one in Toronto, where we partner with them to keep the agreements updated for those markets. Robert Dutt: I think for a lot of MSPs, contracts are in the category of necessary evil, something they grudgingly do to avoid getting sued – or in some cases don’t do well enough to avoid getting sued. But I wonder if there is a case to be made for treating your contract stack as a competitive advantage, and if so, can you walk me through what that looks like in practice? How you can take a solid contracting situation and use it as a way to help your organization grow, and not just stay out of trouble when things go wrong. Rob Scott: Yeah. So I think it’s an excellent question. I think the first part of it is something that now jives to me going to the dentist. Like, I know I have to go to the dentist. If I want to not have cavities, I have to go to the dentist. If I don’t want gum disease, I have to go to the dentist. I hate to go to the dentist. I’m so anxious when I get there, I tell them, please don’t take my blood pressure until we’re done, because it’ll just make it worse when you give me a really high blood pressure reading. I’m only going to be more anxious. And I think with MSPs, that’s real too, as it relates to law. Many don’t feel comfortable with the subject matter. Many have had bad experiences. Many, like you say, would say it’s a necessary evil, but they try to avoid it as much as possible. Even if you caught them in a quiet moment of reflection to ask them if they really needed it, they would say yes, but they would go back to their office after that and lose track. And this is why I think dynamic agreements that auto-update are so important for MSPs. I think legal needs to work in the background. And MSPs, I think, as a group, are carrying a very heavy cognitive load around contracting. A lot of the senior people that run MSPs are not contract people. It’s way out of their element. It doesn’t play to their strengths. It drains them of their energy. They’re constantly second-guessing whether they’re getting it right. And what I think about competitive advantage, we talk in terms of the maturity model. Maturity level one: legal protection. You have the legal protection in place. Maturity level two: standardization and efficiency. Standardization and efficiency is like, how well have you collapsed your contracting processes into your sales process, so sales and contracting is one seamless step? So that’s kind of level two. Are all of your customers efficiently on the right paper? Can we update their terms without having to go get a signature? This is how Monjur enables MSPs to grow revenue fast. We remove the friction from the sales process. We make deals go faster. We make it less likely that customers are going to want to comment or request changes to agreements. So that’s level two. Level three is what we call contract intelligence. Using AI to optimize revenue opportunities. Making AI context-aware of your renewals, of your upgrades, of what people are paying, who is using a lot of resources but not paying for very much. These are the opportunities where contract intelligence drives better decision-making as well as automation to fuel efficiency to grow revenue faster. So it really depends on where you are on this maturity level about how it helps you grow. Initially it may make it harder to grow while you’re getting the right legal protections in place. But ultimately you want something that can scale with your business, and that means dynamic versus static agreements. Robert Dutt: My last question – I want to make this as concrete as possible. If you’re talking to a Canadian MSP owner, let’s say a 15-person shop doing managed services, building out security, starting to do AI in there too, they know their contracts are out of date or in bad shape but don’t really know where to start. What are the first two or three things that you’d tell them to do right now, right away, to get that ball rolling and to hopefully see the most improvement in the situation? Rob Scott: Well, one of the things that I would say is benchmark what you’re currently using. Do an assessment of where you are. We have some tools online that can help you walk through an assessment of your current contracts, and we’ll also review them for you for free. If you have a contract, you’re an MSP in Canada and you want to understand what the gaps are relative to best practices, we’ll use our toolset to analyze your agreement, compare it to what we think are best practices in Canada, and do a report for you. We do that as part of our consultation process. There’s no fee for that. That’s a complimentary review. If you could get an experienced attorney to help you benchmark it, great. The other thing to think about is updating your vendor list and asking yourself the question, “How am I protecting my MSP against acts or omissions of the vendors in my tech stack?” If you don’t have a good solution for that, then you need to be thinking about something like our schedule of third-party services, which allows you to list all your vendors and contains a waiver of the right for your clients to sue you. Now we’re covering a really big category of risk with that one attachment. Then emerging services – advanced security and AI. You need specific agreements for these things. You can’t just continue to operate under the agreements that you were using pre-AI in the AI world. You can’t start offering compliance-related advisory services like GRC and other advanced security and compliance offerings without the appropriate contract. We call it the service attachment for managed compliance. Similarly with AI, we have a service attachment for managed AI. You really need to be thinking about, do your agreements cover the services that you’re offering, delivered through the tech stack that you’re delivering it through, and in a way that’s compliant with the emerging framework of regulations that impact you and your customers? Given all of that – and we cover that with our data processing agreement – you can see why static agreements for MSPs can become very challenging very quickly. If I was in the process of trying to figure out a way to manage risks for my MSP in Canada, I would be looking for a service that would give me dynamic updates that was specific to managed services, that was customizable for me and my customers. And think about this question: if my client were to sue me in court tomorrow, how confident am I that my current agreements would hold up in court? If the answer to that is, “I’m not so sure,” or “I’m not that confident,” or “I’m sure it would be a problem,” then getting a complimentary review of your current agreements and a game plan to move forward with broader protection is probably a good idea. Robert Dutt: All right, I appreciate that. It’s a lot to think about, and it’s an area that I don’t think we focus on as much. We tend to get caught up in the tech stack and all that, so I appreciate your taking the time to share some wisdom on where things are at with contracts and where they’re going. Rob Scott: Thank you. Thank you very much. I appreciate you having me. Robert Dutt: There you have it. Rob Scott from Monjur. I’d like to thank Rob for his time. He brought a lot of depth to a topic that frankly doesn’t get a lot of attention in channel media. A few things that are sticking with me from this conversation. First, the idea of the security recommendations clause – building language into your contract that says if you recommend a security measure and the client declines, anything that could have been prevented is on them. That’s the kind of provision that can save your business, and I’d wager a lot of MSPs listening don’t have it. Second, his point about Canadian MSPs being about 15 years behind their American counterparts on contracting maturity – not because the laws are weaker, but because the culture around litigation is different up here. That’s a gap that works until it doesn’t. And third, the question he posed that I think every MSP should sit with: why would you expect your pre-AI master service agreement to protect you in an AI world? If you’re selling Copilot bundles or managed AI services on a contract you wrote five years ago, you’ve got some homework to do. If you’re enjoying the ChannelBuzz.ca podcast, we’d love it if you’d follow or subscribe. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. And if you have a minute to leave a rating or review, that goes a long way in helping other folks in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

On March 19, 2019, the respondent, the Privacy Commissioner of Canada received a complaint under s. 11(1) of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”) which raised concerns about the appellant Facebook's compliance with the PIPEDA. The concerns were related to Facebook's practice of sharing Facebook users' personal information with third-party applications hosted on its platform. The complaint was filed in the context of reports related to a professor at the University of Cambridge, U.K., Dr. Aleksandr Kogan, who launched an application through Facebook's Platform titled “thisisyourdigitallife” (“TYDL”) in November 2013. Presented to users as a personality quiz, Dr. Kogan could access the personal information of installing users and installing users' friends. In December 2015, it was reported that user data obtained by TYDL was sold to a corporation named Cambridge Analytica and a related entity, Strategic Communication Laboratories Elections Ltd. (SCL), who, in turn, used the data purchased from Dr. Kogan to help their clients target political messaging to potential voters in the then upcoming presidential election in the United States. When TYDL was launched in 2013, it agreed to Facebook's Platform Policy and Terms of Service. In 2014, Facebook issued a version 2 (v.2) of its communication protocol, Graph API, under which third party developers could no longer request permission to access installing users' friends unless the app developer, through an expanded access to additional personal information request, can demonstrate that the data would be used to “enhance the user's in-app experience”. The process for consideration of expanded access requests was introduced alongside Graph API v.2 as “App Review.” Although Graph API v.2 took effect in 2014, existing apps were given a one-year grace period before complying with the new iteration. When Graph API v.2 was announced, Dr. Kogan's request for expanded access to additional personal information was denied by Facebook because his intended use, research, would not enhance user experience. Nonetheless, Dr. Kogan continued to collect data under Graph API v.1 with no additional scrutiny from Facebook. As a result, though only 272 Canadians ever installed the TYDL app, Facebook estimates that these installations lead to the potential disclosure of the data of over 600,000 Canadians. In 2015, when the reports became public, Facebook removed TYDL from Platform and asked Cambridge Analytica to delete the user data it had obtained. Facebook did not notify the affected users that their Facebook data had been collected and sold. It was not until 2018 that Facebook suspended Dr. Kogan and Cambridge Analytica from Platform. After receiving the complaint, the Privacy Commissioner investigated and concluded that Facebook failed to obtain valid and meaningful consent for its disclosures to applications and failed to safeguard its users' information. As a result, in February 2020, the Privacy Commissioner filed a notice of application in the Federal Court claiming that Facebook was in breach of its obligations set out in Schedule 1 pursuant to s. 5(1)(a) of PIPEDA through its practice of sharing Facebook users' personal information with third-party applications hosted on the Facebook Platform.The Federal Court dismissed the application. The Federal Court of Appeal allowed the appeal and granted the Privacy Commissioner's application in part. Argued Date 2026-03-19 Keywords Privacy — Online social media platform — Obligation to safeguard users' data — Obligation to obtain meaningful consent from users for disclosure of personal data — Whether application judge erred in finding Privacy Commissioner of Canada did not prove that Facebook failed to get meaningful consent to disclose personal information to third-party apps — Whether application judge erred in finding Privacy Commissioner did not prove that Facebook failed to maintain adequate security safeguards to protect personal information in its possession or custody? — Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, ss. 3, 5(1), 6.1 and ss. 4.3 (principle 3) and 4.7 (principle 7) of schedule 1. Notes (Federal) (Civil) (By Leave) Language English Audio Disclaimers This podcast is created as a public service to promote public access and awareness of the workings of Canada's highest court. It is not affiliated with or endorsed by the Court. The original version of this hearing may be found on the Supreme Court of Canada's website. The above case summary was prepared by the Office of the Registrar of the Supreme Court of Canada (Law Branch).

On March 19, 2019, the respondent, the Privacy Commissioner of Canada received a complaint under s. 11(1) of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”) which raised concerns about the appellant Facebook's compliance with the PIPEDA. The concerns were related to Facebook's practice of sharing Facebook users' personal information with third-party applications hosted on its platform. The complaint was filed in the context of reports related to a professor at the University of Cambridge, U.K., Dr. Aleksandr Kogan, who launched an application through Facebook's Platform titled “thisisyourdigitallife” (“TYDL”) in November 2013. Presented to users as a personality quiz, Dr. Kogan could access the personal information of installing users and installing users' friends. In December 2015, it was reported that user data obtained by TYDL was sold to a corporation named Cambridge Analytica and a related entity, Strategic Communication Laboratories Elections Ltd. (SCL), who, in turn, used the data purchased from Dr. Kogan to help their clients target political messaging to potential voters in the then upcoming presidential election in the United States. When TYDL was launched in 2013, it agreed to Facebook's Platform Policy and Terms of Service. In 2014, Facebook issued a version 2 (v.2) of its communication protocol, Graph API, under which third party developers could no longer request permission to access installing users' friends unless the app developer, through an expanded access to additional personal information request, can demonstrate that the data would be used to “enhance the user's in-app experience”. The process for consideration of expanded access requests was introduced alongside Graph API v.2 as “App Review.” Although Graph API v.2 took effect in 2014, existing apps were given a one-year grace period before complying with the new iteration. When Graph API v.2 was announced, Dr. Kogan's request for expanded access to additional personal information was denied by Facebook because his intended use, research, would not enhance user experience. Nonetheless, Dr. Kogan continued to collect data under Graph API v.1 with no additional scrutiny from Facebook. As a result, though only 272 Canadians ever installed the TYDL app, Facebook estimates that these installations lead to the potential disclosure of the data of over 600,000 Canadians. In 2015, when the reports became public, Facebook removed TYDL from Platform and asked Cambridge Analytica to delete the user data it had obtained. Facebook did not notify the affected users that their Facebook data had been collected and sold. It was not until 2018 that Facebook suspended Dr. Kogan and Cambridge Analytica from Platform. After receiving the complaint, the Privacy Commissioner investigated and concluded that Facebook failed to obtain valid and meaningful consent for its disclosures to applications and failed to safeguard its users' information. As a result, in February 2020, the Privacy Commissioner filed a notice of application in the Federal Court claiming that Facebook was in breach of its obligations set out in Schedule 1 pursuant to s. 5(1)(a) of PIPEDA through its practice of sharing Facebook users' personal information with third-party applications hosted on the Facebook Platform.The Federal Court dismissed the application. The Federal Court of Appeal allowed the appeal and granted the Privacy Commissioner's application in part. Argued Date 2026-03-19 Keywords Privacy — Online social media platform — Obligation to safeguard users' data — Obligation to obtain meaningful consent from users for disclosure of personal data — Whether application judge erred in finding Privacy Commissioner of Canada did not prove that Facebook failed to get meaningful consent to disclose personal information to third-party apps — Whether application judge erred in finding Privacy Commissioner did not prove that Facebook failed to maintain adequate security safeguards to protect personal information in its possession or custody? — Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, ss. 3, 5(1), 6.1 and ss. 4.3 (principle 3) and 4.7 (principle 7) of schedule 1. Notes (Federal) (Civil) (By Leave) Language Floor Audio Disclaimers This podcast is created as a public service to promote public access and awareness of the workings of Canada's highest court. It is not affiliated with or endorsed by the Court. The original version of this hearing may be found on the Supreme Court of Canada's website. The above case summary was prepared by the Office of the Registrar of the Supreme Court of Canada (Law Branch).

