Les Affaires magazine quotes Antoine Aylwin in an article on cyber risks facing pension plans:
“‘It's not clear at this point whether a pension plan is considered a company under the law,’ says Antoine Aylwin, partner and co-leader of Fasken’s privacy and cybersecurity practice. ‘In reality, pension plans engage companies, such as actuarial firms, to manage the personal information they collect. And the law applies to these companies as well as the employers who provide the pension plans.’”
“‘Security is very dependent on proper data governance,’ claims Aylwin. ‘The pension plan needs to be aware of the data it has, control access to it and properly manage external supplier contracts.’”
“‘So, you have to have a plan,’ Aylwin advises. ‘If you start developing a plan in response to an incident, then it’s already too late.’”