Hello folks! I was having a peruse around the cyber world when I spotted an interesting conversation on Infosec Exchange – a spot of legal chat that caught my eye. It was a comment by a chap from across the pond – a Canadian lawyer named David Fraser. Apparently there’s been a ruling that’s got the Canadian cyber law world all in a tizzy, and it could be quite significant for those working in cyber incident response and breach coaching.
This all hinges around a decision by the IPC (that’s the Information and Privacy Commissioner to you and me) that forensic reports are, surprisingly, not privileged. Now, you’d expect these reports to be a bit hush-hush, wouldn’t you? Well, that’s not the case. In fact, the Ontario Divisional Court, a bunch of legal brains in Canada, have upheld this decision as spot on.
Now, I know what you’re thinking: ‘What are we on about here, what’s this “privileged” business?’ Good question. In the legal world, privilege refers to the “get-out-of-jail-free card” that you can use to keep certain documents out of the public eye, and avoid them being used as evidence in court. You’d think that forensic reports, which detail all the nitty-gritty about a cyber breach, would be prime candidates for staying under the radar. But, it seems that it’s not so.
It all began with a case named LifeLabs LP (let’s just call them LifeLabs for short), which has brought the question of privilege for these reports under scrutiny. But with the latest ruling, the Ontario Divisional Court have made it crystal clear that no, these reports are not confidential, they’re not privileged.
This can have huge implications, folks. It means, in a nutshell, that those cyber breach reports are open for all and sundry to see. Not ideal, I reckon, for a company that’s suffered a breach and would rather keep the gory details quiet. But it’s not just about the reputation damage; it’s also about the risk to data users and providers. These reports are vital for addressing the weaknesses that have led to a breach and avoiding future occurrences.
Now, I’m not a lawyer, mind you, but I know that this ruling raises a lot of other questions too. For instance, will other jurisdictions follow suit? It’s a complex issue, but it also underlines the importance of cybersecurity, transparency and accountability.
Remember, folks, it’s essential to stay on top of these topics in our field. We live in an increasingly connected world and how we handle, protect, and manage data is more critical than ever. A cybersecurity exploit is no longer a mere technical glitch; it is a significant legal, financial, and reputational risk.
In the meantime, let’s have a nice cup of tea and keep mulling over how these developments will shape the world of cybersecurity and healthcare. Cheerio!
by Parker Bytes