Send us Fan MailWelcome to the newest episode of the Serious Privacy podcast, where hosts Ralph O'Brien, and Dr. K Royal address the hot topics of the month, as we have been so full of guests that the time has flown by!Latest regulatory penalties, new legislation and news from around the globe, as K and Ralph attempt the impossible - to convey all that has occurred to you - our dear "Serious Privettes"!Paul Breitbarth, our dearly beloved friend is out this week, so send him much joy! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textWe are back! Welcome to season 7 of the Serious Privacy podcast, with dr. K Royal, Ralph O'Brien and Paul Breitbarth. Also this season, we will keep you up to date of developments in the data protection and privacy community, artificial intelligence and some cybersecurity. And of course we'll bring you interviews with great guests! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

As a Canadian therapist in private practice, you are probably often needing to send and receive sensitive, private information. How often have you worried about these documents' security and safety? What should you do to secure email communications and keep unnecessary stress at bay?  This is where Hushmail comes to the rescue. For less than $20 CAD per month, you can completely insure, assure, and secure your entire email inbox, including your forms and signatures. They pride themselves on security and simplicity, leaving you with a solution that you can start using right out of the box from the minute to sign up.  In this episode, I chat with Anabeli about everything to do with Hushmail. We answer your questions and provide clear solutions to help you start 2026 with both digital email security and peace of mind.  MEET ANABELI Anabeli Jackson is the Marketing Manager at Hushmail, where she leads content strategy and helps therapists understand secure communication with clarity and confidence. She focuses on removing the overwhelm from topics like encryption, compliance, and secure communication so clinicians can protect client trust and stay compliant with confidence. Anabeli has been with Hushmail since 2014 and brings a strong foundation in communication and marketing. Her work supports mental health providers across Canada and the U.S. who depend on Hushmail to communicate securely with their clients. Learn more about Anabeli on her LinkedIn profile.  In this episode:  What is Hushmail? Why Canadian therapists should use Hushmail  What encryption is and why you need to use it  How you can get started with Hushmail   What is Hushmail? 'Hushmail is a secure email platform … built specifically for healthcare and therapy practices. It lets you send and receive secure, encrypted emails, and it helps you build secure forms where you can collect information securely with legally binding signatures - and it's all in one place.' - Anabeli Jackson The two cornerstones of Hushmail are focused on client and clinician security when sending sensitive emails and documents online, and simplicity since you don't need to do any tech implementation yourself!  These essential emails and documents are securely sent and kept private and secure by using encryption to protect them.   Why Canadian therapists should use Hushmail  You may be asking: Why should I pay to use Hushmail instead of the available, free services?  The answer is this: Canadian therapists handle highly sensitive information from multiple clients. Using a free email provider simply does not provide enough security and protection, while Hushmail guarantees it.  'We make it really practical to have [your client's private information] safeguarded, because encryption is the one step … that you can put in place to have your information secure … So [Hushmail] supports federal law, but also with provincial privacy laws.' - Anabeli Jackson  Hushmail provides the security that you and your clients need to send private information without concern in an easy, simple way. Plus, it is a Canadian company that is PIPEDA and HIPAA compliant! What encryption is and why you need to use it  Encryption is essentially a method of scrambling the information contained in emails and documents so that it cannot be understood by any third party, other than the intended recipient.  With Hushmail, you have a key that both scrambles and unscrambles the message which only you and your client has access to.  '[Encryption] is relevant because nowadays the online risk and cyber security … there's a lot of bad actors out there, and you don't want this information out there. You don't want this information to be seen by people who are not the intended recipients. So, encryption is a very easy way to protect that information.' - Anabeli Jackson  How you can get started with Hushmail  Take the step now to secure your communications with clients, and save both them and yourself the stress and anxiety of worrying whether the information is safe.  And with Hushmail, that peace of mind will not break the bank. For purely email purposes, you can get Hushmail for $16.99 CAD. If you want to include the forms and signatures, it is $24.99 CAD.  If you are listening to this episode and want to try Hushmail out, click this link to sign up with Hushmail and get your first month entirely free of charge! Connect with me: Instagram Website  Resources mentioned and useful links: Regan Swerhun: Expanding Private Care to Northern Communities | EP 185  Learn more about the tools and deals that I love and use for my Canadian private practice Sign up for my free e-course on How to Start an Online Canadian Private Practice Jane App (use code FEARLESS2MO for two months free) Get started with Hushmail here and get one month for free! Learn more about Anabeli on her LinkedIn profile Rate, review, and subscribe to this podcast on Apple Podcasts, Spotify, Amazon, and TuneIn

Send us a textJoin your hosts on this week of Serious Privacy,  Paul Breitbarth, Ralph O'Brien, and Dr. K Royal as they close out 2025 with favorite moments and episodes, state law review, and predictions. And of course, a little bit about EU data protection. We'll be back January 28, global privacy / data protection day! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Episode Summary: We decode Bill C-27, the massive legislation that introduces the Consumer Privacy Protection Act (CPPA) and the Artificial Intelligence and Data Act (AIDA). We break down exactly what makes an AI system "High-Impact" and the new financial penalties for non-compliance.Key Intelligence Points:The AIDA Shock: New regulations for "High-Impact" AI systems used in healthcare and employee screening.The $25M Risk: Administrative monetary penalties effectively replace the "slap on the wrist" of the old PIPEDA model.Personal Liability: Why Directors and Officers can now be held personally responsible for AI failures.The Tribunal: The creation of the Personal Information and Data Protection Tribunal to enforce fines.Source Document: Bill C-27 Full Text - https://www.parl.ca/DocumentViewer/en/44-1/bill/C-27/first-readingSecure Your Seat: Get the full weekly intelligence feed for Canadian Executives at DjamgaMind.com.: https://djamgamind.comKeywords:Bill C-27, AIDA, Artificial Intelligence and Data Act, CPPA, PIPEDA Reform, Canadian Healthcare Privacy, High-Impact AI Systems, Digital Charter Implementation Act, Hospital CIO, Canadian Privacy Tribunal, Biased Algorithms, AI Liability Canada, DjamgaMind Canada, Health Tech Policy

In this episode of Marketing News Canada, content strategist and guest host, Maddie Alvarez sits down with Geoffrey Blanc, General Manager at Cyberimpact, live from SocialNext Toronto 2025. With over 18 years of experience in digital transformation and email marketing, Jeff shares his expert insights on what makes email still one of the most powerful — and misunderstood — tools in a marketer's toolkit.From personalization and automation to privacy laws and deliverability, Geoffrey breaks down the essentials for building an effective, compliant, and high-performing email strategy. He offers practical advice for keeping lists clean, respecting consent, and creating campaigns that truly connect with audiences.Whether you're refining your CRM strategy or struggling to cut through crowded inboxes, this episode delivers actionable tips on personalization, automation, compliance, and creative best practices, all rooted in Geoffrey's experience helping Canadian businesses grow through smarter marketing.

Send us a textWith Paul away, Join K and Ralph on a riotous discussion of personal integrity and what positions we can work with and for - with regulators and industry cross pollinating individuals and resources.  Can regulators remain ethical and independent, when we rely on skills and abilities for industry?Also, a week of news in Privacy and Data Protection with a round up of EU, UK, US and beyond news, cases, regulations and standards - including age verification, censorship, EU AI Act, privacy preserving advertising, freedom of speech laws and new developments across the globe! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textPlease join us for our 250th episode, celebrating 5 and a half years of privacy, data protection, cyber law education and hot topics with hosts Paul Breitbarth, Ralph O'Brien, and Dr. K Royal. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Welcome to the CanadianSME Small Business Podcast, hosted by Kripa Anand, where we explore the strategies and technologies that empower businesses to make smarter decisions in the digital age. In this episode, we dive deep into the critical world of data analytics, focusing on bridging the gap between strategy and execution, navigating the future of first-party data with GA4, and operationalizing data privacy without sacrificing marketing performance.Recent trends emphasize the growing importance of data-driven insights, the shift to first-party data amid a cookieless future, and the rising need for privacy-conscious marketing. Our guest, Monika Boldak, Associate Director of Marketing at Napkyn, a trusted digital analytics consultancy and certified Google Marketing Platform Sales Partner, shares expert guidance to help businesses leverage their data effectively and responsibly.Key Highlights:1. Bridging Strategy and Execution: What a strong data foundation really means and why many organizations struggle to connect analytics tools to meaningful business outcomes.2. GA4 and First-Party Data: Common challenges with GA4 adoption, avoiding pitfalls like collecting PII, and future-proofing data strategy with BigQuery and Consent Mode.3. Data Privacy & Marketing Performance: How Canadian businesses can comply with privacy laws like PIPEDA and Quebec's Law 25 while maintaining effective, customer-first marketing strategies.4. Connecting Analytics & Advertising: A success story of improving ad performance and reducing costs by linking offline conversions with Google Ads.5. Upcoming DMFS Canada Summit: Insights on Napkyn's participation and how marketers can responsibly use first-party data to build trust, loyalty, and better marketing outcomes.Special Thanks to Our Partners:RBC: https://www.rbcroyalbank.com/dms/business/accounts/beyond-banking/index.htmlUPS: https://solutions.ups.com/ca-beunstoppable.html?WT.mc_id=BUSMEWAGoogle: https://www.google.ca/For more expert insights, visit www.canadiansme.ca and subscribe to the CanadianSME Small Business Magazine. Stay innovative, stay informed, and thrive in the digital age!Disclaimer: The information shared in this podcast is for general informational purposes only and should not be considered as direct financial or business advice. Always consult with a qualified professional for advice specific to your situation.

In today's episode, I'm joined by Robin Valadares, a physical therapist and financial literacy educator with a passion for helping self-employed healthcare professionals—including acupuncturists—navigate their financial future.In this conversation, Robin shares:Actionable advice on debt strategies for acupuncturistsWhy it's essential to start saving for retirement—even if the contributions are smallHis answer to the common debate: should you prioritize paying off debt or start saving for retirement first?Ideas for diversifying your income for securityHow to build a solid financial foundationAnd moreShow Notes:Robin's Website: http://www.financiallyfulfilledphysio.comInstagram: @financiallyfulfilledphysioSubmit your financial info to be added to the database: Healthcare AnonymousRobin's email: info@financiallyfulfilledphysio.com

