Dustin Moores, Counsel at nNovation LLP, explores the updated Third-Party Risk Management Guideline (the Guideline) for Canadian financial institutions. The Guideline addresses increasing supply chain vulnerabilities and sets out best practices for Federally Regulated Financial Institutions (FRFIs) to manage third-party risks effectively.

On October 31, 2023, the Commission on Access to Information (CAI) published the final version of its guidelines on obtaining valid consent (the Guidelines), only available in French here. These Guidelines apply to companies doing business in Quebec that are subject to the Act Respecting the Protection of Personal Information in the Private Sector, CQLR P-39.1 (the Private Sector Act). These Guidelines also apply to Quebec public sector organizations subject to the Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information, CQLR c. A-2.1 (the Public Sector Act), where consent is required for the use or disclosure of personal information (under Section 14 of the Private Sector Act and Section 53.1 of the Public Sector Act).  

These Guidelines intend to help explain the criteria needed to obtain valid consent within the scope of the law, clarify an organization's obligations when obtaining consent, and identify best practices with regard to consent. Both Canadian and foreign companies offering goods or services in Quebec should therefore be familiar with these Guidelines, as they will form the basic framework in an analysis if there is ever a complaint or incident brought to the CAI involving the use or communication of personal information of a person located in Quebec. Tara D'Aigle-Curley, of ROBIC L.L.P, delves into these guidelines, analyzing each criterion of consent and how companies can ensure compliance.  

Artificial intelligence (AI) is transforming the way we work, learn, and communicate. The rapid development and adoption of new AI-based technologies have prompted regulators around the world to create policies and regulations governing its use, in an effort to ensure that AI is used in a responsible and ethical manner. Canada and the EU are among the many jurisdictions that have recently recognized the need for AI-specific regulation.

In April 2021, the European Commission published its proposed Artificial Intelligence Act (AI Act) as a framework for a coordinated European approach to addressing the challenges and concerns raised by the increasing use of AI. The following year, in June 2022, the Canadian government introduced Bill C-27 for the Digital Charter Implementation Act 2022 (Bill C-27), which aims to update existing federal private-sector privacy laws. In addition to privacy law reform, Bill C-27 also includes the Artificial Intelligence and Data Act (AIDA), Canada's first attempt to regulate AI through standalone legislation.

Both AIDA and the AI Act seek to encourage the responsible development and use of AI systems through a single regulatory framework. In this Insight article, Heather Whiteside, from Fasken, examines the similarities and differences between these legislative proposals, as currently drafted, in Canada and the EU.

In the field of cybersecurity and privacy regulations, Quebec has witnessed significant legislative changes in recent years. In this Insight article, Catherine Labasi-Sammartino and Anthony Hémond, from Borden Ladner Gervais LLP, provide valuable insights into these developments.