Promislow Ruth

Education

McGill University, BA, 1994, with honours University of Toronto, MA, 1995 University of Toronto, LLB, 1998 

Bar Admissions

Ontario, 2000

Ruth E. Promislow

Partner

T: 416.777.4688 / E: promislowr@bennettjones.com

Toronto


Ruth Promislow practices in the areas of privacy, data protection and management, cybersecurity and fraud.


Ruth Promislow helps clients navigate complex privacy, data management, artificial intelligence and cybersecurity matters.

With over 20 years of experience in litigating high-stakes commercial disputes (including complex commercial fraud), marked by an impressive track record of success, Ruth has focused the last decade of her practice on advisory work surrounding regulatory compliance with privacy and emerging technology legislation, data management and governance, cybersecurity preparedness and breach response, and associated commercial and regulatory disputes.

Ruth is regularly retained by leading global organizations for her expertise on privacy regulatory compliance, data management and governance (including breach preparedness, privilege and outsourcing), managing cyber-attacks, transactional opportunities and risks relating to data and cybersecurity, as well as novel issues of privacy, data and cybersecurity law. Ruth’s clients include financial institutions and insurance companies, leading technology platform providers, international retailers, medical device manufacturers, hospitality organizations and professional advisors.

Ruth's expertise is widely recognized, and her accomplishments in privacy, data management and cybersecurity have earned rankings by Chambers Canada, where she and the firm's practice group are globally recognized.

Ruth is a thought leader in the privacy/data/cybersecurity space and is frequently invited to speak on emerging legal issues. Ruth plays a leadership role with several noteworthy international organizations, including:

  • adjunct professor at the University of Toronto Faculty of Law (Cybersecurity and Artificial Intelligence);
  • invited speaker to the FBI/RCMP Cybercrime Exchange;
  • lead facilitator for the MasterCard Emerging Leaders Cyber Initiative;
  • steering committee member at the Cambridge Forum on Cybersecurity; and
  • member of the United States Cybersecurity Leaders' Roundtable.

Select Experience

  • Recognize Partners, as Canadian counsel, in its acquisition of Blue Mantis and its subsidiaries in the US, Canada, and India, from ABRY Partners
  • Marriott International, Inc. in privacy class action litigation
  • BetterHelp, Inc. in privacy class action litigation
  • A leading international technology company in preparing opinions on novel issues of law regarding data management
  • A leading medical device manufacturer with global operations in providing regulatory compliance advice on Canadian privacy and health information laws
  • Association of insurance and reinsurance companies as breach coach
  • One of the largest cannabis companies in the world as breach coach for the development of policy and compliance programs on cybersecurity preparedness and incident response
  • Breach counsel, involving overseeing forensic investigations, regulatory and litigation risk management, reporting to regulators and handling regulatory inquiries and investigations
  • Lineage Logistics, an international refrigerated warehousing and storage company owned by Bay Grove Capital, on its acquisition of VersaCold Logistics Services, a Canadian refrigerated warehousing company with fully integrated logistics capabilities, from Torquest Partners, The Investment Management Corporation of Ontario and OPTrust
  • CF Acquisition Corp. VI, a special purpose acquisition company (SPAC) sponsored by Cantor Fitzgerald, as Canadian counsel on its business combination with Rumble Inc., a high growth neutral video distribution platform with an international user/subscriber base, valued at an initial enterprise value of US$2.1-billion
  • Datasite LLC, a portfolio company of CapVest Partners LLP, in its acquisition of Firmex Inc., a leading virtual data room and subscription file-sharing provider

Recent Recognitions

  • Chambers Canada
    Ranked, Privacy & Data
  • The Legal 500 Canada
    Corporate and Mergers & Acquisitions, Energy - Oil and Gas
  • Benchmark Litigation: Canada
    Recognized as a Litigation Future Star
  • Canadian Legal Lexpert Directory
    Repeatedly Recommended, Data Protection & Privacy
    Repeatedly Recommended, Environmental, Social & Governance (ESG)

