Understanding Canadian Cybersecurity Laws: refactored — our series in summary

In this tenth and final article in our Understanding Canadian Cybersecurity Laws series, we will look back through the previous nine articles and revisit the topics covered in each of them. Our journey begins with the first article, The Foundations, first published by IT World Canada on January 13, 2020. From there, we’ll retrace our journey through our other posts to date.

The Foundations (January 13, 2020)

In our first article, we described and contextualized the foundational structures of the Canadian legal system. We broke down our national legal landscape, providing the basics of sources of law and the jurisdictional division of powers behind our legislation. We explored the areas of statutory law, criminal law, tort law, and common law as they relate to cybersecurity. Finally, we outlined the relevant legislation, including the specific Acts and statutes which apply to governmental bodies, organizations, and individuals in Canada. >>Read the full article.

Privacy and Access to Information, the Acts (February 25, 2020)

Our second article discussed the federal Privacy Act, which establishes the rules for how governmental bodies must operate with respect to the collection, use, retention, distribution, and destruction of personal information collected during operations. We also touch on the Access to Information Act, which grants individuals and organizations the right to access, and alter, their own personal information as held by governmental bodies.>>View the article.

Privacy Protection in the Modern Marketplace — PIPEDA (April 16, 2020) 

This article examined the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and its application to private-sector organizations across Canada that collect, use, or disclose personal information in the course of engaging in commercial activities. We explained how the provisions given in the PIPEDA relate to government, businesses, and individuals. Finally, we discussed the real-world implications of PIPEDA within the evolving landscape of virtual meetings, digital conferences, and online classes brought about by the global COVID-19 pandemic.>>View this article.

Interpersonal Privacy and Cybercrime — Criminal Code of Canada (June 16, 2020)  

The fourth article in our Understanding Canadian Cybersecurity Laws series ventured into the Criminal Code of Canada. We defined and discussed the issue of “cybercrime” under the differential labels of cyber-dependent crimes; cyber-enabled crimes; and computer-supported crimes. We further divided these subcategories of crime into specific offences including hacking, possession of “hacking tools,” denial-of-service (DoS) attacks, distributed denial of service (DDoS) attacks, botnets, malware, phishing, identity theft and identity fraud, and criminal copyright infringement. Lastly, each subcategory of cybercrime was referenced to the relevant codified provision in the Criminal Code of Canada.>>View this article.

“Insert Something Clever Here” — Canada’s Anti-Spam Legislation (August 3, 2020)  

Our fifth article spotlighted Canada’s Anti-Spam Legislation (“CASL”), first by defining and contextualizing “spam,” then exploring attacks such as remote code execution (RCE), remote access Trojan (RAT), and large-scale spamming botnet attacks. We rounded off the article by discussing the express consent requirements for commercial electronic messages (CEMs), the parties to whom this law applies, the exemptions to the CASL requirements, and the issue of commercial non-compliance. >>View this article.

Peer-to-Peer Privacy Protection — “Intrusion Upon Seclusion” and the Protection of Intimate Images (October 9, 2020)  

In the sixth article of our Understanding Canadian Cybersecurity Laws series, we highlighted the relatively “new” common law privacy tort of “intrusion upon seclusion,” which was recognized in the Ontario case of Jones v. Tsige (2012 ONCA 32), and provides victims of certain privacy breaches the ability to sue the invasive party in civil court. We also discussed the relatively new criminal offences relating to cyberbullying and the illegal distribution of intimate images, which were created by the Protecting Canadians from Online Crime Act, following the highly-publicized Canadian suicide deaths — both of which were linked to cases of extreme cyberbullying. >>View this article.

Deep, Dark and unDetectable — Canadian Jurisdictional Considerations in Global Encrypted Networks (November 20, 2020)  

Our seventh article explored the cross-jurisdictional nature of the DarkWeb and DarkNet. We started out by categorizing online content as being either “Surface Web”, “Deep Web”, or “Dark Web” content, providing a basic overview for the not-so-technologically-inclined among us. We illustrated the TOR method of encryption and outlined the very fine, but highly important distinction between the DarkWeb and the DarkNet in criminalized transactions. We examined the issues of encryption, anonymization and decentralization, which make it virtually impossible for law enforcement to detect and trace illegal activities or transactions completed over the DarkNet. >>View this article.

Measuring up — Outlining Existing Federal Cybersecurity Legislation in Canada, the UK, Australia, and the US (December 29, 2020)  

For the eighth article in the Understanding Canadian Cybersecurity Laws series, we revisited the relevant data privacy and cybersecurity laws in Canada, followed by an outline of the relevant data privacy and cybersecurity laws established in the United Kingdom, Australia, and the United States. We organized the mountainous information into two tables, as a survey and comparison of some of the current strategies for addressing evolving privacy needs within the cybersecurity laws of other common law countries.>> View this article.

Understanding Canadian Cybersecurity Laws: Legislative Modernization — Responding and Adapting to Technological Change in a Global Domain (Article 9)

Legislative Modernization — Responding and Adapting to Technological Change in a Global Domain (March 3, 2021)

Finally, our ninth (and penultimate) article discussed the very newly introduced Digital Charter Implementation Act, 2020, along with its potentially-soon-to-be progeny: the Consumer Privacy Protection Act (“CPPA”) and the Personal Information and Data Tribunal Act. We outlined the foundational premises of these new legislative regimes, including how they will apply to organizations and businesses operating within Canada, and the corresponding legal implications for such commercial enterprises and consumers. >>View this article.

Understanding Canadian Cybersecurity Laws: Article 10

Refactored— Our Series in Summary
April 2021

In this article (the one you’re reading right now!) we’ve revisited our previous nine articles, outlining the topics covered in each of them to provide a full picture of the scope of our series. This is our final article in the Understanding Canadian Cybersecurity Laws series.

We hope you’ve enjoyed reading our Understanding Canadian Cybersecurity Laws article series and following along with us on our journey through the Canadian legal landscape, as it relates to data privacy and cybersecurity. To revisit any of our previous articles, you can click the hyperlink under the corresponding article summary above.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Melissa Lukings and Arash Habibi Lashkari
Melissa Lukings and Arash Habibi Lashkari
** Melissa Lukings is a senior JD student in the Faculty of Law at the University of New Brunswick (UNB) and former graduate of Memorial University of Newfoundland (MUN) holding a BA in Linguistics. She has a particular interest in cybersecurity and privacy law, criminal law, and grassroots community organizations - specifically those focusing on equality and inclusion, human rights, violence prevention, harm reduction, and / or relating to equal and equitable access to justice. **** Dr. ARASH HABIBI LASHKARI is a senior member of the IEEE and an Associate Professor in Cybersecurity at York University. Prior to this, he was an Associate Professor at the Faculty of Computer Science, University of New Brunswick (UNB), and research coordinator of the Canadian Institute for Cybersecurity (CIC). He has over 23 years of academic and industry experience. He has received 15 awards at international computer security competitions - including three gold awards - and was recognized as one of Canada’s Top 150 Researchers for 2017. He also is the author of ten published books and more than 100 academic articles on a variety of cybersecurity-related topics. In 2020, he was recognized with the prestigious Teaching Innovation Award for his personally-created teaching methodology, the Think-Que-Cussion Method. He is the author of 12 published books and more than 100 academic papers on various cybersecurity-related topics. He is the founder of the Understanding Cybersecurity Series (UCS), an ongoing research and development project culminating with a varied collection of online articles and blogs, published books, open-source packages, and datasets tailored for researchers and readers at all levels. His first two books in this series are entitled "Understanding Cybersecurity Management in FinTech - Challenges, Strategies, and Trends" and "Understanding Cybersecurity Law and Digital Privacy - A Common Law Perspective," published by Springer in 2021. The first online blog series of UCS entitled "Understanding Canadian Cybersecurity Laws", was recognized with a Gold Medal at the 2020 Canadian Online Publishing Awards (COPA). His research focuses on cyber threat modeling and detection, malware analysis, big data security, internet traffic analysis, and cybersecurity dataset generation.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight