Lexpert Special Editions

4 www.lexpert.ca LEGALLY BINDING contracts have always been a mainstay of the agreements through which firms acquire the soware they need to run their businesses successfully. But new requirements governing how federally regu- lated financial institutions should disclose technology incidents – reaching far beyond cybersecurity issues – are likely to affect how parties negotiate and enforce these contracts. "ere's always a contract involved in these third-party service contracts that deals with how data is stored, how personal information is processed, how incidents are responded to," says Robert Tremblay, counsel at Blake, Cassels and Graydon LLP. And the list of what is covered is growing as companies increasingly use the cloud for storing and accessing information. "What's interesting now, however, is that these contracts now involve more elements of regulation and compliance," says Tremblay. Purchasers of technology soware must now deal with tightening rules and regulations, and fitting their compliance needs into their contract negotiations with third-party vendors has become an essential part of the process. Imran Ahmad, a partner with Norton Rose Fulbright LLP, who heads the firm's technology practice, says purchasers and suppliers of such technology in the financial sector, whether off-the-shelf or bespoke, have been most affected by tightening regulations. However, he adds that "there's been a huge volume of tech contracting in all sectors," which has surged, especially during the latter part of the pandemic. Last summer, the Office of the Superintendent of Financial Institutions (OSFI) released the updated requirements affecting federally regulated banks, insurance companies, and credit unions. e 2021 cyber security incident reporting advisory, combined with OSFI's updated cyber security self-assessment, tightens requirements. While cybersecurity is still a significant focus, the new advisory also includes risks associated with technology failures, expanding the types of incidents that parties must report. e advisory also changes the threshold and timing for reporting security incidents to OSFI. e prior advisory required parties to REGULATORY COMPLIANCE IN TECH CONTRACTS Feature TECHNOLOGY SERVICE AGREEMENTS ARE NO LONGER JUST ABOUT BUSINESS. NOW, THEY MUST INCORPORATE PRIVACY AND CYBERSECURITY REGULATORY GUIDELINES FROM THE OFFICE OF THE SUPERINTENDENT OF FINANCIAL INSTITUTIONS

• Cover
• 02-03_TECH_Editorial (SUBBED)
• 04-07_TECH_Feature 5 Health Care Contracts (SUBBED)
• 08-10_TECH_Feature 6 Health Care AI (SUBBED)
• 11_TECH__bios and listees (SUBBED)_2
• 12-14_TECH_Feature 7 Health Care Consolidations (SUBBED)_2
• 15_TECH__bios and listees (SUBBED)_2
• 16-17_TECH_B&P sponsored feature_e-mag
• 18_TECH_Gowling Feature (SUBBED)
• 19_TECH__bios and listees (SUBBED)_2
• 20-22_TECH_Big Deals (SUBBED)
• 24_TECH_Big Deals (SUBBED)
• 26_TECH_Big Deals (SUBBED)
• 27_TECH__bios and listees (SUBBED)_2
• 28-29_TECH__bios and listees (SUBBED)_2
• 30-37_TECH__Other experts and lawyers to watch (SUBBED)