Canada Insurance Law Review

Key takeaways for the insured

Consider industry standards and best practices

• Identify company’s legal obligations under federal and provincial privacy laws, securities laws, and policies and guidelines set out by industry regulators;
• Develop and test an incident response plan;
• Involve senior management, directors and officers, and legal counsel in creating the effective response plan for cybersecurity-related risks;
• Train employees and educate staff so they are aware of their legal obligations;
• Develop and enforce an information security policy; and
• Participate in cybersecurity information sharing programs.

Determine your exposure

• The most common attacks are social attacks (e.g., whaling), hacking and networking intrusions, and malware and end user attacks;
  • Social attacks are among the most common for senior business executives who have access to the company’s funds; and
  • Directors and officers may be held liable in the event of a cybersecurity attack or data breach if they failed to oversee and implement reasonable cybersecurity measures for the company, or failed to comply with any disclosure requirements after a breach occurred. 

Obtain cyber insurance coverage

• Businesses should determine what risks are most relevant to their company and ensure they are adequately covered under their insurance policy.

Four corners of the Cyber legal regime

In Canada, several federal and provincial laws and regulations govern cybersecurity and data protection, each addressing a particular issue. Due to its complex nature, businesses should ensure they understand what legislation applies to them and identify what their obligations are under the applicable legislation, as failure to comply can result in significant financial and reputational harm. By understanding this governing framework, organizations can be proactive and implement the necessary procedures to ensure they properly protect their business and clients. This article will provide a brief overview of the relevant statutes, regulations and case law relating to data protection and cybersecurity.

This article is authored by Ephraim Stulberg for MDD Forensic Accountants.

Introduction

Mergers and acquisitions (“M&A”) can be a double-edged sword. When done right, M&A can allow acquirers to scale their businesses and create value through synergies. When done poorly, M&A can result in drastic overpayments for assets that are not nearly as valuable as believed and for economies of scale that are very difficult to achieve.

One of the main risks in M&A is information asymmetry: simply put, the vendor knows much more about its business than the acquirer. While the acquirer is able to perform due diligence, time pressures to close the deal mean that this process can sometimes be imperfect; issues are sometimes missed.  This is where Representations and Warranties (R&W) insurance can come into play.

In the recent decision, Tokio Marine & Nichido Insurance Company v. Security National Insurance Company, 2019 ABQB 622, the Alberta Court of Queen’s Bench (the “Court”) heard an appeal of a Master’s of an application for an order declaring that another insurer had a duty to defend a motorist involved in an accident. This is an important decision for insurers as it provides an examination of a unique factual scenario where there was overlapping insurance coverage.

The Facts

On June 4, 2016, Ms. Sran drove a vehicle owned by Mr. Gill (the “Gill Vehicle”), to an Acura dealership in Calgary, Alberta (the “Dealership”), for servicing.