Privacy, Data Protection & Cybersecurity

Working closely with your team and external security experts, we help you manage cybersecurity and privacy risks, conduct strategic risk assessments and implement effective governance, risk transfer and incident response planning.  

Our approach to cybersecurity, privacy and data breach preparedness is focused on minimizing, mitigating and managing risk. When a data breach occurs, your organization must take immediate action to safeguard the confidentiality, integrity and availability of your information assets and data. Proactively developing and continually refining a comprehensive cybersecurity and data protection strategy is key to preventing and reducing harm. 

Effective cyber risk management requires proactive and ongoing legal support. We help your organization develop the framework that will help determine your current cybersecurity and data protection capabilities, set goals for a target state and establish the plan for improving and maintaining an effective cybersecurity/data protection program. 

We can assist you with: 

• Understanding the legal/regulatory requirements that apply to how your organization is preparing for, and responding to, cyber threats   
• Developing an effective cyber risk management program to assess and prioritize cyber risks and corresponding risk-mitigation strategies 
• Developing or reviewing Incident Response Plans  
• Creating or reviewing policies, procedures and testing and training exercises  
• Acting as breach counsel to respond to and manage cyber-attacks and data breaches
• Advising on reporting obligations, insurance issues, potential legal claims and managing investigations relating to cyber-attacks or data breaches 

Contact our breach counsel team at breachcounsel@mltaikins.com or (877) 257-0666.

Privacy laws demand attention to detail. We help your team understand the requirements and implement plans to ensure compliance. Based on your needs and capacity to dedicate internal resources, we create a custom, cost-effective approach to achieve your desired outcome. 

Our work as counsel in the sensitive area of health records demonstrates our capabilities with privacy law. We have helped develop privacy solutions and impact assessments for several e-health initiatives in Western Canada.   

Our privacy law experience extends well beyond the health-care sector. Our lawyers advise a wide variety of organizations – from public bodies such as governmental departments, municipalities and school boards to private sector companies such as retailers, payment processors and research organizations – on how best to manage personal customer and employee information, maintain data protection requirements and address privacy complaints or breaches. 

One of our most important roles is assisting clients with their privacy compliance plans. Privacy law is complicated and is sometimes used as a reason to not proceed with important initiatives. We bring a balanced approach to ensure you can meet your organization’s objectives in a way that is also compliant with privacy laws.  

We help you: 

• Understand the legal and regulatory requirements as well as best practices to create a privacy compliance program to effectively manage your privacy compliance risks 
• Review, supplement, or develop privacy documents and programs to mitigate your privacy risks including, for example, privacy policies, acknowledgments/ oaths, data protection schedules or third-party agreements, training programs or presentations, privacy impact assessments, and more
• Manage and respond to privacy access requests, complaints, incidents or breaches by advising on or managing the relationship and communications with privacy regulators on your behalf
• Manage day-to-day privacy questions and issues as they arise 

Our team also understands the complicated area of freedom of information laws and can guide you through every stage of the process. We have experience with both federal and provincial freedom of information laws.  

We help you: 

• Understand the practices that can help protect confidential information. 
• Prepare legal documents that protect your organization’s interests during the freedom of information process. 
• Navigate the requirements of the freedom of information process. 
• Respond to access requests and third-party notifications. 

• Meet the statutory timelines and content requirements for communications throughout the process. 
• Understand what can and cannot be redacted and prepare redactions. 
• Prepare for and respond to complaints to (and reviews by) Information and Privacy Commissioners. 
• Prepare submissions for Information and Privacy Commissioners. 
• Appeal unsatisfactory decisions resulting from reviews by Information and Privacy Commissioners. 

Most importantly, we understand that your confidential information and relationships matter. Our experience in this area means we can provide valuable guidance with business and strategy decisions throughout the freedom of information process. 

We have significant experience working with public bodies, including Crown corporations; municipal governments; government agencies, boards, commissions and other bodies; regional health authorities; health-care organizations; school boards and library boards, as well as third parties, including a wide range of private businesses and organizations.