The Office of the Superintendent of Financial Institutions (OSFI) just released updated requirements governing how federally regulated financial institutions (FRFIs) should disclose and report technology and cyber security incidents to OSFI. The Advisory, which affects federally regulated banks, insurance companies, and credit unions, replaces the January 2019 Cyber Security Incident Reporting Advisory, which came into effect in March 2019. With the simultaneous release of OSFI’s updated Cyber Security Self-Assessment, OSFI has considerably tightened its requirements demonstrating an increasing concern with the potential impacts of cybersecurity on the financial system and on individual financial institutions.…
Here are the slides used in my presentation to the Toronto Computer Lawyers Group earlier today, The Year in Review: Developments in Computer, Internet and E-Commerce Law (2011-2012). It covers significant developements since my talk last spring, Developments in Computer, Internet and E-Commerce Law (2010-2011).
The slides include a summary of the following cases:
Kraft Real Estate Investments, LLC v Homeway.com, Inc. 2012 WL 220271 (D.S.Car. Jan 24, 2012)
Yesterday, OSFI released a memorandum reminding financial institutions that its outsourcing B-10 Guideline applies to new technology-based outsourcing arrangements including cloud computing. In the short memorandum, OSFI stated the following:
Information technology plays a very important role in the financial services business and OSFI recognizes the opportunities and benefits that new technology-based services such as Cloud Computing can bring; however, FRFIs should also recognize the unique features of such services and duly consider the associated risks.
As such, and in light of the proliferation of new technology-based outsourcing services, OSFI is reminding all FRFIs that the expectations contained in Guideline B-10 remain current and continue to apply in respect of such services.