Data, Privacy and Cybersecurity

Our Canadian data protection and privacy team provides advice to clients located in Canada regarding compliance with public and private sector privacy and freedom of information laws. We also advise on the impact of Canadian privacy laws for non-Canadian based clients, and work with our U.S. and international colleagues to consider and address privacy laws of other jurisdictions that affect our Canadian clients.

We recognizes that a commitment to privacy and data protection is a mission critical area for organizations focused on achieving client trust and loyalty. We assist Boards and Senior Management in ensuring the right approaches and mechanisms are in place at all levels of the organization for privacy and data protection.

Our Privacy Compliance Program is designed to:

• Prepare new privacy policies and codes as well as operational guidelines and procedures as applicable to an organization’s employees, clients or customers and other third parties;
• Conduct and draft data mapping exercises, privacy impact assessments and information sharing agreements;
• Advise and assist with cyber breach preparedness;
• Provide privacy training for an organization’s employees and privacy law briefing for an organization’s Board;
• Review an organization’s insurance coverage to determine whether it would cover civil damages liability and defence costs arising from violation of privacy laws;
• Assist organizations and their governing boards to comply with legal requirements and to develop best practices in privacy matters;
• Minimize an organization’s exposure to legal liability and reputational risk;
• Provide ongoing practical and effective advice on privacy matters;
• Provide timely, confidential and practical counsel on specific privacy issues as they arise within an organization, including cybersecurity breach support;
• Advise and assist with the development of a dispute resolution process designed to minimize complaints to a Privacy Commissioner;
• Provide advice and representation with respect to complaints made to a Privacy Commissioner and during any resulting audits, investigations or court actions; and
• Advise clients on making, receiving and responding to freedom of information access requests.

Our practice is distinguished by our high level of experience and capability in both private sector and public sector privacy and access to information in both Western and Eastern Canada.

Experience

• Advised and represented numerous non-profit organizations with privacy law compliance matters, including charitable entities, educational institutions and professional regulatory bodies.
• Assisted clients in developing privacy policies and procedures, auditing their privacy compliance practices, preparing privacy impact assessments and responding to information security breaches.
• Provided privacy training for staff and supported public body clients with responding to information access requests and privacy complaints.
• Represented numerous non-profit entities before privacy commissioners and before the courts.
• Assisted a non-profit organization with development of a comprehensive privacy program, addressing sensitive health information of autistic children as well as consent and capacity considerations.
• We have specific experience with the Alberta Personal Information Protection Act and the Alberta Health Information Act, and we have assisted several organizations in Alberta in this respect.
• Represented numerous clients in inquiries before privacy commissioners, for example we successfully represented Thompson Rivers University (TRU) in an Inquiry before the Office of the Information and Privacy Commissioner for B.C.
• Successfully represented the Toronto Organizing Committee for the 2015 Pan American and Parapan American Games in domain dispute.
• Assisted a software company with a Canadian-focused review of its privacy policy, document retention policy, marketing policy and related customer contract provisions.
• Conducted privacy impact assessments for professional regulatory bodies undertaking major initiatives.
• Represented the Office of the Information and Privacy Commissioner for B.C. on numerous judicial review proceedings.
• Advised on ongoing privacy law compliance for a technology solutions company as they rolled out a new product in Canada.
• Conducted privacy audits on behalf of numerous organizations both in the private and public sectors.
• Created a FOI manual for a large electrical utility in Ontario and for a professional regulatory body in British Columbia.

Our Canadian data protection and privacy team provides advice to clients located in Canada regarding compliance with public and private sector privacy and freedom of information laws. We also advise on the impact of Canadian privacy laws for non-Canadian based clients, and work with our U.S. and international colleagues to consider and address privacy laws of other jurisdictions that affect our Canadian clients.

We recognizes that a commitment to privacy and data protection is a mission critical area for organizations focused on achieving client trust and loyalty. We assist Boards and Senior Management in ensuring the right approaches and mechanisms are in place at all levels of the organization for privacy and data protection.

Our Privacy Compliance Program is designed to:

• Prepare new privacy policies and codes as well as operational guidelines and procedures as applicable to an organization’s employees, clients or customers and other third parties;
• Conduct and draft data mapping exercises, privacy impact assessments and information sharing agreements;
• Advise and assist with cyber breach preparedness;
• Provide privacy training for an organization’s employees and privacy law briefing for an organization’s Board;
• Review an organization’s insurance coverage to determine whether it would cover civil damages liability and defence costs arising from violation of privacy laws;
• Assist organizations and their governing boards to comply with legal requirements and to develop best practices in privacy matters;
• Minimize an organization’s exposure to legal liability and reputational risk;
• Provide ongoing practical and effective advice on privacy matters;
• Provide timely, confidential and practical counsel on specific privacy issues as they arise within an organization, including cybersecurity breach support;
• Advise and assist with the development of a dispute resolution process designed to minimize complaints to a Privacy Commissioner;
• Provide advice and representation with respect to complaints made to a Privacy Commissioner and during any resulting audits, investigations or court actions; and
• Advise clients on making, receiving and responding to freedom of information access requests.

Our practice is distinguished by our high level of experience and capability in both private sector and public sector privacy and access to information in both Western and Eastern Canada.

Experience

• Advised and represented numerous non-profit organizations with privacy law compliance matters, including charitable entities, educational institutions and professional regulatory bodies.
• Assisted clients in developing privacy policies and procedures, auditing their privacy compliance practices, preparing privacy impact assessments and responding to information security breaches.
• Provided privacy training for staff and supported public body clients with responding to information access requests and privacy complaints.
• Represented numerous non-profit entities before privacy commissioners and before the courts.
• Assisted a non-profit organization with development of a comprehensive privacy program, addressing sensitive health information of autistic children as well as consent and capacity considerations.
• We have specific experience with the Alberta Personal Information Protection Act and the Alberta Health Information Act, and we have assisted several organizations in Alberta in this respect.
• Represented numerous clients in inquiries before privacy commissioners, for example we successfully represented Thompson Rivers University (TRU) in an Inquiry before the Office of the Information and Privacy Commissioner for B.C.
• Successfully represented the Toronto Organizing Committee for the 2015 Pan American and Parapan American Games in domain dispute.
• Assisted a software company with a Canadian-focused review of its privacy policy, document retention policy, marketing policy and related customer contract provisions.
• Conducted privacy impact assessments for professional regulatory bodies undertaking major initiatives.
• Represented the Office of the Information and Privacy Commissioner for B.C. on numerous judicial review proceedings.
• Advised on ongoing privacy law compliance for a technology solutions company as they rolled out a new product in Canada.
• Conducted privacy audits on behalf of numerous organizations both in the private and public sectors.
• Created a FOI manual for a large electrical utility in Ontario and for a professional regulatory body in British Columbia.