The most recent information from CSA on cybersecurity is set out
in the summary of its roundtable discussion (released
April 7, 2017) to explore response to cybersecurity incidents.
The summary of the roundtable discussion highlighted the
The importance of cooperation and information sharing in
response to cybersecurity incidents;
The need for a robust Incident Response Plan (IRP) for
entities, including those indirectly affected by a cyber incident;
IRPs should be detailed in order to prepare for a cyber
incident. They should address internal procedures and also
outline how to share key information and communicate with other
stakeholders. Communication with others is especially
important in case of a market-wide security incident affecting
dealers, agencies, and other market participants.
Reliance on more formal communication channels for information
sharing may contribute to improved response and recovery;
The need to test and update IRPs, including communication and
coordination protocols; and
The public and private resources available to organizations
that may be subject to a cybersecurity incident.
The summary further reinforced the expectations of regulated
entities in this industry:
As highlighted in CSA Staff Notice 11-332 Cyber
Security, CSA members expect that regulated entities
examine and review their compliance with ongoing requirements
outlined in securities legislation and terms and conditions of
recognition, registration or exemption orders, which include the
need to have internal controls over their systems and to report
security breaches. CSA members also expect that registrants
continue to remain vigilant in developing, implementing and
updating their approach to cyber security hygiene and
It is reasonable to expect that the increased consideration of
cybersecurity issues by the CSA will result in the establishment of
an industry standard of cybersecurity hygiene and management. This
industry standard will likely inform how organizations are assessed
for liability to customers, employees, investors in the marketplace
and others affected by a cybersecurity incident.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The use of electronic signatures is becoming increasingly commonplace in commercial transactions, as individuals and businesses capitalize on the administrative efficiency afforded by today’s digital world.
Following the Divisional Court's decision in Toronto-Dominion Bank v. Ryerson University, companies that contract with government institutions should be aware that such contracts are likely open to disclosure under the Freedom of Information and Protection of Privacy Act.
Back in April 2015, we discussed key questions to keep in mind when negotiating earn-outs, and looked at recent trends coming out of the American Bar Association's 2014 Canadian Private Target M&A Deal Points Study (the 2014 ABA Study).
Before sending out that next tweet or posting to a blog, hit the pause button and consider whether the timing and content pass muster. Reporting issuers and their representatives must take note of Staff Notice 51-348
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).