.png)
Cybersecurity laws — including data protection and privacy legislation — are laws that aim to safeguard information technology and computer systems from privacy breaches and unauthorized activity as well as to compel corporations and organizations to protect their online infrastructure from cyber attacks. Potential cyber attacks include activities like security breaches by malware, viruses, worms, DOS attacks, unauthorized access to confidential or private information, access to intellectual property, protected information, personal information, metadata, etc. The current threat to data stored in, or transmitted by, electronic mobile devices is at an all-time high which means that the list of people, not just hackers and crackers, that could potentially threaten the data kept by all organizations is long and diverse.
| Protected Information | Unprotected Information |
|---|---|
| Gender identification | Information that is not about an individual |
| Race / national / ethnic origin | Organizational information |
| Religion | Information that has been rendered anonymous (provided that it is not possible to link that data back to an identifiable person) |
| Age | Names of public servants |
| Marital status | Positions of public servants |
| Medical history | Titles of public servants |
| Education and employment history | Business contact information collected by an organization |
| Identifying numbers (e.g. SIN, drivers license) | Government information |
| Financial information | |
| DNA | |
Technologies that are interconnected and allow easy access to the Internet have become deeply integrated into everyday life. As a result, we increasingly depend on cyberspace for social, economic and political interactions. Not only does the internet provide a platform for a whole range of critical infrastructure sectors and services, such as health care, food and water, finance, information and communication technology, public safety, energy and utilities, manufacturing, transportation and government, but it also augments all of these critical infrastructure sectors and is therefore vital to Canada's future economic growth.
At the same time, the online environment has increasingly been subjected to sophisticated and targeted threats; our ever-increasing reliance on cyberspace is creating new and significant vulnerabilities. As a result, it’s important to learn about the legal aspects of cybersecurity so that we will be better prepared against the attacks of potential cyberattacks, as well as have the boundaries to ensure that we use the internet properly.
As seen from the chart above, private information is information such as your SSN and bank account information. Personal information is information that is yours but that isn’t sensitive and this includes things like your address, phone number, email, et cetera. It is information that can be found in the public record. Unless all components are equally secure, the entire system is vulnerable as cybercriminals are often skilled at exploiting weaknesses in cyberspace.
Canadian cybersecurity and data protection legislation is governed by a specific set of statutes and common law rules which are gradually evolving as the world we live in continues to change at an ever more rapid pace. While the legislative framework for these laws may appear overtly complex, failure to understand and comply with this framework and take the steps to reduce risks and the impact of such risks should they materialize, can result in harsh consequences, both legal and financial, for an individual or an organization living or operating in Canada. As a result, significantly more education and awareness of cybersecurity and the laws around online data protection are required for the protection of all individuals.
The two main sources of Canadian law are the Legislation (includes Acts, and statutes) and the Common Law (previous judicial decisions in cases with similar facts and matters):
| Statutory Law | Common Law |
|---|---|
| Definition: Statutes, or Acts, are laws made by the (federal) Parliament or the (provincial/territorial) Legislature. Statutory law relates to the laws implemented through legislation. | As a common law country, Canadian law adheres to the doctrine of stare decisis, which is the principle in common law systems that a precedent — an earlier decision or ruling in a previous legal case — is either binding or persuasive for a court when deciding future cases with similar issues or established facts. |
| The implementation of a new statute can create a new law, or modify or nullify a previously existing law. The rules that address the details and practical applications of the law expressed in each Act are known as its Regulations. The authority to make Regulations in relation to an Act is assigned within that Act itself. Statutory law refers to the entirety of written laws that are passed through the body of the legislature and voted on by the members of the governing body. Acts passed by the Parliament of Canada and by provincial legislatures are Canada's primary sources of law. | The goal of the common law legal system in deciding cases based on precedent and according to consistent principled rules is that cases that have similar facts will yield predictable outcomes, which will aid in maintaining the fundamental principles of justice. In the Canadian context, the concept of stare decisis means that the lower courts must follow the decisions of the higher courts by which they are bound. |
| The Statutes of Canada are the federal legal code of Canada that contains the federal laws and statutes enacted by the Parliament of Canada and are enacted into their own unified code. Examples of relevant statutory laws and the years they were implemented include the Criminal Code of Canada (1985), the Privacy Act (1985), the Personal Information Protection and Electronic Documents Act (2000), and the Cannabis Act (2018). | While no other provincial court is bound by the decisions made within another province’s court, the decisions which are made in the highest court of each province (the Provincial Court of Appeal) are considered to be persuasive, not binding, in other provincial jurisdictions. Only the Supreme Court of Canada — the federal court — has the authority to bind all courts in the country with a single ruling. As with matters such as cybersecurity, which is quickly evolving, or when there is little or no existing Canadian decision on a particular legal issue, it can become necessary to look to a non-Canadian legal authority for reference. In those situations, decisions of English (UK) courts and American (US) courts are often utilized persuasively. |
There are three branches of government that are involved in creating, maintaining, and applying our legal structure: