In this episode, David Fraser, PrivacyLawyer, unpacks the recent Ontario Divisional Court decision in Hospital for Sick Children v. Information and Privacy Commissioner of Ontario. The case arose from ransomware attacks that temporarily encrypted servers at SickKids and the Halton Children’s Aid Society. No evidence suggested that hackers viewed, copied, or exfiltrated personal information—yet the Information and Privacy Commissioner found there had been an unauthorized “use” and “loss” of data, triggering notification obligations. The Court upheld those findings, deferring to the regulator’s broad interpretation.

David explains why this matters for organizations across Ontario (and beyond), focusing on how common words like “use” and “loss” may not mean what you think when regulators are involved. He also contrasts Ontario’s strict approach with the federal private-sector law, PIPEDA, which only requires notification where there is a “real risk of significant harm.” The key takeaway: Ontario’s laws can demand notification even when no harm to individuals exists, a standard that may lead to over-notification and notice fatigue.

The Divisional Court decision can be found here: https://canlii.ca/t/kffpm

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfraser

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.

The law — and the practical realities — of recording conversations in Canada. From AI wearables like the Bee that promise “always-on” memory assistance, to built-in recording and transcription on Zoom and Teams, to employees secretly recording meetings, the legal framework hasn’t really changed: one-party consent under the Criminal Code means you can record if you’re part of the conversation and your purposes are 100% personal. But that doesn’t always make it wise, and in workplaces or commercial settings, privacy laws and policies come into play.

David explores where the law draws the line, why secret recordings are often seen as hostile, and how policies can help manage new tools like AI transcription and wearables. Whether it’s a patient recording therapy sessions, an employee hitting record in a meeting, or an organization using AI-enabled tools for accessibility, this video unpacks the legal rules, the privacy risks, and the best practices for managing them responsibly.

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► BlueSky https://bsky.app/profile/privacylawyer.ca

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfraser

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.

In August 2025, Ontario’s Information and Privacy Commissioner issued a revised finding against the University of Waterloo for a privacy breach involving “smart” vending machines that secretly used biometric face detection technology. Students discovered the issue when an error message revealed the machines were running FacialRecognition.App.exe.

In this video, privacy lawyer David Fraser explains the Commissioner’s decision, why the University of Waterloo was found responsible under Ontario’s privacy law, and the lessons learned.

The IPC finding can be found here: https://decisions.ipc.on.ca/ipc-cipvp/privacy/en/item/521985/index.do

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► My law firm: https://www.mcinnescooper.com/people/...

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfr...

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► My law firm: https://www.mcinnescooper.com/people/david-fraser

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfraser

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.

This video delves into the idea of warrant canaries—a transparency tool used by tech companies to signal when they’ve received secret government surveillance orders. With Canada’s new Strong Borders Act (Bill C-2) giving the Minister of Public Safety power to secretly compel electronic service providers to alter their systems for surveillance, companies operating in Canada may want to consider these. I explain what a warrant canary is, how it works, and trace its history from the early USA Patriot Act era and National Security Letters in the U.S. through real-world examples.

My previous episode on Part 15 of the Strong Borders Act: https://youtu.be/E1LV2fcD9Bs

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► My law firm: https://www.mcinnescooper.com/people/david-fraser

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfraser

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.

As other countries like the UK and Australia are joining conservative US states in implementing "age verification" under the rallying cry of "protecting the children", a Canadian Senator is determined to see it come to fruition for Canada, We had a very close call last year with this being passed, so you should know what's brewing in Parliament.

Here's my video on the previous version of this bill, Bill S-210: https://youtu.be/UN8eP6LlWVY

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► My law firm: https://www.mcinnescooper.com/people/david-fraser

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfraser

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.

The Charter Statement can be found here: https://www.justice.gc.ca/eng/csj-sjc/pl/charter-charte/c2_2.html

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► My law firm: https://www.mcinnescooper.com/people/david-fraser

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfraser

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.

Bill C-2, the so-called Strong Borders bill is a Trojan horse that contains a new law that allows the government to order backdoors in the communications infrastructure you use every day. The government can issue secret orders and service providers are prohibited by law from disclosing vulnerabilities that bad guys could be using to illicitly access data. This is the part of the "border bill" you haven't heard enough about.

My last episode on Part 14 access to customer data: https://youtu.be/wOgo4TuoJec

Read Bill C-2 yourself. Scroll down to Parts 14 and 15: https://www.parl.ca/DocumentViewer/en/45-1/bill/C-2/first-reading

Where you can find me

► Privacylawyer blog: https://blog.privacylawyer.ca

► My law firm: https://www.mcinnescooper.com/people/david-fraser

► Twitter: https://twitter.com/privacylawyer

► LinkedIn: https://www.linkedin.com/in/davidtsfraser

Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.

All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.