Data protection, privacy and cybersecurity

An increasingly complex web of data protection, privacy and cybersecurity laws, self-regulatory frameworks, best practices and business contracts govern the processing and safeguarding of information around the world, as well as the protection of critical industrial infrastructure.

Our global group of dedicated data protection and cyber lawyers represents clients from industries operating in many parts of the world, each facing a unique set of data protection, privacy and cybersecurity concerns, ranging from business strategy issues to transactions, and from cyber incidents to government investigations and litigation. Advising clients across the globe affords us a 360-degree view of cyber issues that we leverage to provide advice that is holistic, informed and practical, and reflects industry- and region-specific risks.

We advise clients on complex issues associated with both personal and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction. We counsel clients on legal compliance and business strategy relating to privacy and security risk management and cybersecurity and technology transactions. We also offer clients a comprehensive cyber risk management and incident response service which includes assisting clients in developing internal policies and procedures, drafting cyber incident response plans and stress testing these plans by conducting simulated cyber incidents.

Our clients include large corporate, government and specialist internet or data-rich companies operating across a broad range of sectors, including financial services, life sciences, healthcare and pharmaceuticals, retail, insurance, energy, telecommunications and technology.

Our areas of work include

• Bankruptcy proceedings involving personal information
• Cloud services and computing
• Cross-border data flow requirements, including Safe Harbor certification, EU Binding Corporate Rules and other solutions
• Cybersecurity and privacy contract development and negotiation
• Cyber risk management and incident response solutions
• Data hub relocation projects
• Data protection, privacy and cybersecurity audits, compliance risk assessment and remediation
• Data protection program development, including supporting consumer engagement activities such as marketing and advertising
• Data security, privacy and technology regulatory response and litigation
• Developing security and privacy policies, best practices and procedures
• Leveraging personal information for advertising and marketing
• Managing employee information and patient medical records
• M&A transactions
• Mobile privacy issues
• Privacy breaches
• Privacy policies for organizations and their websites
• Proactive incident response planning
• Restrictions on collection and use of consumer information
• Security incident investigation, response, and remediation
• Strategic regulatory compliance advice
• Technology transactions
• Vendor management program development and implementation

Awards and accolades

• Chambers Canada, Nationwide: Information Technology, Chambers and Partners, 2019
• Chambers Global, Canada: Information Technology, Chambers and Partners, 2018
• Legal 500 Canada: Technology, The Legal 500, 2018