Personal information and business data are increasingly valuable but inherently risky assets that are protected by both technological and legal safeguards. These safeguards are in flux given fast-changing technology, evolving privacy and data protection laws, and ever-escalating cybersecurity threats – the latter recently resulting in massive privacy and data breaches at government departments and market-leading brands in the retail, ISP and financial services sectors.
Businesses facing privacy and data protection challenges require expert legal advisors who provide innovative and practical solutions. Our multi-disciplinary privacy and data protection team includes client-and-peer-ranked leading and technologically-savvy business, regulatory and litigation lawyers, some of whom are also trained as engineers.
The experience and services of our lawyers covers the full spectrum of risk mitigation, incident response and dispute resolution and includes advising on:
- Canadian federal and provincial privacy and data protection laws applicable to private sector businesses;
- privacy and data protection gap and risk assessments;
- implementing and auditing personal information and data protection practices, including privacy policies and consents;
- data classification and information management programs;
- data protection provisions for third party service provider/outsourcing agreements;
- privacy and data protection issues related to websites, apps, e-commerce and cloud computing;
- privacy and data protection issues and requirements in business transactions including mergers, acquisitions, securitizations and financings;
- privacy and data security breaches, incident management and regulatory notification issues;
- security solutions and crisis management relating to lost or stolen devices (like phones, laptops or flash drives), cyberattacks, ransomware, misdirected email, fraudsters and rogues;
- competition law compliance risks associated with information sharing among competitors and industry associations as part of responses to cybersecurity and other threats or for other legitimate purposes;
- investigations by and complaints before Canadian federal and provincial privacy commissioners;
- government access to information and freedom of information requests and proceedings;
- privacy-related litigation, including investigations, surveillance and e-discovery issues;
- workplace privacy issues, including email, Internet and social media use policies affecting an employee’s expectation of privacy;
- privacy and data protection training and awareness programs;
- Canadian privacy laws and Canada’s Anti-spam Legislation (CASL) applicable to promotional electronic messages sent, and computer programs installed, by manufacturers, distributors, retailers, app developers and other Internet-based businesses;
- issues under CASL and Canadian privacy laws regarding marketing and advertising campaigns, including refer-a-friend campaigns, social media marketing, big data, programmatic ad trading, and online behavioural advertising;
- Canadian personal health information protection laws applicable to health care institutions, health products/services companies (including pharmaceutical companies) and other organizations in the life sciences sector;
- outsourcing involving personal information or other sensitive data that requires protection;
- international privacy and data protection issues, including transferring of data outside Canada and complying with information transfer agreements under foreign laws such as the European Union's Data Directive and General Data Protection Regulation; and
- government relations and regulatory affairs involving emerging privacy and data protection issues relating to law and public policy both within Canada and abroad.