Smart CIOs Do This: The Unspoken Rules of Cybersecurity Leadership with Guest: Andrew Griffiths, CEO & Founder of Annexus TechnologiesHost: Julie RigaAbout This EpisodeIn this episode, Julie sits down with Andrew Griffiths, a legacy-minded CEO and founder of Annexus Technologies, a multinational IT firm known for building infrastructure so strong it rarely needs fixing. Andrew is a strategist, philosopher of security, and storyteller with a deep belief in designing systems that protect people, not just profits.Together, they dive deep into the three essential ingredients for CIO success and explore the unspoken rules of cybersecurity leadership that smart CIOs follow to protect their organizations.Guest BackgroundAndrew Griffiths is the CEO and founder of Annexus Technologies, a cybersecurity firm registered in Jamaica since 2014, now expanding into Canada. Andrew's unique perspective on IT infrastructure was shaped by early exposure to satellites, electronics, and various technologies, leading him to see IT as ubiquitous and transformative. His philosophy centers on optimizing existing systems and connecting people through technology.Fun Fact: Andrew's favorite food is ackee and corned pork - a unique twist on Jamaica's national dish that substitutes corned pork for the traditional saltfish.Key Topics DiscussedThe Three Ingredients for CIO Success:1 Visibility & AssessmentUnderstanding what's happening both inside and outside your networkThe importance of secure design for internal and external domainsImplementing layers of trust with zero-trust principles2 Proactive Analysis & PlanningMoving from prevention to proactivityUnderstanding your cybersecurity posture rating (0-100)Identifying compromised credentials on the dark webCreating mitigation plans for when breaches occur3 Strategic ImplementationBalancing cost-effectiveness with security requirementsPlanning for short-term, medium-term, and long-term security needsAligning business objectives with IT infrastructureThe Annexus Approach:Public Domain Assessments: Understanding external security postureMulti-standard Compliance: Meeting GDPR, PIPEDA, PCI, and other international standardsProactive Monitoring: Real-time detection of network scanning attemptsVirtual Network Infrastructure: Creating controlled environments for threat analysisKey Insights for CIOsThe Trust-Building Challenge:Cybersecurity sales cycles can take 6 months to a year due to trust requirementsBuilding relationships requires patience and consistent educationSometimes you need to wait for organizations to validate the need themselvesThe Titanic Analogy:Andrew compares cybersecurity professionals to engineers warning about icebergs - often dismissed until disaster strikes, highlighting the importance of persistent, consistent communication about security risks.Multi-Vendor Security Strategy:Avoid vendor lock-in for critical security infrastructureUse different firewall platforms in series to increase security complexityDesign solutions that make it harder for attackers to predict your security stackFuture-Forward ThinkingNext-Generation Platforms:Annexus is focusing on comprehensive ecosystems that protect:Data within organizationsData transfer between organizationsCloud redundancy strategies across multiple providers (Azure, AWS)The Future of IT:Andrew predicts the future lies in "redundancy at cloud scale" - ensuring business continuity even when major cloud providers experience outages.Connect with Andrew GriffithsWebsite: www.annexustech.caSocial Media: Available on YouTube, Twitter, Instagram, FacebookCompany: Annexus TechnologiesConnect with Julie RigaWebsite: www.julieriga.comSocial Media: www.linkedin.com/in/julierigaCoaching: Learn more about leadership coaching and transformationThis episode is perfect for sharing with CIOs and IT leaders in your network who need to hear these insights about modern cybersecurity leadership.

Welcome to the CanadianSME Small Business Podcast! Today, we're focusing on how small businesses can boost trust, resilience, and growth through strategic security and compliance practices. Joining us is Sanjay Chadha, Founder of SAV Associates Professional Corporation, who brings over 20 years of experience in cybersecurity, risk management, and auditing for organizations of all sizes. Sanjay's expertise in creating robust, compliant business frameworks makes him the perfect guide for navigating today's complex security landscape.Key Highlights:Security Compliance Essentials: Learn about critical regulations, including GDPR, PIPEDA, and Bill C-27, and how small businesses can meet these compliance standards.Risk Management Strategies: Sanjay shares insights on risk assessment, mitigation techniques, and how to prepare for evolving cyber threats.Building Trust through Transparency: How open communication about security practices can enhance customer trust and loyalty.Future of Security in Small Business: Emerging trends in cybersecurity that every small business owner should know to stay resilient and competitive.Special Thanks to Our Partners:RBC: https://www.rbcroyalbank.com/dms/business/accounts/beyond-banking/index.htmlUPS: https://solutions.ups.com/ca-beunstoppable.html?WT.mc_id=BUSMEWAIHG Hotels and Resorts: https://businessedge.ihg.com/s/registration?language=en_US&CanSMEGoogle: https://www.google.ca/For more expert insights, visit www.canadiansme.ca and subscribe to the CanadianSME Small Business Magazine. Stay innovative, stay informed, and thrive in the digital age!Disclaimer: The information shared in this podcast is for general informational purposes only and should not be considered as direct financial or business advice. Always consult with a qualified professional for advice specific to your situation

Monica Meiterman-Rodriguez is a Partner at Tueoris, an international privacy and security consulting firm, currently residing in Barcelona. She utilizes her US law degree and her experience in data protection and privacy to assist global clients in developing, maintaining, or growing their privacy programs. She has experience supporting compliance across global regulations including US state and federal requirements, EU/UK GDPR, PIPEDA, LGPD, etc. in addition to advising on specialized matters in the AdTech space such as targeted advertising, data analytics, AI and growing industry guidance (e.g., IAB, DAA, etc.). Monica is a member of the New York State Bar, New Jersey State Bar, as well as a Certified Information Privacy Professional (CIPP/US/E) and the Chapter Chair of the IAPP in Barcelona (Spain). References: Monica Meiterman on LinkedIn California Consumer Privacy Act EDPB Guidelines 01/2022 on data subject rights - Right of access GDPR Violation: German Privacy Regulator Fines 1&1 Telecom(BankInfoSecurity) Groupon Ireland Operations Limited – March 2024: the DPC finds that Groupon infringed Article 5(1)(c) GDPR by having initially required the complainant to provide a copy of their ID in order to verify their identity for the purposes of their access and erasure requests.

This bonus episode of Dark Poutine is brought to you by MasterCard. In this special episode, we're exploring a growing threat hitting more close to home than ever—cybercrime. We've dived deep into all sorts of dark tales before, but this one is a bit different because it's happening right now, affecting people and businesses across Canada.   Sources: Mastercard Trust Centre | Cybersecurity Solutions for Every Business mastercard.ca/trust webcrunchers.com | Wayback Machine Elk Cloner John Draper Michael Calce Mafiaboy's story points to Net weaknesses Meet Mafiaboy, The 'Bratty Kid' Who Took Down The Internet 'Mafiaboy' breaks silence, paints 'portrait of a hacker' | CNN A Q&A with MafiaBoy Canadian Centre for Cyber Security Financial Transactions and Reports Analysis Centre of Canada | FinTRAC Cyber attacks in Canada | Konbriefing.com Why Canada has so many cyberattacks—and why we're all at risk | MacLeans Cyber attacks are getting easier, experts warn after 3rd federal incident | GlobalNews National Equifax hacked: Canadians among those exposed by credit monitoring company's data breach - National PIPEDA Findings #2019-001: Investigation into Equifax Inc. and Equifax Canada Co.'s compliance with PIPEDA in light of the 2017 breach of personal information - Office of the Privacy Commissioner of Canada Am I Impacted? | LifeLabs LifeLabs hack: What Canadians need to know about the health data breach | GlobalNews Privacy breach alerts and information | Province of NS Cyber Incident | ADSC Ticketmaster Data Security Incident Cyber security and cybercrime challenges of Canadian businesses, 2017 The Daily — Impact of cybercrime on Canadian businesses, 2021 Canadian Small Business Cybersecurity Survival Guide - Canadian Chamber of Commerce Nearly half of small businesses have experienced random cyberattacks in the past year | CFIB Ransomware/ Cyber Incident | Toronto Zoo Baseline cyber threat assessment: Cybercrime - Canadian Centre for Cyber Security Cyber Attacks in Canada 2023: A Year in Review Criminal hackers 'very likely' to pose threat to national security, economy in near term: report | CBC News Data Responsibility & Governance Practices | Personal Data Security Cybercrime: an overview of incidents and issues in Canada | RCMP Significant Cyber Incidents | Strategic Technologies Program | CSIS National Cyber Threat Assessment 2023-2024 | Canadian Centre for Cyber Security Learn more about your ad choices. Visit megaphone.fm/adchoices

I share 5 most overlooked elements on private practice websites. Episode Show Notes: kayladas.com/episode74 Free Boosting Business Community: facebook.com/groups/exclusiveprivatepracticecommunity Information Managers Pre-Made Practice Policy and Procedure Templates: kayladas.com/practice-policies Credits & Disclaimers Music by ItsWatR from Pixabay The Designer Practice Podcast and Evaspare Inc. has an affiliate and/or sponsorship relationship for advertisements in our podcast episodes. We receive commission or monetary compensation, at no extra cost to you, when you use our promotional codes and/or check out advertisement links. References Office of the Privacy Commissioner of Canada. (May, 2019). PIPEDA in Brief. Retrieved from https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/

I'll break down how to use social media so that you avoid privacy breaches and maintain your client's confidentiality. Episode Show Notes: kayladas.com/episode68 Free Boosting Business Community: facebook.com/groups/exclusiveprivatepracticecommunity Online Legal Essentials Legal Templates: kayladas.com/onlinelegalessentials Use coupon code EVASPARE10 to receive 10% off any legal template pack PESI Trainings: kayladas.com/pesi Credits & Disclaimers Music by ItsWatR from Pixabay The Designer Practice Podcast and Evaspare Inc. has an affiliate and/or sponsorship relationship for advertisements in our podcast episodes. We receive commission or monetary compensation, at no extra cost to you, when you use our promotional codes and/or check out advertisement links. References Canadian Association of Social Workers. (2005) Code of Ethics. Retrieved from https://www.casw-acts.ca/files/attachements/casw_code_of_ethics_0.pdf Canadian Association of Social Workers. (n.d.1). 5.1.1 Confidentiality. Retrieved from https://www.casw-acts.ca/en/511-confidentiality Canadian Association of Social Workers. (n.d.2). 4.2.1 Testimonials. Retrieved from https://www.casw-acts.ca/en/421-testimonials Office of the Privacy Commissioner of Canada. (2004, November). Questions and answers regarding the application of PIPEDA, Alberta and British Columbia's Personal Information Protection Acts. Retrieved from https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/r_o_p/02_05_d_26/ Office of the Privacy Commissioner of Canada. (2018, January). PIPEDA legislation and related regulations. Retrieved from https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/r_o_p/ Office of the Privacy Commissioner of Canada. (2019, May). PIPEDA in brief. Retrieved from https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/

Send us a Text Message.Debbie Reynolds “The Data Diva” talks to Sharon Bauer, Founder of Bamboo Data Consulting in Canada. We discuss the complexities of the privacy landscape in Canada, including the outdated federal privacy legislation PIPEDA and the challenges posed by new technology. We emphasize the importance of staying informed and proactively addressing potential legislative developments while acknowledging the nuances and complexities of advising clients in the evolving legal landscape. We also discuss the evolving landscape of privacy in the digital age, highlighting the disconnect between privacy professionals' perspectives and consumer behavior. Sharon emphasizes the critical role of trust in driving consumer action, loyalty, and data collection for companies, stressing the need for companies to prioritize building trust with consumers. We explore the challenges companies face in comprehending and adhering to privacy regulations, including the lack of education and transparency, particularly among medium-sized businesses. We also discuss the multifaceted issues surrounding privacy and data protection, including the implications of data misuse, the need for informed consent, and the long-term consequences of data disclosure. We express frustration with the limitations of automated privacy assessment tools and emphasized the need for tools to consider businesses' diverse operational and ethical contexts. Sharon shares her frustration with the operationalization of privacy and stressed the importance of humanizing the process. We also discuss the importance of using real-life examples to educate companies about privacy missteps and Sharon's hope for Data Privacy in the future.Support the Show.

“It's hard to have privacy without security and to have effective security that requires strong protection of personal identifiable information, or PII. So security, privacy, and compliance really must go hand in hand. If one is prioritized over the other, it can have an adverse effect.” - Christina AnnechinoOn this episode, we welcome back both Christina Annechino and Marie Joseph to bring us back to a little more 101 on Cybersecurity. With host Jara Rowe, the team breaks down terms and buzzwords that you need to know to keep you and your company's data safe. Find out the difference between a breach and an incident, the nuances of security, privacy, and compliance, and gain insights into the crucial importance of cyber hygiene. We'll also explore the key differences between data security and data protection, understanding acronyms like GDPR, CCPA, HIPAA, and PIPEDA, and grasping the significance of maintaining asset inventories.In this episode, you'll learn: The difference between a breach, when a threat actor gains unauthorized access, and an incident, where data is compromised, is crucial for proactive security measures.Understand frameworks vs. standards: Frameworks provide an overview of requirements for compliance and certification, while standards outline specific criteria that must be met, forming the foundation of cybersecurity best practices.The importance of cyber hygiene or the tools, processes, and policies you need to maintain a strong security posture, enabling constant improvement in cybersecurity health within organizations.Things to listen for:[00:24 - 02:47] Introduction to episode and compliance series[02:57 - 04:25] The difference between security and privacy and compliance[04:28 - 06:08] The challenges in balancing security, privacy and compliance[06:26 - 07:24] The difference between risk and control[07:31 - 09:46] The difference between a breach and an incident[09:58 - 11:03] The difference between data security and protection[11:03 - 12:18] The most common data protection regulations[12:31 - 13:10] The difference between frameworks and standards[13:22 - 14:50] What is RBAC and how it relates to cybersecurity[14:50 - 16:45] The meaning of IoT and maintaining inventory assets[16:50 - 18:00] What does Cyber Hygiene mean[18:01 - 20:37] Jara's receiptsResources:Conquer Compliance Jargon: Download the Free Cybersecurity Compliance GlossaryData Security 101: Decoding Incidents and BreachesSafeguarding Your Connected Devices: A Practical Approach to IoT SecurityConnect with the Guest:Marie Joseph's LinkedInChristina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

Sharon Bauer is a Lawyer and the Founder of Bamboo Data Consulting, a team of privacy consultants specializing in privacy, security, data strategy, and cutting-edge technology ethics work. As a consultant, she provides privacy solutions for various entities including retail, fintech, health, and education. Sharon is an expert in designing creative privacy programs solving hidden challenges for startups and international corporations. In addition to acting as a virtual chief privacy officer, IT World Canada named Sharon one of the Top 20 Women in Cybersecurity in 2022. In this episode… Quebec Law 25 is Quebec's privacy legislation, which applies to businesses or businesses collecting Quebec data. As a relatively new law, many companies need to know its governance framework. What are the critical concepts of Law 25, and how does it apply to company compliance? Privacy lawyer and consultant Sharon Bauer explains that companies should understand Law 25's key components: governance, privacy officer, transfer impact assessment, transparency, and employment. However, this privacy legislation does not apply to B2B businesses. Regarding privacy officers, Quebecian CEOs must either appoint a PO or hold themselves accountable for compliance with Law 25. Additionally, companies must adhere to the transfer impact assessment or privacy impact assessment when data is transferred outside of Quebec, when acquiring personal information, or when overhauling electronic service delivery systems involving destroying personal information. Sharon warns that companies that fail to comply with Quebec's Law 25 are subject to a $25 million fine. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Sharon Bauer, Founder of Bamboo Data Consulting, to examine Quebec's Law 25. Sharon reflects on her career background, discusses the intersection of Law 25 and the GDPR, and Canada's basis for Personal Information Protection and Electronics Data Act (PIPEDA).

In today's rapidly evolving digital landscape, there is often an apprehension towards new technology, as many people fear the unknown. However, it is vital to embrace a different perspective, one embodied by forward-thinkers like Genaro Liriano, the Director of Technology Operations Risk Management at CIBC. Instead of succumbing to fear, Genaro advocates for an approach that encourages learning and understanding of new technology. He believes that the essence of innovative technology lies in its potential to enhance and improve our lives. By gaining knowledge about these advancements, we can harness their power to solve problems, drive efficiency, and ultimately, make the world a better place. This mindset of curiosity, exploration, and adaptability can help us navigate the ever-changing technological landscape with confidence and optimism, rather than trepidation.Here's more about Genaro LirianoI am an Information Systems Security Professional with over 24 years experience in various aspects of Information Technology Management, devising strategic initiatives in the Information Systems Security realm. Helping Enterprises Manage and Govern through various regulatory requirements and industry standards such as: OSFI, FFIEC, PIPEDA,PCI DSS, etc.Hands on experience on various security controls such as: PKI, ATM Security, Security Operations, Management, Infrastructure and Operations, Network Security, End Point Security, Security Architecture, Online Banking, Mobile Banking, Online Banking for Business.Other skills: Customer Service, Voice-Over, Public SpeakingBroadcasting.

In this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company capture key moments of the International Association of Privacy Professionals (IAPP) Global Privacy Summit #GPS23.  We chatted with privacy friends and those who shared breakfast or lunch with us - an audience participation table! Join us as we connect with Kelli Lu, Maggie Gloeckle, Jon Bourke, Lily Russell, Eduardo Ustaren, ShanShan Pa, Isabel Hahn, Gamelah Palagonia, and others! As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy @trustArc and email podcast@seriousprivacy.eu. Please do like and write comments on your favorite podcast app so other professionals can find us easier. The Leadercast PodcastThe fun way to grow you and your top talent.Listen on: Apple Podcasts Spotify As always, if you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! #heartofprivacy #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO

Have you been considering expanding your Canadian private practice? Can you counsel people who live in other provinces besides yours? What are the protocols?  Online counselling is here to stay, and many counselling therapists and clients alike prefer this system with its flexibility and the autonomy it can provide them. However, there are some important regulations to be aware of when it comes to online counselling, especially when you want to broaden your reach and work with more clients.  In this podcast episode, I take you through the process of finding out which provinces you can – at this time! – advertise in, and how to go about it ethically and safely, both for you and your future clients.  In this Episode: Check for regulations  Advertise in unregulated provinces  Check your insurance  How to counsel people in other provinces  Check for regulations For the short answer, yes, you can provide interprovincial online counselling. However, there are a couple of important rules that you need to be aware of.  If another province is regulated, then you cannot advertise in that province. For example, you cannot advertise yourself and your services in a directory, or any other type of paid advertising, that operates in the regulated province.  However, there are two exceptions:  if you have a client that moves to another province and you are already seeing them, then you can continue seeing them if someone finds your Canadian private practice by chance and wants to receive counselling services from you  Advertise in unregulated provinces The provinces that are regulated – where you cannot advertise from another province – include:  Nova Scotia  New Brunswick  Prince Edward Island  Alberta (although the college has not yet been proclaimed)  Ontario  Quebec  Unregulated provinces wherein you can advertise yourself include:  Manitoba  Saskatchewan British Columbia Yukon  North West Territories  Nunavut  Newfoundland  Check your insurance The next thing that you need to check is whether or not your insurance allows you to counsel outside of your province. For a recap of insurance in Canadian private practice, listen to this podcast episode.  ‘If you are counselling people outside of Canada, with BMS insurance, they will only cover you if the complaint is filed in Canada. So, there's a lot of risk to counselling people outside of Canada.' – Julia Smith  I choose to counsel people only in Canada to reduce the risks, and so that my professional liability insurance stays in check.  How to counsel people in other provinces If you decide to counsel people in other provinces, then you need to make sure that you let your clients know about:  The college that you are part of, if applicable Where you are located  How to contact your regulator  Your video-conferencing platform is PIPEDA compliant  Additionally, if you are under supervision, you should only be counselling people in other provinces if your supervisor agrees to it.  ‘Once you have checked off all those boxes, then you could counsel people in other provinces! You could advertise in provinces that aren't regulated, and if you have a client that moves to a different province, you can continue to see them!' – Julia Smith  Another tip: keep up to date with which provinces are regulated and which ones aren't to avoid having to pay a fine.  Here's some more information for you about CCPA and regulations for counselling in Canada.  Connect with me: Instagram Website  Resources Mentioned and Useful Links:  Ep 60: Adding Insurance Companies to Your Canadian Private Practice  Article: How to Set Up a Canadian Private Practice Website   Listen to my Canadian private practice journey up until now!  Listen to my podcast episode with Tara about insurance in Canadian private practice!  Sign up for my free e-course on How to Start an Online Canadian Private Practice Jane App (use code FEARLESS for one month free) Rate, review, and subscribe to this podcast on Apple Podcasts, Google Podcasts, Stitcher, Spotify, Amazon, and TuneIn  

The one where Darian interviews Julie from DAAC about:The policies surrounding tracking data and advertising practices. The importance of questioning the ethics concerning consent about collecting sensitive data.What is PIPEDA, a federal privacy law on collecting and using personal information, and the introduction of Bill C-27Sign up for the Marketing News Canada e-newsletter at www.marketingnewscanada.com.Special Offer for Marketing News Canada ListenersUnbounce can help you easily build landing pages, popups and sticky bars. Highly customizable and no coding required, anyone can get started on converting more traffic into leads, signups and sales. Try it yourself with a free 14-day trial and get 20% off your first three months now! https://unbounce.grsm.io/5cmrgz1mt3r6Thanks to our sponsor Jelly Academy. Jelly Academy has been helping professionals, students and teams across Canada acquire the skills, knowledge and micro certifications they need to jump into a new digital marketing role, get that promotion, and amplify their current marketing roles. Learn more about Jelly Academy's 6 Week online bootcamp here: https://jellyacademy.ca/digital-marketing-6-week-programSubscribe to our Marketing News Canada Magazine coming this November 2022!Subscribe today and receive 50% off a one year subscription to our printed magazine. Our first edition will be released this Fall 2022, followed by our second edition in Spring 2023. To receive your 50% discount, enter the coupon code: MNC-MAG-50 during checkout.Subscribe Now!Follow Marketing News Canada:Twitter - twitter.com/MarketingNewsC2Facebook - facebook.com/MarketingNewsCanadaLinkedIn - linkedin.com/company/marketing-news-canadaYouTube - youtube.com/channel/UCM8sS33Jyj0xwbnBtRqJdNwWebsite - marketingnewscanada.com Follow Darian Kovacs:Website - jellymarketing.com/darianLinkedIn - linkedin.com/in/dariankovacsFacebook - facebook.com/dariankovacspageInstagram - instagram.com/dariankovacsTwitter - twitter.com/dariankovacs Follow Julie Ford:LinkedIn - https://www.linkedin.com/in/julieford/Advertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

We discuss Bill C-27, the Consumer Privacy Protection Act, Personal um, something AI and a tribunal, I think? It does not matter, because the federal government took the last bill ('the other' Bill C-11) to try to replace the Personal Information Protection and Electronic Documents Act (PIPEDA) and MADE IT WORSE.  Wow.The new Bill C-27 guts consumer privacy by simply abolishing it and replacing it with a regime of business use of consumer information. All done without your knowledge and consent. But don't worry, it will all be used by the artificial intelligence (AI) industry to do whatever discrimination they say is important to do with all of that big data. Oh, sprinkle on the bacon bits of all of the exceptions (legitimate interests (of business)) from the European Union's GDPR with none of the constitutional rights to privacy of the individual they have there, ignore the mismatch with provincial privacy laws (especially Quebec), and just dare Europe to call this Bill what it clearly is: inadequate. Plus a bonus update on CRTC's continued low-effort non-proceeding into the Rogers outage.With Executive Director John Lawford and PIAC staff lawyer Yuka Sai, who had to figure out the problems with C-11 back in Episode 5.  Ah well, on with the show.

How do you keep your online data private? Are you willing to spend a couple of extra dollars a month to secure your – and your clients! – information safely? Do you know which Canadian platforms you can use to get started?  In our increasingly digital world where we store our data online and risk hackers and data leaks, digital security cannot be undervalued or overlooked. Our clients trust us with not only their healing but also their information, so be proactive in becoming digitally safe!  In this podcast episode, I discuss the essentials of digital protection and a bunch of great, Canadian services that you can use today.  In This Episode: PIPEDA PHIA Encryption  VPN  PIPEDA PIPEDA sets the ground rules for how private-sector organizations collect, use, and disclose personal information of for-profit and commercial activities across Canada. Luckily for Canadian therapists, most of the big electronic medical record systems used in the mental wellness industry have incorporated PIPEDA into their platforms.  ‘I highly recommend looking into Jane App because it is a Canadian-based EMR, so you know they're doing everything right in regards to Canadian privacy laws.' – Julia Smith  Learn more about PIPDEA by clicking on this link.  PHIAPHIA stands for the Personal Health Information Act, and are provincial laws that govern the collection, use, disclosure, retention, disposal, and destruction of your personal health information.  For example, in Nova Scotia, your data needs to be stored only on Canadian servers. To make sure all your bases are covered, get a Canadian EMR to be safe (even if your province doesn't require it now they may in the future!). ENCRYPTION Even though your EMR takes care of the majority of securing your data, your emails may not be so safe. Aim to make use of an email service that uses encryption to maintain your online privacy and safety.  Encryption prevents unauthorized users on the network from intercepting and capturing your login credentials, and any email messages you send or receive, as they leave your email provider's server and travel from server to server around the Internet.  ‘I always recommend with emails [to not send] too much confidential information. Rather, talk on the phone with somebody about it than send all that information. Or, courier that information instead of sending it through email.' – Julia Smith  To learn more about email encryption, click on this link.  Try Hushmail! Follow this link to receive a discounted price to use Hushmail and keep all your email data completely safe, secure, and legally stored on Canadian servers.  VPN A “virtual private network” creates an encrypted tunnel for your data, protects your online identity by hiding your IP address, and allows you to use public Wi-Fi hotspots safely.  Nord VPN is what I use to keep my work activity private online, I love how affordable and easy it is! Follow this link to get a great deal on their services through my offerings.  Some quick tips:  Turn your VPN off when you are doing online counselling because it can slow down the connection.  Delete voicemails off your phone system once you have seen and listened to them. Work with Grasshopper for a secure and easy-to-navigate phone system!   With platforms like Slack, set the system to delete old messages at least every 35 days.   Connect with me: Instagram Website  Resources Mentioned and Useful Links:  Ep 35: How Do I Prepare for Private Practice While Still in Grad School?: Live Consultation With Barb Barker Article: How to Set Up a Canadian Private Practice Website  Sign up for my free e-course on How to Start an Online Canadian Private Practice Jane App (use code FEARLESS for one month free) Listen to my podcast episode with Ali Taylor to learn more about privacy laws  Listen to my podcast episode about hiring a Canadian virtual assistant and safe virtual communication  Learn more about Hushmail on their website  Follow this link to get discounts on Hushmail and Nord VPN  Rate and subscribe to this podcast on Apple Podcasts, Google Podcasts, or Spotify.

This episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool connect with Lauren Reid, a privacy and digital ethics consultant and president of the Privacy Pro in Toronto.  Listen as Paul and Dr. K connect on all things current in Canada, especially related to C27, the newest proposal to update PIPEDA  - following up from C11, which failed to pass in the previous election year.As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy @trustArc and email seriousprivacy@trustarc.com. Please do like and write comments on your favorite podcast act so other professionals can find us easier. Please vote for k for cybersecurity woman of the year in the lawyer category https://www.surveymonkey.com/r/PJLY6KW

Parliament is now on break for the summer, but just prior to heading out of Ottawa, the government introduced Bill C-27. The privacy reform bill that is really three bills in one: a reform of PIPEDA, a bill to create a new privacy tribunal, and an artificial intelligence regulation bill. What’s in the bill from a privacy perspective and what’s changed? Is this bill any likelier to become law than an earlier bill that failed to even advance to committee hearings? To help sort through the privacy aspects of Bill C-27, Ryan Black, a Vancouver-based partner with the law firm DLA Piper (Canada), joins the Law Bytes podcast to discuss everything from changes to consent requirements to how the law will be enforced.

When I started my Canadian private practice I did all the admin, from answering the phone to responding to emails. It took up a lot of hours that could have been focused on seeing more clients or building my practice. But finally I hired a virtual assistant and now my practice is growing and I haven't looked back! Are you still doing all the admin within your private practice while providing therapy to your clients? Do you find yourself stretched thin between all the deadlines and to-do lists? Maybe it's time for you to hire your first virtual assistant (VA)! In this podcast episode, I tell you my story and explain exactly how you can get started. In This Episode: Why is hiring a VA important? How I hired my first VA How to train your VA When should you hire your first VA? Why is hiring a VA important? As a counsellor, you don't want to waste your valuable time doing admin work like answering phone calls or responding to emails. These admin tasks can easily be done by someone else, freeing up your time and energy to focus on what you do best: being a therapist and helping people! Some reasons why hiring a VA is important for your business: You can then see more clients You can take more days off to rest Legitimize your business because clients have to go through your VA to get to you How I hired my first VA I decided I wanted to hire my own VA because I wanted the freedom to train them from the ground up for my specific Canadian private practice and I wanted them to do specific tasks that were not  included in packages at virtual assistant companies. After realizing that these companies were not the right fit for me, the next option was to write up an ad and post it online. In this ad I wrote about: The qualities I was looking for in a virtual assistant The education that I was expecting from my VA The hourly price I was willing to pay How many hours of work per month I needed from the VA How to train your VA After you have found your VA, and hired them, this is what I recommend to train them to become a well-suited employee for your Canadian private practice: 1. Meet with your VA once a week for 30-minutes 2. Create a Google Doc instruction manual and have your VA as an editor so that you can both edit it as you are talking in real-time. 3. Use Slack for communication with your VA about scheduling or any work-related queries. Remember that Slack is not PIPEDA compliant, so be careful not to share any identifying information through it. 4. For password privacy, use Dashlane to share passwords securely with your VA and monitor how your VA is checking up on the accounts they need to. 5. Set up a virtual phone to contact your virtual assistant! Use Grasshopper to communicate with your VA easily and professionally. When should you hire your first VA? As soon as you can! It is one of the best investments that you can make in your Canadian private practice. Connect with me: Instagram Resources Mentioned and Useful Links:  Ep 23: What should I Include in my Canadian Marketing Plan?: Live Consultation with Michelle Noftall Article: How to Set Up a Canadian Private Practice Website  Sign up for my free e-course on How to Start an Online Canadian Private Practice How I Set Up My Canadian Private Practice | EP 02 How I Grew My Canadian Private Practice | EP 04 Consider using Slack for online communications with your VA Consider using Dashlane for security and privacy with your VA Consider using Grasshopper as a virtual phone system Rate, review, and subscribe to this podcast on Apple Podcasts, Google Podcasts, Stitcher, Spotify, Amazon, and TuneIn

Saudações! Até o final de 2023 cerca de 75% da população mundial deve ter suas informações pessoais cobertas por uma legislação de privacidade digital. Desde 2018 o Canadá tem a PIPEDA, A Lei de Proteção de Informações Pessoais e Documentos Eletrônicos mas, as pessoas não tem noção da importância que ela tem e por isso a gente vai explicar ela pra você. No "Je me souviens", conheça a história da incrível Jean Augustine, uma imigrante nascida em Granada e a primeira mulher negra deputada do Parlamento. E ainda, novas leis de controle de armas, o aplicativo do Tim Hortons acusado de roubar a privacidade dos usuários, mais deslizamentos de terra por causa de enchentes, o direito de "desconectar" dos funcionários, coiotes tomando banho na piscina e muito mais. Apoie este projeto no Patreon www.patreon.com/canadaagora == Minutagem 00:11:13 - Nacional, Nunavut, Northwest Territories, Yukon, British Columbia e Manitoba 01:00:23 - Je me souviens - Jean Augustine 01:07:10 - Ontario, Québec, Newfoundland & Labrador, Prince Edward Island e New Brunswick 01:58:27 - Oh! Canada - Lei de Proteção de Informações Pessoais e Documentos Eletrônicos do Canadá (PIPEDA) 02:16:53 - “Artes, Eventos, Sugestões” == Sobre o Canadá Agora: Um podcast especial, que analisa a política, economia e o cotidiano do Canadá, e fala desses assuntos como você quer ouvir. Siga a gente: canadaagora.com Facebook: www.facebook.com/canadaagora Twitter: www.twitter.com/canadaagora Instagram: www.instagram.com/canadaagora == Edição: Masaru Hoshi Roteiro: Masaru Hoshi, Paulo Enrique Dantas Produção: Masaru Hoshi, Paulo Enrique Dantas Músicas: Abertura: Lupin III Special Studio Session - Yuji Ohno & Lupintic Six A mari usque ad mare: Oh Canada - Daniel Hersog's O Canada Jazz Orchestra Je me Souvien: Mackinaw - Folk Music from Quebec "Oh Canada": Members Only - TrackTribe "Artes, Eventos, Sugestões": All the Fixings - Zachariah Hickman

How do you make your analytics strategy compliant to your privacy laws? How does PIPEDA, CCPA, GDPR, and so on influence how you engage with your current and potential customers? What are the differences between the privacy laws in Europe and North America and how do you respect all of them? How do privacy laws affect your analytics strategy? Maciej Zawadziński, CEO of PiwikPRO, is joining us on the Lights On Data Show to impart his knowledge on the subject.

Today on EP. 184 of the BlockHash Podcast, CEO Andrei Poliakov and Brandon Zemp talk about Coinberry and how they are a trusted Canadian Crypto Exchange. They are based in Toronto, FINTRAC registered and PIPEDA compliant. Listen to the full episode wherever you go on Anchor, Spotify, Apple, Google, Amazon Music and more! The podcast is available on… Apple Podcasts: https://podcasts.apple.com/us/podcast/blockhash-exploring-the-blockchain/id1241712666 Amazon Music: https://music.amazon.com/podcasts/6dc84ee4-845b-4bea-b812-b876daab2c7e/BlockHash-Exploring-the-Blockchain Spotify: https://open.spotify.com/show/4AGqU8qxIYVkxXM4q2XpO1 Google Podcasts: https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy9iNmNhNWM0L3BvZGNhc3QvcnNz Website: www.blockhashpodcast.com On Social Media… Website: https://www.coinberry.com/ Twitter: https://twitter.com/CoinberryHQ Instagram: https://www.instagram.com/coinberryofficial/ Facebook: https://www.facebook.com/CoinberryOfficial/ Find Brandon Zemp & the podcast on Social Media… Instagram: https://www.instagram.com/theblockhash/ Instagram: https://www.instagram.com/zempcapital/ Twitter: https://twitter.com/zempcapital Facebook: https://www.facebook.com/theblockhash LinkedIn: www.linkedin.com/in/brandonzemp NFTs by BlockHash… OpenSea: https://opensea.io/collection/zemp OpenSea: https://opensea.io/collection/kiseokkim OpenSea: https://opensea.io/collection/officialcryptoghosts Sign up for the newsletter… (FREE) Blockchain Weekly: https://www.getrevue.co/profile/zemp (MEMBERS ONLY) Blockchain Insider: https://www.getrevue.co/profile/zemp/members

Privacy reform in Canada has lagged at the federal level with the efforts to update PIPEDA seemingly going nowhere, but multiple provinces have moved ahead with amending their own laws. Quebec leads the way as late last month it quietly passed Bill 64, a major privacy reform package that reflects – and even goes beyond – many emerging international privacy law standards. Chantal Bernier, the former interim privacy commissioner of Canada, now leads the Dentons law firm's Canadian Privacy and Cybersecurity practice group. She joins the Law Bytes podcast to talk about Bill 64, including its origins, key provisions, and implications for privacy law in Canada. The podcast can be downloaded here, accessed on YouTube, and is embedded below. Subscribe to the podcast via Apple Podcast, Google Play, Spotify or the RSS feed. Updates on the podcast on Twitter at @Lawbytespod. Show Notes: Bill 64 on Modernizing Quebec privacy law – Why It Matters and How to Prepare for It Credits: Canadian Press, Bains Explains Update to Canada’s Digital Privacy Law

We spend some time with Danielle Mckinley (@thehipaachick) discussing the hot topic of HIPAA and PIPEDA complacence. Most of all, we had some fun along the way.

In this 162nd episode of Fintech Impact, Jason Pereira, award-winning financial planner, university lecturer, writer, and host interviews Edward Berks (Xero), Davyde Wachell (Responsive AI), and Chad Davis (LiveCA) on what works and doesn’t work with Open Banking in different countries around the world!Episode Highlights:1:03 – Everyone introduces themselves and their companies.4:06 – What market has done the best job of moving Open Banking forward?8:44 – Where have we seen the biggest struggles throughout the world?13:40 – David explains how North American banks are actively slowing down the process of Open Banking.17:00 – Everyone weighs in on TD’s current lawsuit against Plaid.21:05 – What is the correlation between market competition and outcomes?27:00 – Jason compares the American financial psyche with the Candian one.28:03 – Everyone discusses streamlining access to capital during COVID in Canada.33:30 – Why does the Canadian government continue to push timelines for Open Banking?37:30 – David discusses the opportunity that exists for financial regulators in Canada.39:30 – What is the timeline in Canada for the next thing that financial institutions should be excited about?41:10 – What would each guest change in the world of Open Banking?3 Key PointsThough Canada has PIPEDA, which guarantees people’s right to their data upon request, the banks have made the process a nightmare for the requester. Canadian banks colluded to ban Apple Pay in Canada in a manner that would be considered illegal in other countries.In Canada, Fintech was completely boxed out of the situation of providing relief during COVID, something it could have done much quicker than the major banks.Tweetable Quotes:“Australia has always been a little further along on the accounting and banking spectrum than Canadians and Americans and the UK. I think they’re going to be pretty well positioned to roll this out right as well.” – Chad Davis“Every time we give a password, we’re violating our fraud protection. That’s just a nonsensical stance to take.” – Jason Pereira“Whether or not you’re China or whether or not you’re a Canadian bank, the more you try to stop the flow of information, the more that information is going to flow.” – David Watchel“I think that there’s a herd instinct in well–established banks in most jurisdictions, and once you get that first domino toppling, it’s difficult for the other banks not to follow.” – Edward BurkeResources Mentioned:Facebook – Jason Pereira’s FacebookLinkedIn – Jason Pereira’s LinkedInFintechImpact.co – Website for Fintech ImpactJasonPereira.ca – Sign up for Jason Pereira’s newsletterWoodgate.com – Website for Woodgate FinancialXero.com – Website for XeroLiveCA.ca – Website for LiveCAResponsive.ai - Website for Responsive AI See acast.com/privacy for privacy and opt-out information.

