ARTICLE
10 October 2013

CSA Staff Notice 11-326 – Cyber Security

ML
McMillan LLP

Contributor

McMillan LLP logo
McMillan is a leading business law firm serving public, private and not-for-profit clients across key industries in Canada, the United States and internationally. With recognized expertise and acknowledged leadership in major business sectors, we provide solutions-oriented legal advice through our offices in Vancouver, Calgary, Toronto, Ottawa, Montréal and Hong Kong. Our firm values – respect, teamwork, commitment, client service and professional excellence – are at the heart of McMillan’s commitment to serve our clients, our local communities and the legal profession.
Explore Firm Details
Lexpert Firm Profile
On September 26, 2013, the Canadian Securities Administrators issued Staff Notice 11-326 Cyber Security.
Canada Corporate/Commercial Law
Photo of McMillan LLP
Authors

Introduction

On September 26, 2013, the Canadian Securities Administrators ("CSA") issued Staff Notice 11-326 Cyber Security ("Staff Notice"). The Staff Notice highlights the importance of strong and individually-tailored cyber security measures for issuers, registrants and regulated entities, as such controls promote the reliability of their operations and the security of their confidential information. The Staff Notice identifies two major types of cyber threats in particular that have increased in sophistication and frequency: Denial of Service attacks and Advanced Persistent Threats.

CSA Recommendations for Issuers

The CSA notes that issuers, registrants and regulated entities should be aware of the risks and challenges posed by cyber crime and should take appropriate measures to protect themselves. In particular, the CSA provides the following guidance:

  • Those issuers, registrants and regulated entities that have not yet addressed the issue should consider how to best address the risks of cyber crime, including:
     
    • Educating staff regarding security of information and computer systems,
    • Following guidance and best practices from industry and security associations, and
    • Conducting appropriate third-party vulnerability and security assessments;
  • Those issuers, registrants and regulated entities that have already taken steps to address the issue should review their cyber security risk control measures on a regular basis;
  • Issuers should consider whether any issues with respect to cyber crime are such that they need to be disclosed in a prospectus or continuous disclosure filing;
  • Registrants should consider whether they are able to manage cyber crime risk in accordance with prudent business practices; and
  • Regulated entities should consider the measures necessary to address the risks of cyber crime.

The Staff Notice further notes that the CSA will consider these issues in its reviews of issuer disclosure and in its oversight of registrants and regulated entities going forward.

The foregoing provides only an overview. Readers are cautioned against making any decisions based on this material alone. Rather, a qualified lawyer should be consulted.

© Copyright 2013 McMillan LLP

Authors
Photo of McMillan LLP
McMillan LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More