Recent Insights, News & Events

  • Don’t Be the Next Victim of a BEC Scam
    Blog / April 07, 2025
    Businesses are increasingly defrauded through common scams known as business email compromise scams (BEC scams) for which they do not have insurance to cover the resulting losses. Fortunately, there are easy-to-implement strategies to minimize the risk of falling victim to this fraud before it’s too late.
  • 10 Key Questions to Guide Cyber Risk Management
    Blog / April 04, 2025
    Asking the right questions within your organization is key to effectively managing cyber risk. Here are 10 questions that you should ask your team.
  • Children's Online Privacy Subject to Increased Regulatory Scrutiny
    Blog / February 24, 2025
    Regulatory scrutiny is increasing concerning information of minors. Canadian privacy commissioners have identified minor's rights as a clear priority, and US regulators are setting strict parameters around what organizations can do with this information. Recent activity in both jurisdictions provides a useful guide for those organizations that commercialize the information of minors.
  • Bennett Jones Top Ranked in Chambers Canada 2025
    Announcements / September 26, 2024
    Bennett Jones is proud to have once again been recognized as one of Canada’s leading law firms across 41 practice areas, with 135 lawyer rankings in Chambers Canada 2025. These rankings reflect the deep trust our clients place in us to solve their most complex legal matters and underscore our lawyers' extensive understanding of their industries and businesses, enabling us to consistently deliver an exceptional experience. In this year's guide, Bennett Jones has 10 Band 1 practice rankings, 20 Band 1 lawyer rankings and 10 newly-ranked lawyers. In addition to this year's rankings, Bennett Jones was awarded Class Action Law Firm of the Year and was a finalist for Real Estate Law Firm of the Year. 
  • Data Resiliency: Safeguarding Business Through Cyberattacks
    In The News / April 24, 2024
    Ruth Promislow appears on a Globe and Mail webcast on what companies can do to prevent, withstand and rebound from a cyberattack. More and more, companies are understanding that data breaches are going to happen, but their ability to ensure business continuity is essential.
  • AI Insights Foundations
    Event / April 23, 2024
    Building on current and proposed legislative frameworks, duties of care and risk management strategies, this virtual symposium looked at AI through legal, technical, governance and risk-focused lenses, ultimately providing you with the practical insights and strategic viewpoints essential for successful AI adoption, all while futureproofing against potential legal challenges.
  • A Guide to Navigating the Complexities of GenAI in Investment
    Blog / March 18, 2024
    In today's rapidly evolving technological landscape, the emergence of generative artificial intelligence (GenAI) presents both opportunities and challenges for investors, founders and companies alike. With GenAI generating new categories of valuable information, it is crucial to navigate this terrain thoughtfully and compliantly, especially considering the regulatory, legal and social considerations at play.
  • Investing in Innovation: Smart Capital in the Age of Generative AI
    Speaking Engagements / February 23, 2024
    In a successful conclusion to the Canadian Venture Capital & Private Equity Association's Invest Canada Webinar Series, Bennett Jones presented a webinar featuring insights into the evolving venture capital landscape. Moderated by Kwang Lim, this webinar featured Lisa Kakoske, Ruth Promislow and Jeff Taylor as they discussed trends in the industry, regulatory challenges and the significance of ESG in generative AI investments.
  • The Future of Automotive in Canada
    Speaking Engagements / February 23, 2024
    Ruth Promislow was a featured panelist in The Globe and Mail's fourth annual Future of Automotive summit. As we see more and more vehicles storing and reporting data, Ruth's conversation focuses on the data collection, privacy and security concerns in the automotive industry.
  • Minister of Innovation, Science and Industry of Canada Releases Proposed Amendments to the Digital Charter Implementation Act
    Blog / October 11, 2023
    On September 26, 2023, the House of Common's Standing Committee on Industry and Technology (the Standing Committee) embarked on a comprehensive examination of Bill C-27, the Digital Charter Implementation Act. If passed, this legislation would repeal part 1 of the Personal Information Protection and Electronic Documents Act and enact three separate Acts designed to revamp privacy laws and govern the burgeoning field of artificial intelligence in Canada.
  • Generative AI Development: Canada Releases Voluntary Code of Conduct
    Blog / October 04, 2023
    The federal government has recently released its voluntary Code of Practice (the Code) relating to advanced generative artificial intelligence (AI) systems. The code identifies measures that organizations are encouraged to adopt when they are developing generative AI systems.
  • Bennett Jones Top Ranked in Chambers Canada 2024
    Announcements / September 28, 2023
    Bennett Jones has been recognized as one of Canada’s leading law firms across 39 practice areas, with 124 lawyer rankings in Chambers Canada 2024. In this year's guide, Bennett Jones has 11 Band 1 practice rankings, 21 Band 1 lawyer rankings and 10 newly-ranked lawyers. In addition to this year's rankings, Bennett Jones was awarded Real Estate Law Firm of the Year and was a finalist in Projects and Energy Law Firm of the Year.
  • Supreme Court of Canada Denies Leave to Appeal in Intrusion upon Seclusion Trilogy
    Blog / July 21, 2023
    On July 13, 2023, the Supreme Court of Canada denied leave to appeal from three Ontario Court of Appeal decisions declining to apply the tort of intrusion upon seclusion to database defendants—i.e., organizations that collect and store personal information in the course of carrying on a commercial activity and whose databases are hacked by unauthorized third parties.
  • Federal Court Dismisses Commissioner's Application In Facebook Privacy Case
    Blog / April 27, 2023
    The Federal Court of Canada released a decision on April 14, 2023 in OPC v Facebook Inc.,2023 FC 533, dismissing the Privacy Commissioner's application against Facebook (now Meta Platforms, Inc.) stemming from alleged breaches to the Personal Information Protection and Electronic Documents Act. 
  • Forty Bennett Jones Lawyers Recognized In Benchmark Canada 2023
    Announcements / April 26, 2023
    Bennett Jones is Highly Recommended in the 2023 Benchmark Canada rankings, with 40 individual lawyers ranked this year—30 Litigation Stars and 10 Future Stars. Benchmark Litigation's law firm and lawyer rankings based on extensive interviews with litigators, dispute resolution specialists and their clients as well as analysis of the market’s most important cases and firm developments.
  • ChatGPT Under Scrutiny: Privacy Concerns Surrounding OpenAI's AI-Powered Chatbot
    Blog / April 19, 2023
    ChatGPT—the artificial intelligence-powered chatbot—has been making headlines since its initial release date on November 30, 2022. Most recently, ChatGPT has been the subject of attention in connection with privacy regulation. The Office of Privacy Commissioner of Canada recently announced that it has launched an investigation into the company behind ChatGPT, OpenAI.  
  • A Canadian Perspective on Global Investigations Around the World
    Articles / January 23, 2023
    Sabrina Bandali, Emrys Davis, Alan Gardner, Laura Inglis, Amanda McLachlan, Ruth Promislow and Nathan Shaheen co-author the Canada chapter in Global Investigations Review's Practitioner’s Guide to Global Investigations, Volume II: Global Investigations around the World. They look at the nuances of law and process in Canada that practitioners are likely to encounter in cross-border investigations. This includes Canada's legal framework for corporate liability, the steps in an investigation, co-operative agreements giving immunity or leniency and corporate compliance programs.
  • British Columbia Employer Found Vicariously Liable for Data Breach
    Blog / January 05, 2023
    The Ontario Court of Appeal recently released a trilogy of decisions (Winder v. Marriott International, Inc., 2022 ONCA 815; Obodo v. Trans Union of Canada, Inc., 2022 ONCA 814; Owsianik v. Equifax Canada Co., 2022 ONCA 813) ruling that organizations which collect and store personal information (database defendants) are not liable for invasions of privacy perpetrated by third-party hackers. While those decisions limit the ability of plaintiffs to pursue an invasion of privacy claim in Ontario against database defendants for data breaches committed by unauthorized outsiders, organizations still should be mindful of potentially extensive liability for data breaches committed by their own employees under the doctrine of vicarious liability.
  • Regulatory Obligations Concerning the Disposal of Outdated Hard Drives and Servers
    Blog / October 12, 2022
    The disposal of hardware in the wrong manner can leave an organization offside its regulatory obligations under privacy legislation. Depending on the residence of the individuals or entities whose personal data is stored by organizations, improper disposal of hardware storage devices may be offside of regulatory obligations in several countries.
  • Understanding the Draft Consumer Privacy Protection Act
    Event / September 14, 2022
    On Wednesday, September 14, our Data Governance, Cybersecurity and Privacy group hosted a special presentation on the key changes included in this draft legislation and how they will change the scope of your obligations, the extent of regulatory scrutiny and exposure to penalties for non-compliance.
  • Proposed Revisions to Guideline B-10 Would Affect Outsourcing by Financial Institutions to Fintechs
    Blog / August 08, 2022
    Fintechs that contract with federally regulated financial institutions may face more stringent risk management requirements in their commercial arrangements.
  • Federal Government Introduces Cybersecurity Legislation to Protect Critical Infrastructure
    Blog / June 17, 2022
    On June 14, 2022, federal Public Safety Minister Marco Mendicino introduced Bill C-26, An Act Respecting Cyber Security (ARCS). Intended to strengthen cybersecurity of vital services and vital systems, this proposed legislation will, among other things, require various federally-regulated organizations to take steps to protect their cyber infrastructure.
  • Privacy Reforms Now Back Along with New AI Regulation
    Blog / June 17, 2022
    On June 16, 2022, the Digital Charter Implementation Act, 2022 (DCIA) was introduced as Bill C-27. The DCIA will enact the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act (PIDPTA), the Artificial Intelligence and Data Act (AIDA), and make amendments to other related acts. If enacted as currently drafted, we anticipate that the CPPA and AIDA will have a substantial impact on the extent of regulatory scrutiny of organizations with respect to their privacy practices, and use of artificial intelligence.
  • Bennett Jones Highly Recommended in Benchmark Canada 2022
    Announcements / April 28, 2022
    Bennett Jones is Highly Recommended as a firm in the 2022 Benchmark Canada rankings, with 38 individual lawyers ranked this year—30 are Litigation Stars, with 5 ranked as a Top 50 Trial Lawyer, and 8 are Future Stars.
  • Defending Against Ransomware: OSFI Updated Advisory on Cyber Incident Reporting
    Blog / March 14, 2022
    Ransomware continues to present an increasing risk to all organizations. Ransomware attacks can involve the installation of malicious software designed to block access to computer systems and/or steal data, and a corresponding extortion demand for a ransom fee. The threat and impact of these attacks has grown dramatically.
  • OSFI Calls for Consultation on Draft Guidelines for Technology and Cyber Risk Management
    Blog / December 06, 2021
    On November 9, 2021, the Office of the Superintendent of Financial Institutions (OFSI) launched a three-month public consultation on the Draft Guideline B-13: Technology and Cyber Risk Management. The Draft Guideline sets out OSFI's expectations with respect to “technology and cyber risk management” applicable to federally regulated financial institutions (FRFIs), such as banks, federally incorporated or registered trust and loan companies, insurance companies and pension plans subject to federal oversight.
  • Data Breach Risk: Critical Roadmap for Corporate Counsel
    Event / October 20, 2021
    Join the Bennett Jones Data Governance, Cybersecurity and Privacy group on October 20 for a presentation on the new and evolving landscape of cyber threats. The panel will address critical issues in the face of a cyberattack and discuss the best preemptive cyber-preparedness practices.
  • Bennett Jones: "Top Tier" in Chambers Canada 2022
    Announcements / September 16, 2021
    Bennett Jones has been recognized as one of Canada’s leading law firms across 38 practice areas, with 111 lawyer rankings in Chambers Canada 2022. Bennett Jones has 8 Band 1 practice rankings and 14 Band 1 lawyer rankings in this year's guide.
  • OSFI Cybersecurity Guidance and Notification Requirements
    Blog / August 30, 2021
    OSFI, the Canadian Federal Office of the Superintendent of Financial Institutions, on August 13, 2021, issued new guidance on Technology and Cyber Security Incident Reporting, replacing prior guidance of March 2019.
  • Ruth Promislow on Ransomware
    Speaking Engagements / July 28, 2021
    Ruth Promislow speaks in Ransomware Now Brought To You By SentinelOne. The webinar features the latest in Ransomware variants in 2021.
  • A Key Step Towards the Right to Be Forgotten? Federal Privacy Laws and Internet Search Engines
    Blog / July 21, 2021
    In Reference re Subsection 18.3(1) of the Federal Courts Act (the Reference), the Federal Court of Canada held that the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA) applies to internet search engines when they index webpages and present search results in response to searches of an individual’s name.
  • Regulation of Privacy in Ontario: One Step Closer
    Blog / June 25, 2021
    Organizations operating in Ontario may soon be subject to an entirely new provincial privacy regime that could impose substantial compliance obligations, and establish significant penalties for contravention of those obligations. 
  • Tackling Privacy and Cyber-Risks
    Speaking Engagements / June 14, 2021
    Jordan Fremont moderates the 2021 Canadian Pension & Benefits Institute Forum session on "Tackling Privacy and Cyber-Risks: Issues and Strategies for Employers, Plan Administrators, Suppliers and Advisors." 
  • The Changing Landscape of Privacy Regulation in Canada
    Event / June 02, 2021
    The draft Consumer Privacy Protection Act, introduced by the Canadian government in November 2020, forms part of the government's digital transformation strategy and involves a substantial overhaul of the existing privacy regime. Join us for a panel discussion on this changing landscape and its impact on your business, including a review of the obligations imposed with respect to personal information and practical guidance for in-house counsel to help prepare their company. This event is open only to in-house counsel who are practicing lawyers and are members of a provincial law society; however, you must RSVP to attend. In-house counsel must be ACC members or meet ACC membership eligibility. Please click here for further details.
  • 2021 Ransomware Insurance Update, Explosion of Ransomware and Best Practices
    Blog / May 25, 2021
    Insurer AXA, among Europe's top five insurers, recently announced that it was suspending insurance coverage in France for ransomware extortion payments. AXA said it made this decision in response to concerns raised by French justice and cybersecurity officials during a recent Senate roundtable in Paris about the global epidemic of ransomware. Notably, days before AXA's announcement, the insurer was hit by a ransomware attack. 
  • A “Step Back Overall” for Privacy
    Blog / May 13, 2021
    In November 2020, the federal government tabled Bill C-11, the proposed new private-sector privacy law that would replace the current regime under the Personal Information Protection and Electronic Documents Act (PIPEDA).We reported on Bill C-11 in Understanding the Draft Consumer Privacy Protection Act: A Summary of the Key Changes Proposed.
  • Ontario Promises to Create Canada's First Provincial Data Authority
    Blog / May 11, 2021