Using data to make decisions—either by a person or by a machine—has become a big part of our lives over the past couple of decades. Our lawmakers have tried to keep up, but innovation will likely always outpace bureaucracy. And, in a world where most of us have clicked “I have read the terms and conditions” even when we haven't, the implications of out-of-date privacy laws could become serious.In November, the federal government introduced the Digital Charter Implementation Act to try to better protect Canadians and their privacy. This update to Canada's privacy laws is overdue, but will it do what it sets out to? Shaun Brown, lawyer and privacy expert, helps us understand the proposed new laws and what they might mean to you.Find Shaun on LinkedIn, or through the nNovation LLP website, nnovation.com, or on Twitter @nNovationllp.Listen to our other podcasts at conferenceboard.ca/insights/podcasts. You can find all of our research here: conferenceboard.ca/. 

Debbie Reynolds "The Data Diva," talks to David Goodis the Privacy Commissioner of Ontario, Canada. We discuss his career transition into Data Privacy as a regulator, Data Privacy in Canada at present, a background of Canadian Data Privacy regulations over the last 20 years, current proposals for changes in Canadian Data Privacy regulations PIPEDA and frameworks, the use of AI and automated decision-making, socially acceptable beneficial purposes of data use, the need for transparency, the trust problem, onward data transfer, differences between Canada the U.S. and the EU and privacy legislation, commerce and the role of the FTC and future US data privacy laws, the adequacy question of the EU and Canada, and his wish for privacy enforcement in the future.

Debbie Reynolds "The Data Diva," talks to David Goodis the Privacy Commissioner of Ontario, Canada. We discuss his career transition into Data Privacy as a regulator, Data Privacy in Canada at present, a background of Canadian Data Privacy regulations over the last 20 years, current proposals for changes in Canadian Data Privacy regulations PIPEDA and frameworks, the use of AI and automated decision-making, socially acceptable beneficial purposes of data use, the need for transparency, the trust problem, onward data transfer, differences between Canada the U.S. and the EU and privacy legislation, commerce and the role of the FTC and future US data privacy laws, the adequacy question of the EU and Canada, and his wish for privacy enforcement in the future.

We look back to January 2020 - with no crystal ball for Serious Privacy with Paul Breitbarth and K Royal. With 47 episodes and over 25,000 downloads, Season 1 of Serious Privacy is complete. Thank you to our fans! Season 2 starts Global Privacy Day 2021. Our initial ideas were a little different, but K and Paul found their rhythm and a following. Join us as we look back, play some of our favorite moments, and look ahead to 2021. Our most popular episodes were What Now Right Now? Assessment of the EU Schrems II Decision with Gabriela Zanfir-Fortuna of the Future of Privacy Forum and Sophie in ’t Veld, which we put together the same day; Wildly Successful: An Unexpected Career in Privacy with Emerald de Leeuw; and Privacy on the Front Lines: A View from LA with Lillian Russell. We had phenomenal speakers from around the world (such as Travis LeBlanc, Profs. Dan Solove and Paul Schwartz, Sophie Kwasny, Fabricio da Mota Alves, Vivienne Artz, Marie Penot, Annelies Moens) and amazing topics (such as Sharenting, a tribute to Ruth Bader Ginsburg, Schrems II guidance, laws from around the world , social justice, women in privacy, data science, and gaming)Please see the full blog entry for a more complete listing. Check out all the episodes!Thank you and we look forward to 2021.Social MediaTwitter@podcastprivacy, @heartofprivacy, @EuroPaulB, @TrustArcInstagram @SeriousPrivacy

On 17 November 2020, the Canadian Minister of Information Science and Economic Development, Navdeep Bains, introduced bill C-11, the long-awaited update to the federal Canadian privacy legislation. For many years, this legislative update had been rumoured, and now that it was finally put on the table, we can see some sweeping changes. The Digital Charter Implementation Act, 2020, which includes the Consumer Privacy Protection Act, "would significantly increase protections to Canadians' personal information by giving Canadians more control and greater transparency when companies handle their personal information", the minister said. This week, we will take a look at what the new Canadian law might bring, how it would impact companies doing business in Canada and what novel approaches might be an inspiration for the rest of the privacy community. Our guests are two Canadian powerhouses: former Privacy Commissioner Jennifer Stoddart (now at Fasken), and nNovation counsel Constantine Karbaliotis. Both share their views on the federal and provincial legislative developments in Canada and look ahead at the potential impact of the new legislation.ResourcesBill C-11: An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make related and consequential amendments to other Acts - linkBig fines included in Canada's newly proposed national privacy bill - link Federal privacy reform in Canada: The Consumer Privacy Protection Act - linkPrivacy watchdog says he will look for amendments to new privacy legislation - linkSocial Media@TrustArc @PodcastPrivacy @HeartofPrivacy @EuroPaulB @ConstantK @FaskenLaw

Darren is a business leader and security professional with over twenty years of experience as a CEO and CISO of companies that handle sensitive data. Having founded a non-profit organization, three service companies, and two tech startups in his career, he understands how to assess and manage risk in alignment with organizational goals.  Darren Gallop is also a tech entrepreneur, information security expert, Techstars alumni, board member, and the CEO of Securicy. He co-founded Securicy and led the team to develop a SaaS product that guides businesses through creating, implementing, and managing their information security and privacy compliance program. Gallop previously co-founded Marcato and was CEO there for 10 years, until the successful event management software company was acquired by Patron Technology. He is fluent in English, French, and adept in Spanish. Gallop spends much of his non-work time playing music, fly fishing, canoeing, gardening and roasting coffee. He is from Nova Scotia, Canada. Darren's unique perspective enables him to lead organizations through the process of baking security into their business practices while improving productivity. During this interview we cover: 00:00 - A word From The Sponsor 01:02 - Intro 02:33 - Darren's Background & Losing a Six Figure Deal After Security Reasons 05:03 -  Opportunity & Problem to Solve That Motivated to Start Securicy 08:15 - Process From Idea to Launching & Initial Costs 12:51 - What SaaS Data security, Risks & Compliances are 18:11 - At What Point a SaaS company Should Start Thinking About CyberSecurity & Data Privacy 19:54 - The Most Common Data Breaches & Attacks  24:07 - Building, Framing & Documenting a Comprehensive, Integrated, Measurable, & Centralized Security Strategy 27:45 - Challenges a Being a Management Security Control Software 29:05 - Losing Trust & Regaining the Trust of the Customers & the Market 31:04 - Tips for Improving Your Internal Security & Privacy Systems 36:04 - Biggest Challenges Facing Now & Looking to Overcome in Continuing to Grow Securicy 38:01 - Top Resources Instrumental To Darren's Success  43:39 - What Does Success Mean to Darren? 46:17 -  Outro Mentions: https://owasp.org/ (Open Web Application Security Project OWASP) Terms: https://gdpr.eu/what-is-data-processing-agreement/ (GDPR) https://oag.ca.gov/privacy/ccpa (CCPA) https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/ (PIPEDA) https://en.wikipedia.org/wiki/Denial-of-service_attack (DDoS Attack) https://www.varonis.com/blog/iso-27001-compliance/ (ISO 27001 Compliance) Books: https://www.goodreads.com/book/show/12975375-the-advantage (The Advantage) https://store.johnmaxwell.com/ (Developing The Leader Within You) Get In Touch With Darren: https://www.linkedin.com/in/darrengallop/?originalSubdomain=ca (Darren Gallop's Linkedin) darren@securicy.com Tag us & follow: https://www.facebook.com/HorizenCapitalOfficial/ (Facebook)  https://www.facebook.com/HorizenCapitalOfficial/ https://www.linkedin.com/company/horizen-capital (LinkedIn)  https://www.linkedin.com/company/horizen-capital https://www.instagram.com/saasdistrict/ (Instagram)  https://www.instagram.com/saasdistrict/ (https://www.instagram.com/saasdistrict/) More about Akeel: Twitter - https://twitter.com/AkeelJabber (https://twitter.com/AkeelJabber) LinkedIn - https://linkedin.com/in/akeel-jabbar (https://linkedin.com/in/akeel-jabbar) More Podcast Sessions - https://horizencapital.com/saas-podcast (https://horizencapital.com/saas-podcast)

Canadian privacy legislation is getting a facelift, Twitter introduces Fleets instead of an edit button, and Amazon is officially allowed to deliver prescription medications to its US customers.

The Tech Humanist Show explores how data and technology shape the human experience. It's recorded live each week in a live-streamed video program before it's made available in audio format. Hosted by Kate O’Neill. About this episode's guest: Abhishek Gupta is the founder of Montreal AI Ethics Institute (https://montrealethics.ai ) and a Machine Learning Engineer at Microsoft where he serves on the CSE Responsible AI Board. He represents Canada for the International Visitor Leaders Program (IVLP) administered by the US State Department as an expert on the future of work. He additionally serves on the AI Advisory Board for Dawson College and is an Associate Member of the LF AI Foundation at the Linux Foundation. Abhishek is also a Global Shaper with the World Economic Forum and a member of the Banff Forum. He is a Faculty Associate at the Frankfurt Big Data Lab at the Goethe University, an AI Ethics Mentor for Acorn Aspirations and an AI Ethics Expert at Ethical Intelligence Co. He is the Responsible AI Lead for the Data Advisory Council at the Northwest Commission on Colleges and Universities. He is a guest lecturer at the McGill University School of Continuing Studies for the Data Science in Business Decisions course on the special topic of AI Ethics. He is a Subject Matter Expert in AI Ethics for the Certified Ethical Emerging Technologies group at CertNexus. He is also a course creator and instructor for the Coursera Certified Ethical Emerging Technologist courses. His research focuses on applied technical and policy methods to address ethical, safety and inclusivity concerns in using AI in different domains. He has built the largest community driven, public consultation group on AI Ethics in the world that has made significant contributions to the Montreal Declaration for Responsible AI, the G7 AI Summit, AHRC and WEF Responsible Innovation framework, PIPEDA amendments for AI impacts, Scotland’s national AI strategy and the European Commission Trustworthy AI Guidelines. His work on public competence building in AI Ethics has been recognized by governments from North America, Europe, Asia, and Oceania. More information on his work can be found at https://atg-abhishek.github.io He tweets as @atg_abhishek. This episode streamed live on Thursday, October 22, 2020.

The world of data privacy is constantly changing. In this episode with Justine Kasznica and Ashleigh Krick of Babst Calland’s Emerging Technologies Group, the duo will discuss: Overview of the General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), and California Consumer Privacy Act (CCPA) Common elements among GDPR, PIPEDA, and CCPA; including: privacy policy notice requirements, business obligations, and consumer rights Overview of U.S. Regulatory Landscape: proposed state legislation and thoughts on federal action Practice pointers and best practices for compliance with existing privacy laws and preparing for the future Plus get insight on the FTC's investigation of Twitter. Read more on this topic at Babst Calland's EmTech Blog.

There have been several data privacy laws like GDPR, CCPA, PIPEDA, LGPD, and more, enacted in the past few years by various countries around the world. They are to be followed so that the customer data is handled correctly by businesses, organizations, and third-party service providers.  These laws provide the rights to the users to understand how their information is being collected, used and they can raise a complaint about it if any rights are being violated.  In this week’s podcast, we have Derek Lackey, Managing Partner at Newport Thompson, and a well-known data privacy expert in Canada. Dennis Dayman and Derek Lackey discuss privacy laws across countries and their impact on consumers and marketers alike in this highly insightful final podcast of season one. They Discuss: What is the real reason these data privacy laws were required, and how do they impact email?  How will these laws impact a marketer’s ability to collect information about the data subject or user? How important is permission marketing with regards to privacy compliance? How will these laws empower consumers and change the way they share data with brands for marketing purposes? What have been the consequences of email spam due to privacy laws? What are the future trends you see developing in the data and email privacy?

TikTok says it’s planning to sue the Trump administration, Apple and WordPress lock horns after Apple gets a little greedy, and a story about PIPEDA and Tim Hortons catches fire on Reddit. #HashtagTrending #Podcasts

Dr Stephanie Perrin led the drafting initiative that resulted in Canada's first piece of privacy legislation to cover the private sector, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA came into force in 2001 and is still in effect today. POWER PLAY's Ayden Férdeline hears the story behind the development of that law.

