Privacy, Data Protection & Cybersecurity

Data Protection and Cybersecurity

Working closely with your team and external security experts, we help you manage cybersecurity and privacy risks, conduct strategic risk assessments and implement effective governance, risk transfer and incident response planning.  

Our approach to cybersecurity, privacy and data breach preparedness is focused on minimizing, mitigating and managing risk. When a data breach occurs, your organization must take immediate action to safeguard the confidentiality, integrity and availability of your information assets and data. Proactively developing and continually refining a comprehensive cybersecurity and data protection strategy is key to preventing and reducing harm. 

Effective cyber risk management requires proactive and ongoing legal support. We help your organization develop the framework that will help determine your current cybersecurity and data protection capabilities, set goals for a target state and establish the plan for improving and maintaining an effective cybersecurity/data protection program. 

We can assist you with: 

• Understanding the legal/regulatory requirements that apply to how your organization is preparing for, and responding to, cyber threats   
• Developing an effective cyber risk management program to assess and prioritize cyber risks and corresponding risk-mitigation strategies 
• Developing or reviewing Incident Response Plans  
• Creating or reviewing policies, procedures and testing and training exercises  

• Acting as breach coach to respond to and manage cyber-attacks and data breaches 
• Advising on reporting obligations, insurance issues, potential legal claims and managing investigations relating to cyber-attacks or data breaches   

Privacy Compliance

Privacy laws demand attention to detail. We help your team understand the requirements and implement plans to ensure compliance. Based on your needs and capacity to dedicate internal resources, we create a custom, cost-effective approach to achieve your desired outcome. 

Our work as counsel in the sensitive area of health records demonstrates our capabilities with privacy law. We have helped develop privacy solutions and impact assessments for several e-health initiatives in Western Canada.   

Our privacy law experience extends well beyond the health-care sector. Our lawyers advise a wide variety of organizations – from public bodies such as governmental departments, municipalities and school boards to private sector companies such as retailers, payment processors and research organizations – on how best to manage personal customer and employee information, maintain data protection requirements and address privacy complaints or breaches. 

One of our most important roles is assisting clients with their privacy compliance plans. Privacy law is complicated and is sometimes used as a reason to not proceed with important initiatives. We bring a balanced approach to ensure you can meet your organization’s objectives in a way that is also compliant with privacy laws.  

We help you: 

• Understand the legal and regulatory requirements as well as best practices to create a privacy compliance program to effectively manage your privacy compliance risks 
• Review, supplement, or develop privacy documents and programs to mitigate your privacy risks including, for example, privacy policies, acknowledgments/ oaths, data protection schedules or third-party agreements, training programs or presentations, privacy impact assessments, and more 

• Manage and respond to privacy access requests, complaints, incidents or breaches by advising on or managing the relationship and communications with privacy regulators on your behalf 
• Manage day-to-day privacy questions and issues as they arise 

Freedom of Information

Our team also understands the complicated area of freedom of information laws and can guide you through every stage of the process. We have experience with both federal and provincial freedom of information laws.  

We help you: 

• Understand the practices that can help protect confidential information. 
• Prepare legal documents that protect your organization’s interests during the freedom of information process. 
• Navigate the requirements of the freedom of information process. 
• Respond to access requests and third-party notifications. 

• Meet the statutory timelines and content requirements for communications throughout the process. 
• Understand what can and cannot be redacted and prepare redactions. 
• Prepare for and respond to complaints to (and reviews by) Information and Privacy Commissioners. 
• Prepare submissions for Information and Privacy Commissioners. 
• Appeal unsatisfactory decisions resulting from reviews by Information and Privacy Commissioners. 

Most importantly, we understand that your confidential information and relationships matter. Our experience in this area means we can provide valuable guidance with business and strategy decisions throughout the freedom of information process. 

We have significant experience working with public bodies, including Crown corporations; municipal governments; government agencies, boards, commissions and other bodies; regional health authorities; health-care organizations; school boards and library boards, as well as third parties, including a wide range of private businesses and organizations. 

Download the Risk Management Checklist to ensure your organization is asking the right questions when it comes to data, technology and innovation matters. 

Request a Consultation With Our Innovation, Data & Technology Team

Privacy

• Assistance with implementation of privacy policies and compliance plans for Saskatchewan regional health authorities, physician clinics and Alberta Primary Care Networks.
• Counsel of record for resolution of complaints with the Office of the Information and Privacy Commissioner (both provincial and federal).
• Legal and privacy support for the Saskatchewan Electronic Health Record project including: Saskatchewan Laboratory Results Repository (SLRR); Radiology Information and Picture Archival System (RIS/PACs); Primary Healthcare Project (PHC).
• Legal and privacy support for the Saskatchewan Medical Association (SMA) Electronic Health Record Program (EMR).
• Extensively advised a variety of private, public and governmental organizations regarding compliance and risk management strategies with respect to privacy, technology-assisted information management and information sharing, including in multi-jurisdictional and multi-national settings.
• Extensive advising regarding data protection requirements for commercial contracts, including with respect to vendor management and intra- and inter-company data flows.
• Wide-ranging experience regarding the handling and management of privacy complaints and breaches, and advocacy with respect to matters before the Office of the Information and Privacy Commissioner (both provincial and federal).

Cybersecurity

Acting as breach coach for numerous clients and insurers to help manage privacy and security breaches, including:

• Working with external advisors and subject matter experts to investigate, remediate and recover from the breach.
• Advising on legally required notice under federal and provincial privacy laws, voluntary notification and disclosure.
• Acting as the client contact and liaison with privacy commissioners, regulators,
  concerned individuals, law enforcement.
• Advising on public relations and media management.
• Advising on improvement of cybersecurity and data breach response plans, policies and procedures and communications and training.
• Counsel to various Saskatchewan-based credit unions in connection with the development and refinement of their cyber risk management frameworks and data breach response strategies.
• Counsel to a Saskatchewan-based credit union in a proposed privacy class action.
• Ongoing adviser to Alberta Central regarding compliance and policy and process development with respect to customer and employee information privacy and data security.
• Ongoing adviser to Alberta Central regarding compliance with guidelines of the Office of the Superintendent of Financial Institutions.