    On April 30, 2021, the Government of Ontario introduced Building a Digital Ontario, the province's new digital and data strategy, which lays the foundation for Ontario to become "the world's leading digital jurisdiction." Pursuant to the strategy, the Government of Ontario intends to create a new provincial data authority in consultation that will be responsible for "building modern data infrastructure to support economic and social growth at scale, while ensuring that data is private, secure, anonymous and cannot identify people individually."
  • Bennett Jones Highly Recommended in Benchmark Canada 2021
    Announcements / May 04, 2021
    Bennett Jones is Highly Recommended as a firm in the 2021 Benchmark Canada rankings, with 37 individual lawyers ranked this year—29 are Litigation Stars, 8 are Future Stars and 5 are Top 50 Trial Lawyers.
  • Preparing for the Consumer Privacy Protection Act (CPPA): A Practical Guide
    Event / February 18, 2021
      Members of the Bennett Jones Privacy and Data Protection team presented a practical guide on how to prepare for the substantial legislative changes in the draft Consumer Privacy Protection Act (CPPA).
  • Privacy Commissioners Issue Report on Clearview AI's Facial Recognition Tool
    Blog / February 06, 2021
    The use of a facial recognition tool by Clearview AI, Inc. was the subject of an investigation by the privacy commissioners of Alberta, British Columbia and Quebec and their federal counterpart. In their jointly published report of findings, the privacy commissioners held that Clearview's treatment of Canadians' personal information was in breach of provincial and federal private sector privacy laws, and recommended that Clearview cease all operations in Canada and delete all images and biometric facial arrays about Canadians in its possession.
  • Understanding the Draft Consumer Privacy Protection Act
    Event / December 11, 2020
    The Bennett Jones Data Governance, Cybersecurity and Privacy group hosted a special presentation on the key changes included in this draft legislation and how they will change the scope of your obligations, the extent of regulatory scrutiny and exposure to penalties for non-compliance. 
  • Understanding the Draft Consumer Privacy Protection Act: A Summary of the Key Changes Proposed
    Blog / November 26, 2020
    The long-awaited comprehensive reform to Canada's private sector privacy legislation is now finally underway. On November 17, 2020, the Digital Charter Implementation Act, 2020 (DCIA) was introduced. The DCIA will enact the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act and make amendments to other related acts. The CPPA will effectively replace the current federal legislative scheme governing the collection, use and disclosure of personal information by private sector organizations under the Personal Information Protection and Electronic Documents Act (PIPEDA).
  • Substantial Changes to Federal Regulation of Privacy Now Imminent
    Blog / November 17, 2020
    Comprehensive reform to Canada's privacy legislation—which privacy experts have long anticipated—is now imminent. Today, the Minister of Innovation, Science and Industry, the Honourable Navdeep Bains, tabled the Digital Charter Implementation Act, 2020. Among other things, the legislation will bring Canada closer to a GDPR model in terms of potential penalties for non-compliance.
  • Privacy Enforcement Update: Possible Collaboration Between the Competition Bureau and the Office of the Privacy Commissioner
    Blog / November 06, 2020
    In a recent speech, the deputy commissioner for the Competition Bureau's deceptive marketing practices group, Josephine Palumbo, advocated for the reform of Canadian law to permit the sharing of information between her office and the federal Office of the Privacy Commissioner (OPC). The current Memorandum of Understanding between the OPC and the Competition Bureau does not cover cooperation as it relates to Canadian federal privacy legislation, and only covers Canada's anti-spam legislation. As a result, the two government entities cannot collaborate on regulation of privacy matters.  
  • Use of Facial Recognition Software for Customer Analytics
    Blog / November 02, 2020
    The use of facial recognition software by Cadillac Fairview Corporation Limited (CFCL) in its shopping malls was the subject of a joint investigation by the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner of Alberta and the Office of the Information and Privacy Commissioner for British Columbia (collectively the Privacy Commissioners). In the decision released October 28, 2020, the Privacy Commissioners found that CFCL collected and used personal information without valid consent.
  • Bennett Jones Sponsors Women in Litigation Forum Toronto 2020
    Announcements / October 27, 2020
    Bennett Jones is a sponsor of the Benchmark Litigation Women in Litigation Forum Toronto 2020. The two-day, interactive virtual event will bring together leading women lawyers discussing the top legal [...]
  • Privacy Commissioner's Call for Increased Enforcement
    Blog / October 09, 2020
    In its Annual Report to Parliament on the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA), the Office of the Privacy Commissioner (OPC) has repeated its previous calls for reform to privacy legislation. In short, according to the OPC, Canada's privacy laws do not provide a sufficient level of protection for privacy rights.
  • Ruth Promislow: Commentary on a Reasonable Security Test
    Announcements / September 28, 2020
    Ruth Promislow is a contributing editor to the Sedona Conference Commentary on a Reasonable Security Test, a project of the Sedona Conference Working Group on Data Security and Privacy Liability (WG11). [...]
  • Commentary on a Reasonable Security Test
    Articles / September 28, 2020
    The Sedona Conference Working Group on Data Security and Privacy Liability (WG11) developed this Commentary to address what “legal test” a court or other adjudicative body should apply in [...]
  • Ruth Promislow on the Cybersecurity Legal and Compliance Outlook for 2021
    Speaking Engagements / September 22, 2020
    Ruth Promislow spoke at the Virtual Cybersecurity & Fraud Summit in Toronto on how companies are strategizing for the "new normal", the evolving threat of ransomware (and how that impacts cyber insurance) [...]
  • Ontario Government Seeks Input for Private Sector Privacy Legislation
    Blog / September 01, 2020
    Ontario's Ministry of Government and Consumer Services recently announced that it is contemplating new private sector privacy legislation (PSPL) to govern how businesses collect, use and disclose customers' data. The Ministry is seeking feedback from Ontarians to address key issues in this new privacy framework. The deadline for public commentary is October 1, 2020.
  • Data: Living in the 'New Normal' : Data Governance, Cybersecurity and Privacy in a Rapidly Evolving World
    Event / June 24, 2020
    The Bennett Jones Data Governance, Cybersecurity and Privacy group presented a special presentation on your evolving challenges, obligations and risks during this rapidly changing time.
  • Competition Bureau Calls for Increased Fines Under Competition Act for Privacy Violations
    Blog / May 29, 2020
    Following the recent fine against Facebook for C$9.5 million under the Competition Act pursuant to allegations that it made "false or misleading claims about the privacy of Canadians' personal information,” the Competition Bureau has called for increased fines for privacy violations.
  • Canadian Domain Name Registrar Offers New Free Cybersecurity Solution to Individuals
    Blog / May 21, 2020
    The Canadian Internet Registration Authority (CIRA) launched a domain name system (DNS) service on April 23, 2020. CIRA is the entity responsible for overseeing Canada's .ca country-code top-level domain [...]
  • Key Takeaways from Competition Bureau Fine for Privacy Violation
    Blog / May 21, 2020
    Facebook has agreed to pay a fine of $9 million under the federal Competition Act stemming from the Cambridge Analytica matter and to reimburse the cost of the inquiry of $500,000 (without any acknowledgment of wrongdoing). This fine is the first issued for a privacy violation by the Competition Bureau under its authority to regulate deceptive marketing practices.
  • COVID-19 and Contact-Tracing Apps in Canada
    Blog / May 12, 2020
    In the fight to combat the spread of COVID-19, governments throughout the world have been considering the use of digital contact-tracing apps. Privacy issues have been central to the considerations of how such technology should be implemented to achieve this important public health objective with the least impact on the privacy of individuals.
  • Data Breach and Vicarious Liability for Employee Misconduct
    Blog / May 01, 2020
    It is not only hackers who pose a risk to an organization's information security; hostile insiders do as well. According to Verizon, an estimated 34 percent of data breaches involve internal actors. Hostile insiders may be motivated by personal reasons (e.g., peeking at personal information of their employer's customer base to gain insight into a particular individual's private information), or financial reasons (e.g., theft of personal data for financial profit). If the hostile insider's actions result in harm or losses to third parties, the organization may face vicarious liability, even in the absence of company wrongdoing.
  • Privacy Considerations When Using Smartphone Location Data to Limit the Spread of COVID-19
    Blog / April 13, 2020
    As countries around the world continue their efforts to combat the novel coronavirus (COVID-19), governments are increasingly turning to technology to enforce "social distancing" rules and related measures designed to contain the spread of the virus. 
  • COVID-19—Mitigating Risks to Critical IT Projects and Services
    Blog / March 26, 2020
    Given the disruptions arising from COVID-19, organizations are well advised to consider how such disruptions will impact their key information technology (IT) projects and services. In particular, starting [...]
  • COVID-19 and Cybersecurity Scam Alert: Protecting Your Information and Assets
    Blog / March 19, 2020
    As the COVID-19 outbreak continues, scammers and hackers are taking advantage of the fear and confusion surrounding the current circumstances by posing as reputable news sources, or offering information. These malicious actors are using the stress and the urgency of the current situation to misappropriate personal information, download malware, and attempt to scam money from consumers. These criminals are the online version of “looters” seeking to take advantage of a societal crisis.
  • New Privacy Guidance for Businesses Operating in British Columbia
    Blog / March 11, 2020
    The OIPC has issued recent guidance for private sector organizations operating in British Columbia, which include provincially or federally incorporated companies that conduct business in the province and are subject to the Personal Information Protection Act (BC) (PIPA).
  • Expect Increased Privacy Regulatory Enforcement in 2020
    Blog / March 09, 2020
    2020 is shaping up to be a significant year for regulation of privacy issues, with two significant events taking place so far this year. In early February, the Office of the Privacy Commissioner (OPC) commenced an action against Facebook arising from the Cambridge Analytica affair. Later in the month, the OPC announced a joint investigation into facial recognition technology. Both initiatives concern the ability of organizations to collect and use personal information without proper consent. These steps by the OPC are consistent with its December 2019 Report, which calls for reform to Canada's federal privacy laws and increased authority to regulate privacy matters. Organizations can expect that, going forward, they will be more heavily scrutinized with respect to how they manage personal information.
  • Ruth Promislow on How Cannabis Companies Can Manage Cyber Risk
    In The News / February 10, 2020
    Ruth Promislow writes in Cannabis Prospect Magazine on five steps cannabis organizations can consider in managing their cyber risk.
  • Competition Bureau Intends to Police Privacy Violations—Beware of Potential Fines
    Blog / January 24, 2020
    Violations of privacy—already overseen by the Office of the Privacy Commissioner of Canada (as well as provincial privacy commissioners)—may soon be subject to fines under the federal Competition Act.
  • Ruth Promislow Appointed to Sedona Conference Steering Committee
    Announcements / December 17, 2019
    Ruth Promislow has been appointed to the Steering Committee of The Sedona Conference's Working Group 11 on Data Security and Privacy Liability. 
  • Ruth Promislow Presented on Privacy Concerns and Considerations
    Speaking Engagements / November 25, 2019
    Ruth Promislow was a co-speaker on "Session re Privacy Concerns and Considerations" at the Ontario Law Association (Cannabis Law Day), Toronto.  
  • Ruth Promislow on Cyber Time: Cybersecurity Crash Course for Directors & Executives
    Speaking Engagements / November 20, 2019
    Ruth Promislow appeared on the panel for "Cyber Time: Cybersecurity Crash Course for Directors & Executives" at Bennett Jones, Edmonton.
  • Ruth Promislow on Data Protection and Privacy in Canada Panel
    Speaking Engagements / November 13, 2019
    Ruth Promislow appeared on a panel for "Data Protection and Privacy in Canada: What Organizations  Doing Business in Canada Need to Know" at the American Foreign Law Association, New York. 
  • Ruth Promislow on Cyber Time: Cybersecurity Crash Course for Directors & Executives
    Speaking Engagements / October 30, 2019
    Ruth Promislow appeared on a panel for "Cyber Time: Cybersecurity Crash Course for Directors & Executives" at Bennett Jones, Toronto. 
  • Business Email Compromise: Protect Your Company From This Common Scam
    Blog / October 07, 2019
    Between 2016 and 2019, Business Email Compromise (BEC) scams cost American organizations US$3.1 billion in losses and Canadian organizations US$33.6 million. This type of pervasive scam targets large [...]
  • Ruth Promislow at ISMG Cybersecurity Summit
    Speaking Engagements / September 24, 2019
    Ruth Promislow at will speak on two panels and as a featured speaker at Information Security Media Group's Cybersecurity Summit in Toronto. 
  • Meaningful Consent: An Evolving Standard under Canadian Privacy Law
    Blog / September 20, 2019
    As the digital landscape evolves, and the commoditization of personal information increases, expectations as to what constitutes appropriate consent for the collection, use and disclosure of personal [...]
  • Ruth Promislow on WG11
    Speaking Engagements / September 18, 2019
    Ruth Promislow appeared on the "WG11 – Reasonable Security Test Panel and Model Data Breach Notification Panel" at The Sedona Conference, Montreal. 
  • Ruth Promislow on Preparing for Cyberattacks in the Cannabis Industry
    In The News / September 17, 2019
    Ruth Promislow writes in Cannabis Prospect Magazine on why cybersecurity represents one of the biggest business risks to cannabis organizations—and what they can do to prepare.
  • Privacy Regulators Turning Up the Heat: Major Fines for Data Breaches and Privacy Violations This Summer
    Blog / September 12, 2019
    Summer 2019 saw a flurry of major fines levied against large corporations for data breaches and other privacy violations. Ranging from a €460,000 fine under the European General Data Protection Regulation [...]
  • Why Large Organizations Should Pay Attention to the New Cybersecurity Certification Program
    Blog / August 23, 2019
    The recently announced federal government cybersecurity certification program is targeted at small- and medium-sized enterprises (SMEs), but larger organizations should also take note. All organizations [...]
  • New Report from the Ontario Privacy Commissioner: Key Takeaways for Ontario Businesses
    Blog / July 16, 2019
    The Office of the Information and Privacy Commissioner of Ontario (OIPC) released its 2018 Annual Report: Privacy and Accountability for a Digital Ontario on Wednesday, July 10, 2019. This report signals [...]
  • Ruth Promislow as Dialogue Leader on the WG11 Meeting
    Speaking Engagements / June 18, 2019
    Ruth Promislow was Dialogue leader on the WG11 meeting and attended at the international programme on cross-border data transfers and data protection laws.
  • Ruth Promislow on Cyber Time: Cybersecurity Crash Course for Directors & Executives
    Speaking Engagements / June 12, 2019