Personal data can often be a complicated side to critical business activities, such as mergers and acquisitions and bankruptcy. Since the beginning of the year, the world has been dealing with a global health crisis. But unfortunately, that is not the only crisis the world will be dealing with this year - by now it is clear our economy will take a serious hit as well. Companies will go under, or else may become targets for mergers and acquisitions while in a weakened state. That also may have an impact on the data holdings of organisations. Can sets of customer, employee and third-party data just be handed over from one company to the other, or sold to the highest bidder to return some money to investors? These highly impactful business activities, that are often executed rapidly, are not the times to overlook critical data allowances and restrictions. In this episode, we put these tough issues to Constantine Karbaliotis, a privacy veteran who has managed these issues for companies. Join us as we discuss how companies can prepare for and manage privacy issues in M&A and bankruptcy. We also took the opportunity to ask him for a Canadian’s perspective on the new CCPA regulations that have been filed with the California Office of Administrative Law. Resources:EDPB - Statement on the Data Protection Impact of Economic ConcentrationEDPB - Statement on Privacy Implications of MergersDutch DPA - Guidance on data processing in a bankruptcy situation (NL)CCPA Regulations filed https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/oal-sub-final-text-of-regs.pdfPrivacy and Data Security in Mergers & Acquisitions Solutions Brief

It's definitely not business as usual.  I decided to do this podcast a little differently given the current times we are in and the challenges I know so many of you are facing. This episode of the Business of Becoming is for you if you once had a clinic and now don't, where you once worked in person with patients or clients in any capacity and now can't… your practice or business shut down overnight and now you're wondering what to do and will things ever go back to the way they were before.  In today's episode, I'm joined by Dr. Alicia MacPherson, Dr. Tiffany Cheung and Gillian Reid who are all heavily regulated practitioners with online practices and businesses. We hosted this live conversation for dozens of naturopathic doctors and regulated practitioners who are left wondering… what do I do now?  If you too find yourself wondering… this episode will be extremely helpful.   More About My Guests: Dr. Alicia MacPherson, Naturopathic Doctor, and CEO of the MacPherson Method  Dr. Tiffany Cheung, Naturopathic Doctor and Founder of Tiffany Erika Cheung Gillian Reid, Integrative Psychotherapist and Founder of Mother Zen Wellness and Braving Wild Motherhood   What We Talk About In This Episode: The importance of having business fundamentals in place  The need for business infrastructure and the questions to ask yourself  Why having a system in place allows you to pivot quickly How to combine 1:1 patient with an online program/product Examples of 3 different business models so that you can start to conceptualize how this could work for you. See what is possible for growth-minded individuals How to pivot and optimize what works for you  How to ensure compliance with PIPEDA through online forums and messaging  Q&A from viewers   Things We Mention In This Episode: 10K Success System   Here's How To Subscribe & Leave A Review (pretty-please): Want to get notified when I release new episodes so you don't miss a thing? Click here to subscribe to the podcast on iTunes. And it would mean the world to me if you'd leave a rating and review. I'd love to know what you think of the podcast and how I can make it better for you. Plus iTunes tells me that podcast reviews are really important and the more reviews the podcast has the easier it will be to get the podcast in front of more people, which is the ultimate goal. You can leave a review right here.   Let's Keep The Conversation Going… Were you impacted by the lockdown? Do you have a Plan B or any creative ways to generate income? I would love to hear all about it and I'm sure others would too. Comment below and share your story or visit me on Instagram which is currently my favourite way to connect.  You can also join my free online community to connect with more than 16,000 other health practitioners just like you to ask questions, share wins and struggles and get lots of support from me and my team! I hope to see you there.

  Organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law, are required to report to the Office of the Privacy Commissioner (OPC) any breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals. They also need to notify affected individuals about those breaches, and keep records of all data breaches within the organization. On today's podcast, PIPEDA’s Mandatory Privacy Breach Notification, we will look at how PIPEDA applies to healthcare organizations and the vendors that support them. The Privacy Commissioner shares lessons learned after one year of mandatory breach reporting requirements under PIPEDA. Does PIPEDA Apply To You? PIPEDA applies to private sector businesses across Canada with the exception of Quebec, Alberta, and BC. In these provinces, provincial legislation wish is substantially similar to PIPEDA applies. In all cases, businesses which handle personal information which crosses provincial or national borders fall under PIPEDA regardless of which province that they are based in. In Alberta, we have privacy legislation called the Health Information Act (HIA) that takes precedence over PIPEDA and Alberta's Personal Information Protection Act, (PIPA). If a business, like a physician's office, has a privacy breach which includes health information, then the custodian of the physician office must report the privacy breach following the HIA regulations. If it's employee information or other non-health information is included in the breach then that triggers privacy breach notification under PIPA. Sometimes, a breach can include both types of information and the physician office must notify under both legislation. In BC the Personal Information Protection Act (PIPA) is BC's private sector privacy laws has also been deemed substantially similar to the federal private sector privacy law. BC does not have health information specific privacy legislation, so PIPA applies to private organizations in BC, including physician practices, and governs how the personal information about patients, employees and volunteers may be collected, used and disclosed. If you are a business in Canada, for example, an electronic medical records (EMR) business and you have a data center in Canada where all of your clients provide their information and store it in your data center, the EMR vendor likely falls under the PIPEDA regulations. The vendor may be responsive to other legislation as well. If you are an EMR vendor, you do not directly comply with the HIA in Alberta because that applies only to custodians. However, as an information manager of a custodian under the HIA, you have some obligations under the HIA in the event of a privacy breach. But that does not mean that you don't also have obligations under PIPEDA. Listen to the podcast to learn more! Show Notes You can advance the audio to the time entries 03:00  PIPEDA 03:18  Does PIPEDA apply to you? 04:11  Alberta 04:53  British Columbia 05:26  EMR vendor and businesses that support healthcare practices 06:52  What is personal information 07:44  Why is privacy important? In 2017, 65% of large organizations with more than 100 employees indicated that they were privacy aware, but only 43% of small businesses indicated that they were privacy aware. 09:11  What Is A Privacy Breach 12:44  PIPEDA Mandatory Privacy Breach Reporting Process 12:55  Keep Records 13:27  ROSH 14:04  Report to the OPC 14:10  Notification Information Manager Agreement – should indicate if a vendor should directly notify a patient about the privacy breach or if the custodian will do the notification. The Information Manager Agreement should also identify which party (parties) is responsible for the cost of notification. See the Practice Management Success Tip – Top 3 Agreements https://InformationManagers.ca/Top-3 15:46  What is ROSH? 17:47  What information, circumstances of the breach. 19:33   CASL Canada’s Anti-Spam Legislation 20:34  Good Privacy Is Good For Business When we know better, we can do better… I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice. How to Manage a Privacy Breach with Confidence The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan: In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready? Click here for more information on the on-line 4 Step Response Plan course available now! https://informationmanagers.ca/4-step New! Podcast Key Word Search Tool Did you hear something on today’s podcast that you would like to go back and listen to again? Or, maybe you heard something on one of our previous podcasts that you want to listen to again, but you can’t remember which one and you would like to find it quickly and easily. Well, that’s easy to do now! If you heard something on this podcast that you want to re-visit, go to PracticeManagementNuggets.Live/search and enter the keyword in the magic box. You will automatically be brought to the podcast at the exact spot where we talked about it. Rate and Review the Podcast I am honoured that you choose to spend your time with me today. Thank you for the opportunity to share my obsession about privacy, confidentiality and security with you! Reviews for the podcast on whatever platform that you use is greatly appreciated! When you provide your honest feedback it helps other people just like you find content that may help them, too.  If you received value from this episode, please take a moment and leave your honest rating and review. Jean L. Eaton, Your Practical Privacy Coach and Your Practice Management Mentor with Information Managers Ltd.

Add the CRM Radio skill to your Alexa capable device to play the most recent or choose from a list. Growing Email Compliance Issues – GDPR, CASL, and CCPA – What? ----more---- The database chicken has come home to roost and the results won’t be pretty for those that ignore it. Paul Petersen the host of CRM Radio interviews Dereck Lackey, managing director of Newport Thompson and Chairman of the Response Marketing Association. He is among other titles the author of CASL Compliance, A Marketers Guide to Email Marketing to Canadians. In this fast-paced information jammed 25-minute live program broadcast on December 19, 2019, and now available as a podcast they discuss: Jan 2, 2020 California Consumer Protection Act (CCPA) and its far-reaching consequences How new laws prevent marketers from doing whatever the hell they want to the customer Why CCPA is more targeted to companies that sell data but doesn’t apply to non-profits How every company web form will all be affected Why legislation is the direct result of marketers who checked out of respecting the customer Why it’s embarrassing that governments had to legislate to take care of customers Why you must have someone in your company who is the data controller Is GDPR the gold Standard for data protection? How consumer protection acts are good for your company About Derek Lackey With more than 30 years’ operating an advertising agency, Derek is focused on data protection & privacy and its effect on the brand. The author of CASL Compliance: A Marketer’s Guide to Email Marketing to Canadians, he looks to simplify the implementation of new data management practices within organizations such that they comply with global laws such as GDPR, PIPEDA, CASL, and CCPA, while taking good care of their prospects and customers. He believes making compliance practical makes compliance feasible. Derek is active in the privacy community chairing the Guidance Committee, Canadian Advisory Council – GDPR, co-chair, IAPP Toronto Chapter – 2020/2021, committee member on ISO 31700 – Privacy by Design for Consumer Products, the CEN CENELEC JTC 13 on Cybersecurity and Data Protection and the new Standard Council of Canada’s initiative - Data Governance Standardization Collaborative (DGSC) He is Managing Partner of Newport Thomson, a data & privacy consulting firm based in Toronto. In his volunteer role as Chairman of the Response Marketing Association, he has provided leadership in the area of privacy and marketing. He is also the Publisher of Blazon. Online a curated portal featuring great content for marketers. www.blazon.online Educated in Marketing at University of Toronto, Derek applies creativity to his business strategy while placing a strong emphasis on results. At one point in time, seven of the nine brands handled by his full-service ad agency were #1 in their categories in Canada.  Newport Thompson We help organizations become compliant with new data/privacy/email laws in: United States (Can-Spam and California Consumer Protection Act 2018), Canada (CASL and PIPEDA) and European Union (GDPR and ePrivacy Regulation)  As the leaders in data & privacy compliance, our Global Data & Privacy Compliance™, a single system service that sets your data & privacy policies and procedures such that the organization is compliant in all jurisdictions. We also offer Canadian Anti Spam Legislation (CASL) compliance. We help identify and change your organization's practices and policies regarding electronic messaging . This law changes the way we use commercial email and SMS text messaging when targeting Canadians. Our way of operating must follow suit. We offer products/ services in the following areas: Review & Gap Reports - for those who wish to do the work themselves and simply have it checked by professionals who have a working understanding of the laws. Full compliance Programs/ Staff Training - for those who simply want to contract the entire task to professionals who can bring them into compliance quickly and efficiently. Certification Programs - approving other’s work with a full audit/certification. Recommending Marketing Automation Technology solutions to track consent status in real time. Email List building within each country - with new rules comes new practices in the area of list building strategies. All services are available in USA, Canada, Europe Background on the CCPA & the Rulemaking Process The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It also requires the Attorney General to solicit broad public participation and adopt regulations to further the CCPA’s purposes. The proposed regulations would establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses for how to comply. For more information about the Office of Administrative Law and California’s Rulemaking Process, see Office of Administrative Law - California Code of Regulations. For more information about the CCPA, see Fact Sheet, pdf. Information about the rulemaking process, pdf  ___________________________________________ CRM Radio is hosted by Paul Petersen of Goldmine CRM by Ivanti which is a program on the Funnel Radio Channel.  GoldMine is the sponsor of CRM Radio.    

Torys LLP Privacy Counsel Molly Reynolds and Associate Ronak Shah sit down to discuss the Digital Charter initiative which outlines proposals to modernize Canada’s privacy laws, including the Personal Information Protection and Electronic Documents Act. The pair talk about the Charter's principles that will guide future policy making, how much substance there is behind them and what businesses can expect over the next few years.Music: Stratosphere - www.adamvitovsky.com.

