On September 26, 2013, the Canadian Securities Administrators
("CSA") issued Staff Notice 11-326 Cyber Security
("Staff Notice"). The Staff Notice highlights the
importance of strong and individually-tailored cyber security
measures for issuers, registrants and regulated entities, as such
controls promote the reliability of their operations and the
security of their confidential information. The Staff Notice
identifies two major types of cyber threats in particular that have
increased in sophistication and frequency: Denial of Service
attacks and Advanced Persistent Threats.
CSA Recommendations for Issuers
The CSA notes that issuers, registrants and regulated entities
should be aware of the risks and challenges posed by cyber crime
and should take appropriate measures to protect themselves. In
particular, the CSA provides the following guidance:
Those issuers, registrants and regulated entities that have not
yet addressed the issue should consider how to best address the
risks of cyber crime, including:
Educating staff regarding security of information and computer
Following guidance and best practices from industry and security
Conducting appropriate third-party vulnerability and security
Those issuers, registrants and regulated entities that have
already taken steps to address the issue should review their cyber
security risk control measures on a regular basis;
Issuers should consider whether any issues with respect to cyber
crime are such that they need to be disclosed in a prospectus or
continuous disclosure filing;
Registrants should consider whether they are able to manage
cyber crime risk in accordance with prudent business practices;
Regulated entities should consider the measures necessary to
address the risks of cyber crime.
The Staff Notice further notes that the CSA will consider these
issues in its reviews of issuer disclosure and in its oversight of
registrants and regulated entities going forward.
The foregoing provides only an overview. Readers are
cautioned against making any decisions based on this material
alone. Rather, a qualified lawyer should be consulted.
Under the Income Tax Act, the Employment Insurance Act, and the Excise Tax Act, a director of a corporation is jointly and severally liable for a corporation's failure to deduct and remit source deductions or GST.
Under the Income Tax Act, the Employment Insurance Act, the Canada Pension Plan Act and the Excise Tax Act, a director of a corporation is jointly and severally liable for a corporation's failure to deduct and remit source deductions.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).