    Ruth Promislow appeared on the panel for "Cyber Time: Cybersecurity Crash Course for Directors & Executives" at Bennett Jones, Vancouver.  
  • Privacy and Data Protection in the Cannabis Industry: Are You Prepared?
    Event / June 07, 2019
    Cybersecurity represents one of the biggest risks to cannabis organizations today. Increasingly, cyberattacks are focused on cannabis organizations given the sensitivity and value of the information they hold. A failure to prepare for cyberattacks and data breaches can be devastating for your business and your directors.
  • Ruth Promislow on Privacy and Data Protection in the Cannabis Industry Panel
    Speaking Engagements / June 07, 2019
    Ruth Promislow appeared on the panel "Privacy and Data Protection in the Cannabis Industry: Are You Prepared?" at Bennett Jones, Toronto. 
  • Organizations Can Expect Increased Canadian Regulation for Privacy Violations
    Blog / May 31, 2019
    Violations of privacy–already regulated by the Office of the Privacy Commissioner of Canada (as well as provincial privacy regulators)–may also soon be regulated by Canada’s Competition [...]
  • Ruth Promislow on Canada’s New Digital Charter
    In The News / May 30, 2019
    Ruth Promislow spoke with DataGuidance by OneTrust on the federal government launching Canada’s new Digital Charter that comprises 10 broad principles to govern the use of data in the digital world.
  • Ruth Promislow on Cyber Security Forum
    Speaking Engagements / May 26, 2019
    Ruth Promislow on the "Cyber Security Forum" at The Cambridge Forum, Cambridge, ON. 
  • Canada Digital Charter Announced
    Updates / May 23, 2019
    The federal government has launched Canada’s new Digital Charter that comprises 10 broad principles to govern the use of data in the digital world. The stated purpose of the Digital Charter is to guide dialogue around changes in the laws governing Canadians' internet and digital use, and rebuild Canadians’ trust that their privacy is being protected.
  • Cyber Crash Course for Directors and Officers
    Blog / May 16, 2019
    We had a packed house for our Cyber Time: Crash Course for Directors and Officers event this week at the Bennett Jones Calgary office. The half-day session covered current cyber threats facing businesses [...]
  • Ruth Promislow on Payment by Cryptocurrency Panel
    Speaking Engagements / May 15, 2019
    Ruth Promislow appeared on a panel "Payment by Cryptocurrency:  How cryptocurrency can be used to facilitate money laundering, trade sanction avoidance and tax evasion" at The Payments Canada Summit 2019, Toronto.
  • Ruth Promislow on Cybersecurity Crash Course for Directors and Officers
    Speaking Engagements / May 14, 2019
    Ruth Promislow appeared on a panel on "Cybersecurity Crash Course for Directors and Officers" at Bennett Jones, Calgary.  
  • Changes to Cross-Border Data Flow Consent Requirements: Is Your Privacy Policy Still Compliant?
    Blog / April 30, 2019
    Seeking input from interested third parties, the Office of the Privacy Commissioner of Canada (OPC) announced a revision to its policy position on transborder data flow under the federal Personal Information [...]
  • Ruth Promislow at NetDiligence Cyber Risk Summit
    Speaking Engagements / April 05, 2019
    Ruth Promislow appeared on the "People Problems Panel" at the NetDiligence Cyber Risk Summit, Toronto. 
  • Ruth Promislow at The Sedona Conference, Houston
    Speaking Engagements / February 28, 2019
    Ruth Promislow appeared on the "WG11 – Reasonable Security Test Panel and Model Data Breach Notification Panel" at The Sedona Conference, Houston. 
  • Ruth Promislow at The Consulate General of Canada
    Speaking Engagements / February 27, 2019
    Ruth Promislow participated in a "Roundtable on Women's Leadership in Data Privacy & Cybersecurity" at The Consulate General of Canada, New York.
  • Technology and Cybersecurity Incident Reporting: New Guidance from OSFI
    Blog / January 31, 2019
    The Office of the Superintendent of Financial Institutions (OSFI) just published an advisory letter for federally regulated financial institutions (FRFI). The advisory sets out OSFI's expectations [...]
  • Ruth Promislow Selected to Sedona Conference Drafting Team
    Announcements / December 17, 2018
    Ruth Promislow has been selected as a member of The Sedona Conference Working Group 11’s Drafting Team on Data Security and Privacy Liability. The mission of the Working Group is to identify and comment on trends in data security and privacy law, and develop best practices to: help organizations take action before and after a data breach to minimize their legal exposure; inform affected parties of their rights and responsibilities; and assist in the coordination of regulatory, law enforcement, and judicial responses to data breach and related incidents.
  • Cyber Breach at the Ontario Cannabis Store Impacts 4,500 Consumers
    Blog / November 07, 2018
    The Toronto Sun reported this morning that the privacy of 4,500 consumers of recreational cannabis in Ontario has been compromised. The names and addresses of individuals purchasing cannabis through the [...]
  • Your 10-Step Guide to New Mandatory Breach Reporting Regulations
    Updates / October 17, 2018
    This 10-step guide will walk you through the upcoming changes to the Personal Information Protection and Electronic Documents Act (PIPEDA), the factors to consider in being prepared under PIPEDA and other related considerations. This guide is no replacement for targeted legal advice. If you are an organization affected by the changes to PIPEDA, please contact us to determine what you need to do to be prepared and how you can minimize your organization’s potential legal exposure. There is no “one size fits all” when it comes to managing compliance with privacy regulation.
  • Ruth Promislow on November 1 Breach Notification Regulations
    In The News / September 28, 2018
    Ruth Promislow appears in a video interview on the new privacy breach notification requirements coming into force in Canada on November 1, 2018. Organizations will need to report breaches to the Office of the Privacy Commissioner of Canada and record them. Ruth also discusses: How businesses can prepare for November 1 How Canada's legislation compares to other global standards The risks of not preparing for compliance
  • Global Patterns and Risks in Cybersecurity
    Blog / September 27, 2018
    What are the emerging patterns and risks for cybersecurity in Canada, the United States, European Union and Australia? A global panel shared their views and predictions at last week’s 64th Pacific [...]
  • Disaster Recovery Information Exchange (DRIE)—Toronto Chapter
    Speaking Engagements / June 12, 2018
    Ruth Promislow led a panel of industry experts on how business leaders can respond to a data breach at the Disaster Recovery Information Exchange (DRIE) June Symposium in Toronto. The panel helped attendees: elevate their substantive knowledge of cybersecurity threats and the current regulatory environment; offer practical strategies to mitigate legal and reputational risk and limit business interruption; and adapt compliance best practices to their business.
  • Ruth Promislow at ITAC Cyber Security Forum
    Speaking Engagements / June 12, 2018
    Ruth Promislow presented on responding to a cyber incident at the Information Technology Association of Canada's inaugural Saskatchewan Cyber Security Forum. She was also part of an expert panel to discuss emerging issues in cybersecurity, along with speakers from IBM, HP Canada and Saskatchewan's Chief Information Security Officer.
  • Ruth Promislow on Cybersecurity and the Law
    Speaking Engagements / May 29, 2018
    Ruth Promislow led a discussion on cybersecurity and the law at The Cyber Security Forum, held at Langdon Hall in Cambridge, Ontario. The forum looks at the most pressing cybersecurity and privacy issues that confront businesses and critical infrastructure in Canada. The panel Ruth led focused on how the law, regulation and cybersecurity intersect, in areas such as: Canada's new federal breach reporting and notification regime; government contracting requirements; cyber insurance; and 'self-regulation' within particular industries.
  • Ruth Promislow at Community Foundation of Canada
    Speaking Engagements / April 23, 2018
