Privacy & Cybersecurity

Many organizations are leveraging innovative technologies to help enhance their business and their customers’ experience by building loyalty and remaining competitive in a digital world. Consumer businesses face numerous challenges as they attempt to handle the complex issues of cyber risk. Working closely with clients and external security experts, we assist in managing cybersecurity and privacy risks, conducting strategic risk assessments, and implementing effective governance, risk transfer and incident response planning.

Our approach to cybersecurity, privacy and data breach preparedness is focused on risk minimization, mitigation, management and displacement. When a data breach occurs, an organization is required to take immediate action in order to mitigate threats to the confidentiality, integrity and availability of its information assets and data. The development and ongoing refinement of a comprehensive cybersecurity and data protection strategy is key to helping prevent and reduce harm before a breach occurs.

Effective cyber risk management requires proactive and ongoing legal support. To that end, we can assist with developing the framework that will help determine current cybersecurity and data protection capabilities, set goals for a target state and establish the plan for improving and maintaining an effective cybersecurity/data protection program.

Privacy laws demand attention to detail, and we help clients understand the requirements and implement plans to ensure compliance. Recognizing that each client’s needs and capacity to dedicate internal resources are unique, we assist in developing the most cost-effective mix of MLT Aikins and client resources to achieve the desired outcome.

Our work as counsel in the sensitive area of health records in Western Canada demonstrates our capabilities with privacy law. We act as counsel to the Privacy Sub-Committee of the Saskatchewan Health Region Chief Information Officer Forum. One of the principal mandates of this Sub-Committee is to develop privacy and security policies and procedures for implementation across all health regions in the Province of Saskatchewan. We have also actively participated in the development of privacy solutions and impact assessments for several e-health initiatives. However, our experience extends beyond privacy matters facing the health-care sector. We have advised a wide variety of organizations, from public bodies such as governmental departments, municipalities and school boards, to private sector companies such as retailers, payment processors and research organizations, regarding management of personal customer and employee information, data protection requirements and management of privacy complaints or breaches.

Privacy

• Assistance with implementation of privacy policies and compliance plans for Saskatchewan regional health authorities, physician clinics and Alberta Primary Care Networks.
• Counsel of record for resolution of complaints with the Office of the Information and Privacy Commissioner (both provincial and federal).
• Legal and privacy support for the Saskatchewan Electronic Health Record project including: Saskatchewan Laboratory Results Repository (SLRR); Radiology Information and Picture Archival System (RIS/PACs); Primary Healthcare Project (PHC).
• Legal and privacy support for the Saskatchewan Medical Association (SMA) Electronic Health Record Program (EMR).
• Extensively advised a variety of private, public and governmental organizations regarding compliance and risk management strategies with respect to privacy, technology-assisted information management and information sharing, including in multi-jurisdictional and multi-national settings.
• Extensive advising regarding data protection requirements for commercial contracts, including with respect to vendor management and intra- and inter-company data flows.
• Wide-ranging experience regarding the handling and management of privacy complaints and breaches, and advocacy with respect to matters before the Office of the Information and Privacy Commissioner (both provincial and federal).

Cybersecurity

Acting as breach coach for numerous clients and insurers to help manage privacy and security breaches, including:

• Working with external advisors and subject matter experts to investigate, remediate and recover from the breach.
• Advising on legally required notice under federal and provincial privacy laws, voluntary notification and disclosure.
• Acting as the client contact and liaison with privacy commissioners, regulators,
  concerned individuals, law enforcement.
• Advising on public relations and media management.
• Advising on improvement of cybersecurity and data breach response plans, policies and procedures and communications and training.
• Counsel to various Saskatchewan-based credit unions in connection with the development and refinement of their cyber risk management frameworks and data breach response strategies.
• Counsel to a Saskatchewan-based credit union in a proposed privacy class action.
• Ongoing adviser to Alberta Central regarding compliance and policy and process development with respect to customer and employee information privacy and data security.
• Ongoing adviser to Alberta Central regarding compliance with guidelines of the Office of the Superintendent of Financial Institutions.