Expertise Detail

Cybersecurity, Privacy & Data Management

The Digital Privacy Act – What you need to know

snIP/ITs Blog  Cyberlex Blog

Data breaches at major retailers, government departments and financial services organizations have sent a clear warning to all Canadian businesses that collect, use and/or disclose personal information about individuals. Consumer perceptions point to an expectation that these entities should take market-leading steps to protect personal and financial data.

Increasingly, good information management practices go beyond matters of privacy. Malicious hacks (from outside and from within) have targeted intellectual property, trade secrets and other critical business information with noticeable impacts on share prices, director and Board longevity and industry competitiveness. Clients need support from counsel who can marry legislative compliance and the application of industry codes of conduct and privacy policies in various jurisdictions with a practical knowledge of commercial and technology outcomes.

Cybersecurity, protection of business information and data, and managing the production and/or retention of information are all significant aspects of our practice. Our privacy and data protection lawyers offer perspective on all aspects of information management, storage and transfer.  Mitigating risk for clients is always our first priority and we have helped clients manage the entire lifecycle of data, including providing guidance to companies looking to prepare for and prevent a critical data incident. When crisis occurs, we draw from a team that has responded to some of the highest profile data breaches in North America and are involved in many of the key cybersecurity initiatives (both private and public) in Canada.


Differentiated value for clients
Industry insight Clients access the combined experience of our cross-functional technology team. Our experience in data protection matters is underpinned by our leading insight into the practical commercial realities of technology transformation, whether undertaking compliance efforts, working with third-party providers or addressing a breach. For clients who are reviewing practices or upgrading systems, we have relationships with the key technology players at the cutting edge of data protection.
Practical risk management As much as data protection solutions are technological, the core issue is risk management. We take a very results-oriented approach by providing clients with guidance, processes and response strategies which are easily implemented and meet the risk management objectives of the business. This focus on practicality gives us insight into the legal issues that matter most in managing risk and, as importantly, the ones that don’t.
Seeing all the angles Information management infrastructure is rarely as simple as protecting data in your direct control – systems like payments or medical data collection, for example, are highly complex and involve multiple players in the data pipeline. Our experience in this space enables us to scope all the considerations and stakeholders, to build a thoughtful, proactive risk management platform.
Specialist resources for key industry sectors Retail and financial services clients are frequently the most exposed to risk from data breach. We are regarded as having one of Canada’s top financial services regulatory practices and we are confident we advise more retail sector clients than any Canadian law firm. Both groups have helped in our efforts to assist clients in these sectors to meet or exceed industry standards and government requirements, and to proactively respond to breach incidents.
Compliance program best practices Clients look to us for a full range of privacy and data protection compliance solutions – from regulatory update services to audits, gap assessments and development of end-to-end compliance programs. Because we do this work for multiple clients, and because of our immersion in the technology sector, we can recommend and help implement the most up-to-date best practices.


Selected Services
  • Strategic planning
  • Risk assessment & mitigation
  • Compliance programs
  • Process audits
  • Data breach response
  • Liaison with regulators
  • Technology procurement
  • Technology contracts
  • Data processing agreements
  • Data hosting agreements
  • Cross border data transfer including data sovereignty solutions
  • Privacy procedures



Public & private companies including:

  • Financial services
  • Insurance
  • Retail
  • Health & medical
  • Online entities
  • Non-profit

Government entities

Technology developer

Service providers

Regulatory agencies


Canada’s only Tier 1 firm in Technology Top tier in Technology Only firm Most Frequently Recommended in both Technology Transactions and Computer/ IT Law



For more information, please contact:


Matthew Flynn
[email protected]
View profile


Charles S. Morgan
[email protected]
View profile


Matthew Flynn
[email protected]
View profile
Daniel G.C. Glover
[email protected]
View profile
Barry B. Sookman
[email protected]
View profile
Kirsten Thompson
[email protected]
View profile


David Crane
[email protected]
View profile

Search Expertise by Keyword

Blog Posts

Transactions & Cases