    Ruth Promislow speaks on Cybersecurity and Data Breaches: Legal Update and Practical Risk Management Insurance Perspectives at the Community Foundation of Canada's senior finance peer gathering in Calgary.
  • Are You Ready for Mandatory Breach Reporting and Notification?
    Blog / April 19, 2018
    Almost three years after the Digital Privacy Act was passed, the federal government has finalized regulations on mandatory breach notification, reporting, and recordkeeping for the private sector in Canada. [...]
  • Ruth Promislow Spoke on a Panel at OffshoreAlert’s Miami Conference
    Speaking Engagements / April 16, 2018
    Ruth Promislow spoke on a panel at OffshoreAlert’s Miami Conference on “International Value Recovery: A 'Full & Frank' Discussion of Emerging Key Issues & Developments.” Ruth and the panel looked at emerging and dominant issues in the area that impact a business’ ability to be successful and effective.
  • Updated Guidance on Cybersecurity Disclosures from the SEC
    Blog / March 05, 2018
    The U.S. Securities and Exchange Commission (SEC) published updated guidance on February 21, 2018, for how and when public companies should disclose cybersecurity risks and breaches. The SEC explains [...]
  • Ruth Promislow: Prepare and Rehearse for Cyber Attacks
    In The News / February 27, 2018
    Canadian Lawyer covered Ruth Promislow's panel appearance at the NetDiligence Cyber Risk Summit in Toronto. Ruth spoke about: the need for companies to create and rehearse an incident response plan to a cyber attack why insurers and legal counsel need to be contacted immediately after a breach how companies can tailor their cyber insurance to best suit their needs
  • NetDiligence Cyber Risk Summit
    Speaking Engagements / February 23, 2018
    Ruth Promislow will be a panelist at the 2018 Cyber Risk Summit in Toronto. She will speak on “Claims Walk Through Process from a Policyholder View.”
  • Women Grow Toronto Networking Event
    Event / February 08, 2018
    Join us for a discussion on Security Compliance and Cybersecurity with Kate Rusk and Ruth Promislow. [...]
  • Cybersecurity Uncertainty for Cryptocurrencies
    Blog / February 01, 2018
    There is a lot of money—both fiat and virtual—in cryptocurrencies. The growth of these blockchain-based online assets made headlines throughout 2017. The price of Bitcoin, likely the best-known [...]
  • Recent Developments in Online Privacy Protections for Canadians
    Blog / February 01, 2018
    The Office of the Privacy Commissioner of Canada (OPC) declared last Friday that existing privacy laws allow consumers to ask search engines to remove inaccurate search results and to request websites [...]
  • Law Firm Credentials for Sale on the Dark Web: Understanding Your Cybersecurity Vulnerabilities
    Blog / January 23, 2018
    Law firms are being vigorously attacked by hackers. This is unsurprising given that law firms are repositories of incredibly valuable and commercially sensitive information about their clients and [...]
  • BizSkule on Cybersecurity: Six Key Takeaways
    Blog / December 11, 2017
    No organization is immune from cyberattacks. They have become an inevitable business risk for companies large and small. In today’s Globe and Mail, the Canada Research Chair in Cybersecurity, Benoît [...]
  • Ruth Promislow on CTV News on Uber Data Breach
    In The News / November 23, 2017
    Ruth Promislow appeared live on CTV News to share her insights on the bombshell letter from Uber’s CEO to the public that two hackers stole information from almost 60 million driver and rider accounts in October 2016. Ruth’s interview runs from 21:58 to 26:03.
  • Grand Theft Data: Uber Announces Almost 60 Million Accounts Compromised in Data Breach
    Blog / November 22, 2017
    The CEO of the popular ride-sharing app, Uber, published a bombshell letter to the public yesterday, stating that two hackers had stolen information from almost 60 million driver and rider accounts in [...]
  • Top 10 Tips for Cybersecurity Employee Training
    Blog / November 03, 2017
    Any system is only as strong as its weakest link. If your employees aren’t up to date on their cybersecurity hygiene, then it doesn’t matter how much money you spend on technological defences—there’s [...]
  • Cybersecurity Risks—Compelling Statistics from the Canadian Securities Administrators
    Blog / October 25, 2017
    Cybersecurity threats to registered firms continue to rise but efforts to protect against those threats and to plan for the inevitable attack are not keeping up. The Canadian Securities Administrators [...]
  • Cybersecurity—It's Not Only About Building Walls
    Blog / October 02, 2017
    The recently announced data breaches involving Equifax, Deloitte and the U.S. Securities and Exchange Commission underscore that data breaches are a way of life. Organizations need to be ready.    Over [...]
  • Bennett Jones Breakfast Cyber Event
    Speaking Engagements / September 27, 2017
    Ruth Promislow  was a panel member at a Bennett Jones breakfast cyber event on table top exercise incident response seminar (Toronto). 
  • Ruth Promislow on Who to Contact After a Data Breach
    In The News / September 22, 2017
    Ruth Promislow speaks with Information Security Media Group for a one-on-one video interview on who companies should contact after a data breach. Ruth provides her insights on: why contacting the police can be critical to containing damage; how working with external council is different than working with in-house legal staff, especially when it comes to matters of privilege; and why boards of directors are now held to new a standard for understanding breach response.
  • The Sedona Conference Working Group
    Speaking Engagements / September 18, 2017
    Ruth Promislow participated at The Sedona Conference Working Group on Data Security and Privacy Liability, Midyear Meeting (San Diego).
  • Interlex Annual Meeting (Toronto)
    Speaking Engagements / September 14, 2017
    Ruth Promislow moderated the cybersecurity panel at the Interlex Annual Meeting (Toronto) – “Risky Business: Is your firm ready to respond to a cyber attack?”
  • ISMG Fraud & Breach Prevention Summit (Toronto)
    Speaking Engagements / September 12, 2017
    Ruth Promislow was a panel member at ISMG Fraud & Breach Prevention Summit (Toronto) – “We’ve Been Breached: Now What? Working with Law Enforcement, Regulators and Other Third Parties”.
  • Healthcare Data: Are You Required to Report a Ransomware Attack?
    Blog / July 25, 2017
    If you are a healthcare data custodian that is subject to a ransomware attack, you may be required to report the incident to regulators and to those individuals whose information was subject to the attack. Ransomware [...]
  • New General Data Protection Regulations in European Union Has Cybersecurity Consequences
    Blog / July 19, 2017
    The European Union’s General Data Protection Regulation (GDPR) will come into force on May 25, 2018. This new regulation replaces the current data protection law (Directive 95/46/EC) substantially and [...]
  • Ruth Promislow on Working with Law Enforcement After a Data Breach
    In The News / July 10, 2017
    Ruth Promislow speaks with Information Security Media Group for a one-on-one video interview on how companies should work with law enforcement after a data breach. Ruth says it's important to work with law enforcement, but organizations need to be careful about what information they share. 
  • Dangerous Assumptions and Serious Consequences in Cybersecurity
    Blog / June 29, 2017
    It's not the kind of news a retail giant wants to make. In May 2017, Target agreed to a $18.5-million settlement to resolve a 47-state investigation into a massive 2013 hack. This settlement put Target's [...]
  • Fraud & Breach Prevention Summit
    Speaking Engagements / June 20, 2017
    Ruth Promislow is a panel member on the topic "We've Been Breached? Now What?  How to Effectively Work with Law Enforcement and Regulators" for the Fraud & Breach Prevention Summit organized by iSMG (Information Security Media Group) in Chicago, Illinois. 
  • Cybersecurity Seminar Series - Dangerous Assumptions (Toronto)
    Speaking Engagements / June 14, 2017