Join host TW Woodward and guest Harri Olkinuora from Norway-based software company Netlife Suite as they discuss GDPR-the General Data Protection Regulation and how government legislation threatens the future of the photo industry.  With CCPA (California Consumer Privacy Act) coming into effect in January 2020, consumer privacy and protection have become a critical component of how companies in the United States store and share private data.  Host TW Woodward asks the tough questions surrounding government regulation and Harri provides direct experience and real-world examples from the photo industry in Europe.

Roughly 3.5 million Americans are being prescribed or using medical cannabis today. But, how can a person or a medical provider know that what they are using, or prescribing, is the most effective strain for their, or their patient's, treatment plan? In this episode of Hilary Topper On Air, Hilary interviews Stephanie Karasick, Co-Founder & Chief Creative Officer of Strainprint Technologies Ltd., the leading demand-side cannabis data and analytics company. About Stephanie Stephanie was born and raised in the suburbs of Montreal, and left shortly after getting her degree in Graphic Design. She moved to Toronto, working as a copywriter at Leo Burnett, Saatchi & Saatchi, JWT, Taxi, and MacLaren McCann over a span of 15 years. Somewhere in that time, she began studying photography. She also left the corporate world to work as an editorial and family photographer and a mom. The idea for Strainprint came to her after her first few months of using medical cannabis. She was noticing how little information and scientific validation there was on various treatments. Watch Steph's Video About the Interview Stephanie will discuss: The genesis of Strainprint and her story Why the medical cannabis app is important for individuals The importance of medical cannabis data What their data is telling us and why that is important Why continuing to break the stigma of medical cannabis and legitimizing it as a viable therapeutic option is important About Strainprint™ Founded in Toronto in 2016, StrainprintTM Technologies Ltd. is the leading demand-side cannabis data and analytics company. With the world's largest longitudinal, observational dataset of its kind and a mission to advance the scientific understanding of cannabis and its legitimization as a mainstream therapy, Strainprint helps medical cannabis patients and doctors to use cannabis in the most effective and responsible way possible. Strainprint's data platform supports global cannabis research and provides advanced business intelligence and treatment guidance to producers, retailers, medical practitioners, pharmacies, government, and industry. Strainprint is HIPAA, PIPEDA and PHIPA privacy compliant, military-grade encrypted, and all patient data is completely anonymized and at rest in Canada. It can be seamlessly embedded or integrated with most electronic medical records (EMR) and seed2sale software systems. Strainprint Analytics is accessed by customer subscriptions. The Strainprint App is free to patients and can be downloaded from both the iOS App Store and Google Play Store. www.strainprint.ca, Facebook, Twitter, LinkedIn. Strainprint Reports are available at https://strainprint.ca/strainprint-reports/.

Supporting global cannabis research with Noah Kauffman, head of sales for Strainprint. Noah has been helping organizations purchase great software for over a decade. As Director of Sales at Strainprint, he’s responsible for identifying market opportunities and developing sales processes to drive continued revenue growth. Strainprint data is supporting global cannabis research and provides advanced business intelligence to producers, retailers, medical practitioners, pharma, government, and industry. Strainprint is HIPAA, PIPEDA and PHIPA privacy compliant, military-grade encrypted.

October 21, 2019. The day Canada will vote in its 43rd General Election. There is a subject of discussion that will only grow as voting day nears and it isn't about the parties and policy or lack thereof. It's about the integrity of the electoral system. In a digital world with information from everywhere to seemingly everyone, the issue of reliability is not a new question. Integrity of electoral processes around the world have been compromised. There is no disputing this fact. The 2016 US election. The 2018 US midterms. Brexit. France. Austria. Turkey. And right here at home with Electoral Reform referenda, Ontario and Alberta. New shadowy players in a new arena with an awful lot at stake. Canada's current government has done more than most nations recognizing and trying to identify, contain and counter the threat. But surprise surprise, not everyone involved wants to take action. Why? Politics and money. Bill C-76 did a lot to restore rights for voters, limit financial shenanigans and set limits regarding timeframes on advertising and fundraising. But nothing specifically on digital skullduggery. The environment changes rapidly and sources of influence disappear as quickly as they appear. Wiil the extra efforts protect the integrity of the election? The Critical Election Incident Public Protocol (CEIPP) is made up of five senior bureaucrats that will assess threats and determine if they are serious enough to inform Canadians. The Security and Intelligence Threats to Elections (SITE) Task Force consists of CSE, CSIS, RCMP, Global Affairs Canada and the Intelligence Advisor to Government. It is mandated to prevent covert, clandestine or criminal activities from influencing or interfering in the electoral process. Will these measures work? Why weren't political parties made to comply with PIPEDA private information guidelines? Why aren't social media platforms willing to voluntarily comply to C-76? $$

Coming up in this week's episode of the GDPR Weekly Show: An update on the Marriott Hotel data breach, Kent County Council data breach of adoptive parents, GDPR Canada style - a look at PIPEDA, Builder fined for not complying with Subject Access Request

Today on Concierge For Better Living we are joined by Strainprint's VP of Research, Michelle Arbus. Michelle is a veteran of the market research industry with over a decade of experience at the global research firms Ipsos and the NPD Group. While at these organizations, she conducted rigorous data analysis which provided multi-national corporations with data-driven insights and recommendations to solve their business issues. Most recently, Michelle took her analytical expertise to the Ontario Ministry of Health where she consulted on issues such as cannabis, tobacco smoking, routine childhood immunizations, and the flu. She led research which was used as the basis for the strategic direction of programs, initiatives or communications on various health matters. Michelle will be in charge of heading up research efforts at Strainprint, including doing a deep-dive on the rich, 7 million data-points, analyzing the data and creating meaningful reports. Michelle holds a BA Honours in Psychology from York University and an MBA from Dalhousie University. Founded in Toronto in 2016, StrainprintTM Technologies Ltd. is the leading demand-side cannabis data and analytics company. With the world's largest longitudinal, observational data-set of its kind and a mission to advance the scientific understanding of cannabis and its legitimization as a mainstream therapy, Strainprint helps medical cannabis patients and doctors to use cannabis in the most effective and responsible way possible. StrainprintTM data platform supports global cannabis research and provides advanced business intelligence and treatment guidance to producers, retailers, medical practitioners, pharmacies, government, and industry. Strainprint is HIPAA, PIPEDA and PHIPA privacy compliant, military-grade encrypted and all patient data is completely anonymized and at rest in Canada. Strainprint can be seamlessly embedded or integrated with most electronic medical records (EMR) and seed2sale software systems. Strainprint Analytics is accessed by customer subscription.

In today's podcast, we hear that Bleeding Bit flaws leave Wi-Fi access points open to war drivers and other malefactors within a hundred meters of your equipment. US Cyber Command continues its attempts to dissuade foreign influence operations against midterm elections. Social networks have difficulty identifying who's buying ads. Canada's data privacy law takes effect today. GandCrab crooks take a million-dollar bath. And if you go to Soulmates in Google Play, you're looking for love in all the wrong places. Johannes Ullrich from the ISC Stormcast podcast on hiding malware in benign files. Guest is Tara Combs from Alfresco on coming US cyber regulations. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_01.html Support our show

On this week's episode of the pod, Hilary Young, Oliver Pulleyblank and Rob Danay discuss: The decision of the 9th circuit court of appeals in the United States to order a new trial on the question of whether Led Zeppelin's "Stairway to Heaven" violates copyright; The apparent decision of Canada's Privacy Commissioner to refer a question to the Federal Courts on whether or not PIPEDA includes a "right to be forgotten;" and The propriety of former Supreme Court judges acting as counsel in their post-judicial careers. In obiter dicta, Hilary talks about the perplexing recent provincial election in New Brunswick, Oliver delivers a sermonic ode to the game of baseball and Rob talks about the unfortunate clash of mountain goats and human beings in the Olympic National Park. We are on Twitter: @stereodecisis And Facebook! And Patreon!

In this special episode we have a freebee from our new privacy officer training course! Important points to remember: Designate a private officer in your business or acknowledge that you are that person. Remember the 10 parts of the PIPEDA: 1. Accountability 2. Identifying purposes 3. Consent 4. Limiting Collection 5. Limiting Use, Disclosure, and Retention 6. Accuracy 7. Safeguards 8. Openness 9. Individual Access 10. Challenging Compliance REGISTER NOW Subscribe to Podcast This podcast has been brought to you by the Electronic Health Information System An electronic medical record designed specifically for allied health professionals. Sign up now and take your private practice paperless. Other Ways to Enjoy this Post Google Play YouTube ITunes

There were a lot of big promises in that 2015 LPC Campaign, weren't there? Such as electoral reform. Such as eliminating the National Energy Board and having new project hearings. Such as a new "relationship" with Indigenous Peoples. Such as "fixing" C-51. See a common theme here? Well, add another one to the growing pile. After promising to renew and replace Canada's 1982 Privacy and Access to Information laws, we get Bill C-58 which amends those 35 year old laws instead of replacing them. Why have corporate media ignored this issue so consistently except for the odd cursory update of its progress on the Order Paper? Why have only the usual suspects of independent media kept it current? TVUH will look at what there is to fear for the mainstream media. The 'consultation' started like they meant business, in the spring of 2016. Stakeholders, academics, expert groups and the Commissioners of Information and Privacy gave input. Then a funny thing happened. Bill C-58 hit the floor of the House on First Reading and effectively ignored all of that consultation. As Suzanne Legault neared the end of her term as Information Commissioner, she repeatedly called out C-58 as inadequate and regressive. Her replacement Caroline Maynard has not changed that position in any real effect. Privacy Commissioner Daniel Therrien has not been a fan of C-58, also using the terms regressive and not helping regarding any current backlogs or deficiencies. Time allocation, wholesale rejection of a lengthy list of Committee amendments and near invisible passage to the Senate is where we are now. Sunny ways, friends. The Red Chamber seems determined to take this bill apart, calling all the same detractors to tell them about its failures. Will it be sent back to the House with huge amendments? Will the threat of Proroguement kill it and many other bills? Would we be better off where C-58 is concerned?

Topics: Secure Framework documents Modifying chromebooks so you can use Debian/Ubuntu Memcached is the new DDoS hotness Announcement of the next BrakeSec Training Class (see Show Notes below for more info) Link to secure framework document: https://drive.google.com/open?id=1xLfY4uI88K2AiA1mosWJ7jFyP100Jv5d Tickets are already on sale for "Hack in the Box" in Amsterdam from 9-13 April 2018, and using the checkout code 'brakeingsecurity' discount code gets you a 10% discount". Register at https://conference.hitb.org/hitbsecconf2018ams/register/    #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite   Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec   --Show Notes-- Announcements: Matt Miller’s class on Assembly and Reverse engineering Starts 2 April - 6 sessions 2nd Class - 6 sessions, beginning 21 May Beginner course on Assembly Advanced course, dealing with more advanced topics $150 for each class, or a $250 deal if you sign up for both classes paypal.me/BDSPodcast/150USD - Specify in the NOTES if you want the “Beginner” or “Advanced” course paypal.me/BDSPodcast/250USD - If you want both courses We need a minimum of 10 students per class   Projects: Chromebook with Debian Bit of a pain, if I could be honest.. Needed USB hub with eth0, and a USB soundcard USB3 low profile thumbdrives would be better https://www.amazon.com/gp/product/B01K5EBCES/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1 https://www.securecontrolsframework.com/ ←--well well worth the signup https://drive.google.com/open?id=1xLfY4uI88K2AiA1mosWJ7jFyP100Jv5d - ‘secure.xlsx’ http://www.dummies.com/programming/certification/security-control-frameworks/ Numerous security frameworks already exist: Cisco NiST CoBIT ITIL (can be utilized) SWIFT  https://www.accesspay.com/wp-content/uploads/2017/09/SWIFT_Customer_Security_Controls_Framework.pdf “My weird path to #infosec” on twitter https://en.wikipedia.org/wiki/Hydrocolloid_dressing

When it comes to privacy, organizations are required to follow federal and provincial legislation which prohibits the use of personal information in an inappropriate or unreasonable manner. As part of the federal private sector, The Personal Information Protection and Electronic Documents Act (PIPEDA) determines proper conduct by organizations throughout Canada. Differently, The Privacy Act covers the personal information handling practices of the federal government itself. Our guest today is Vance Lockton, Senior Analyst for Stakeholder Relations at the Office of the Privacy Commissioner of Canada.  Vance explains that the Privacy Commissioner, Daniel Therrien is an officer of Parliament and reports directly to the House of Commons and the Senate, and is independent of the government in place. Vance details the laws in place for debt collectors, how investigations under the Office of the Privacy Commissioner of Canada are conducted and provides advice for listeners for protecting your personal information.