    The Bennett Jones Cybersecurity group and a panel of insurance and security experts discuss emerging patterns and threats in cybersecurity. Topics of discussion include: What common mistakes and assumptions do companies make in implementing a cybersecurity plan? What are the critical elements of a cyber plan that are often ignored? How do I know if my company is doing everything it should be? What surprises are there about the potential exposures arising from a breach? What potential pitfalls of cyber insurance exist, and how to avoid them?
  • Cybersecurity Seminar Series - Dangerous Assumptions (Calgary)
    Speaking Engagements / June 13, 2017
    The Bennett Jones Cybersecurity group and a panel of insurance and security experts discuss emerging patterns and threats in cybersecurity. Topics of discussion include: What common mistakes and assumptions do companies make in implementing a cybersecurity plan? What are the critical elements of a cyber plan that are often ignored? How do I know if my company is doing everything it should be? What surprises are there about the potential exposures arising from a breach? What potential pitfalls of cyber insurance exist, and how to avoid them?
  • Ruth Promislow in Financier Worldwide: Cyber Security & Risk Management
    In The News / June 08, 2017
    Ruth Promislow is featured in its 2017 Cyber Security & Risk Management Annual Review. Ruth contributed the Canada chapter of the report, providing insight into key developments affecting businesses. Ruth writes that employee error continues to play a central role in the cyber threats facing companies today. It is typically linked to ransomware, which is emerging as one of the largest cyber threats facing companies today. Cyber Security & Risk Management 2017
  • 2017 Cyber Security Forum
    Speaking Engagements / May 28, 2017
    Ruth Promislow participated at the 2017 Cyber Security Forum. 
  • Identifying and Managing the Various Cybersecurity Challenges in an Increasingly Hostile World
    Speaking Engagements / May 25, 2017
    Ruth Promislov presents "Identifying and Managing the Various Cybersecurity Challenges in an Increasingly Hostile World" at International Standards, The International Society of Automation. 
  • Cybersecurity Lessons from the United States: A Guide for Directors and Officers
    Blog / May 23, 2017
    The recent global ransomware attack (WannaCry) was yet another reminder of the increased threat posed by cyber breaches. While cybersecurity attacks are inevitable, organizations (and their directors [...]
  • Bennett Jones on Cyberattacks in Cantech Letter
    In The News / May 22, 2017
    Key findings in Ruth Promislow and David Cassin's blog "Rise of Ransomware Attacks in Canada: Businesses Beware" are included in Cantech Letter's look at cyberattacks, security measures and ransomware in light of the WannaCry malware, which infected more than 200,000 computers in 150 countries. Businesses turn to encryption in the wake of WannaCry cyber attack
  • WannaCrypt Ransomware Attacks on Out-of-Date Systems
    Blog / May 15, 2017
    The serious WannaCrypt ransomware worm which ran roughshod over internet connected computers worldwide on Friday and Saturday appears to have been stymied, at least temporarily, by security researchers. [...]
  • Five Pitfalls of Cybersecurity Insurance: Lessons from the United States
    Blog / April 24, 2017
    Given the increasing threat of cyberattacks and the corresponding costs, businesses are increasingly considering cybersecurity insurance.  But insurance is only as effective as the scope of the coverage. [...]
  • Highly Confidential Data—A Cybersecurity Risk for Cannabis Related Businesses
    Updates / April 12, 2017
    Cybersecurity is a significant business risk for any organization that collects personal data. The greater the amount of personal data collected by an organization, the greater the risk that it will be targeted by cybercriminals. It is now widely accepted that it is not a matter of if there will be an attack but rather when an attack will occur. Cyberattacks are occurring more frequently, and loss or exposure of sensitive information is on the rise. Licensed producers of cannabis and other cannabis related businesses (collectively, CRBs) face increased risks associated with data breaches given the highly confidential nature and large volume of data collected from their customers.
  • Canadian Securities Administrators - Update on Cybersecurity
    Blog / April 10, 2017
    The most recent information from CSA on cybersecurity is set out in the summary of its roundtable discussion (released April 7, 2017) to explore response to cybersecurity incidents. The summary of the [...]
  • Corporate Cybersecurity Can Only Be as Strong as Your Weakest Link
    Blog / April 06, 2017
    While corporate executives are increasingly becoming aware of their obligation to be informed of cybersecurity threats and the steps being taken by their company to prevent data breaches, it is equally [...]
  • Know the Risks of a Cyberattack on Your Third-Party Service Providers
    Blog / March 14, 2017
    Names, emails, credit card numbers, and home addresses: chances are good that your business collects client data with information that is valuable to hackers on the black market. A hacker will at some [...]
  • Cybersecurity: Regulatory Risks for Canadian Issuers
    Blog / February 22, 2017
    In the United States, the Securities Exchange Commission (SEC) has taken an active role in regulating cybersecurity issues. Canadian issuers should be aware that the risk of regulatory enforcement may [...]
  • Cybersecurity Obligations of Directors
    Blog / February 16, 2017
    Your organization will in all likelihood suffer a cyberattack. According to a recent study by Accenture, the average Canadian organization faces about 96 cyberattacks per year, nearly one third of which result in a security breach. The aftermath of cyberattacks often leaves a wake of victims whose personal information has been breached, and correspondingly massive exposure for the companies that have been attacked.
  • Cybersecurity: 2017 Report & 2016 Reflections
    Updates / February 08, 2017
    In 2016, cybersecurity continued to grow as a primary business risk for companies worldwide. Data breaches continued to escalate both in number and magnitude and the landscape of legal and regulatory liability evolved and expanded. In this report, the Bennett Jones Cybersecurity team analyses the key events in 2016 with a view to those issues that should be front and centre for companies and their directors in 2017.
  • Cybersecurity Threats Everywhere–Beware of USB Keys
    Blog / December 20, 2016
    In as little as 13 seconds, all of a company's data can be stolen by simply plugging in a USB drive.1 Intelligence agencies famously used this approach when uploading the Stuxnet worm at an Iranian [...]
  • Cybersecurity: United States Federal Trade Commission Strikes Again; Foreshadowing of things to come in Canada?
    Updates / December 20, 2016
    A review of the FTC's increasing exercise of authority in the cybersecurity domain and a consideration of what this foreshadows for possible exercise of authority by the Competition Bureau in Canada.
  • Rise of Ransomware Attacks in Canada: Businesses Beware
    Blog / December 09, 2016
    Cybersecurity attacks through the use of ransomware are an increasing threat to Canadian businesses.1 Ransomware is a malicious software that is secretly installed on a target’s computer and encrypts [...]
  • Applicability of GST on Medical Marijuana Obtained under the MMPR
    Publications Section / July 26, 2016
    Is medical marijuana sold by a licensed producer pursuant to the Marihuana for Medical Purposes Regulations SOR/2013-199 (MMPR), exempt from goods and services tax (GST) under the Excise Tax Act RSC 1985, c E-15?
  • Cyber-Security and the Rise of the Vigilante Hacker
    Updates / May 19, 2016
    An analysis of whether illegally obtained data can be used in civil proceedings.
  • Legal Implications of Panama Papers
    Speaking Engagements / May 03, 2016
    Presentation at international fraud conference on the Panama Papers and the legal implications of the cyber-attack.
  • The New Face of Commercial Crime
    Updates / February 04, 2016
    A detailed review of the potential liability for companies and their directors from a cyber-attack.
  • Corporate Governance Best Practices
    Speaking Engagements / March 09, 2011
    As part of its continuing series of CPD eligible seminars, Bennett Jones presents an informative session on corporate governance best practices.