Digital pixel image of padlock

Cybersecurity, Privacy & Data Protection

Specializations

  • Representing numerous clients (including corporations operating in the financial services and retail trade industries) to manage security breaches involving different Canadian jurisdictions, including investigating the breaches; acting as the contact for interested parties, the individuals concerned, the media, external technical consultants and privacy commissioners (including the Privacy Commissioner of Canada, the Alberta, British Columbia, and Ontario Privacy Commissioners and the Commission d'accès à l'information du Québec); advising regarding notification obligations; assisting in drafting letters of notification; and generally contributing to the response strategy.
  • Representing various clients in investigations carried out by privacy commissioners and regulators, including: a leading Canadian credit score and analytics company an American multi-national corporation traded on the New York Stock Exchange (NYSE) a leader in international family entertainment and interactive media a multi-national technology company various financial institutions
  • Conducting privacy impact assessments and evaluating risks connected with the management of personal information, designing personal information protection programs adapted to the needs and risks faced by the client, and assisting in implementing those programs for various clients, including for: an American multi-national corporation traded on the NASDAQ stock exchange, specializing in Internet-related products and services a Canadian cable and broadcasting telecommunications company a leading firm that develops, manufactures, markets and distributes a vast array of generic products for the retail pharmaceutical industry a leading Canadian fintech company
  • Conducting privacy audits, including by studying personal information flows in companies and their subsidiaries (data mapping), conducting gap analysis, focusing on practices connected with privacy policies and/or applicable privacy statutes, for various clients including: one of the largest retailers in Canada; a leading consumer products company a leading company in the retail pharmaceutical industry
  • Providing training and education services and developing training and education programs dealing with compliance with privacy and cybersecurity laws for employees who manage customers' or employees' personal information, legal departments (including staff responsible for compliance), as well as sales, marketing, human resources and information technology teams, for clients including: one of the largest financial institutions in Canada one of the largest automobile manufacturers one of the largest suppliers of outsourcing services a Canadian leader in consumer products
  • Negotiating key business partner agreements for numerous clients in various industry sectors (including retailers, telecommunications service providers, financial institutions and Internet businesses) that address cyber risk management issues, including: strategic partnership agreements technology outsourcing agreements cloud services agreements data sharing agreements
  • Representing numerous clients (including corporations operating in the financial services and retail trade industries) to manage security breaches involving different Canadian jurisdictions, including investigating the breaches; acting as the contact for interested parties, the individuals concerned, the media, external technical consultants and privacy commissioners (including the Privacy Commissioner of Canada, the Alberta, British Columbia, and Ontario Privacy Commissioners and the Commission d'accès à l'information du Québec); advising regarding notification obligations; assisting in drafting letters of notification; and generally contributing to the response strategy.
  • Representing various clients in investigations carried out by privacy commissioners and regulators, including: a leading Canadian credit score and analytics company an American multi-national corporation traded on the New York Stock Exchange (NYSE) a leader in international family entertainment and interactive media a multi-national technology company various financial institutions
  • Conducting privacy impact assessments and evaluating risks connected with the management of personal information, designing personal information protection programs adapted to the needs and risks faced by the client, and assisting in implementing those programs for various clients, including for: an American multi-national corporation traded on the NASDAQ stock exchange, specializing in Internet-related products and services a Canadian cable and broadcasting telecommunications company a leading firm that develops, manufactures, markets and distributes a vast array of generic products for the retail pharmaceutical industry a leading Canadian fintech company
  • Conducting privacy audits, including by studying personal information flows in companies and their subsidiaries (data mapping), conducting gap analysis, focusing on practices connected with privacy policies and/or applicable privacy statutes, for various clients including: one of the largest retailers in Canada; a leading consumer products company a leading company in the retail pharmaceutical industry
  • Providing training and education services and developing training and education programs dealing with compliance with privacy and cybersecurity laws for employees who manage customers' or employees' personal information, legal departments (including staff responsible for compliance), as well as sales, marketing, human resources and information technology teams, for clients including: one of the largest financial institutions in Canada one of the largest automobile manufacturers one of the largest suppliers of outsourcing services a Canadian leader in consumer products
  • Negotiating key business partner agreements for numerous clients in various industry sectors (including retailers, telecommunications service providers, financial institutions and Internet businesses) that address cyber risk management issues, including: strategic partnership agreements technology outsourcing agreements cloud services agreements data sharing agreements
  • Representing a financial services regulator named as a defendant in a class action resulting from the loss of personal information contained on a portable computer. We successfully obtained a dismissal of the class action.
  • Representing a major automobile financing company named as a defendant in a class action resulting from the loss of a data tape that contained personal information. We successfully obtained a dismissal of the class action.
  • Representing Google as a defendant in a potential privacy class action (now at the pre-certification stage) on behalf of persons whose electronic data was allegedly transmitted over an unsecured wireless internet connection and whose personal information was allegedly intercepted.
  • Representing Bell Canada in a privacy class action on behalf of Internet subscribers regarding Bell's alleged practice of deliberately slowing down consumer services during peak hours in an attempt to favour business users and alleged use of deep packet inspection technology to access and collect the content of messages sent using Bell's service.
  • Representing the Investment Industry Regulatory Organization of Canada (IIROC) in a privacy class action regarding an incident involving the loss of an unencrypted laptop containing the financial information of more than 52,000 brokerage firm clients we successfully obtained a dismissal of the class action.
  • Representing numerous hospitals and healthcare institutions facing potential or actual claims relating to unauthorized use or disclosure of healthcare information, ranging from small individual breaches and large situations involving loss or theft of data storage devices.
  • Representing a leading New York-based broker-dealer prosecuting an action to obtain emergency injunctive relief against a computer network service provider that refused to provide administrative passwords necessary for access to essential functions such as email and the ability to print.
  • Obtaining civil search orders for US and Canadian satellite television broadcasters whose copyrighted television signals were being pirated, in order to seize computer servers and identify wrongdoers.
  • Obtaining equitable discovery orders for a client following the theft of its confidential information that appeared on a website in order to require the Internet service provider to disclose IP addresses of the wrongdoers.
  • Obtaining an extraordinary mandatory injunction to require an Internet hosting service provider to shut down servers being used to facilitate the global theft of copyrighted works via the internet.
  • Obtaining an extraordinary mandatory injunction to require a point-of-sale service provider to remove from a national retailer's point-of-sale system an unauthorized lock designed to disable the system if disputed fees were not paid.
  • Representing a healthcare institution in a privacy class action by hospital employees brought under the intrusion upon seclusion breach of privacy tort in a case that is expected to define the parameters of this new tort.
  • Representing a hospital in two proposed privacy class actions alleging that hospital employees improperly accessed new-mother contact details and sold that information to persons selling RESPs.
  • Representing a Canadian bank being sued for the criminal actions of a rogue employee alleged to have breached the privacy of bank customers by accessing electronically stored information.
  • Representing a financial services regulator named as a defendant in a class action resulting from the loss of personal information contained on a portable computer. We successfully obtained a dismissal of the class action.
  • Representing a major automobile financing company named as a defendant in a class action resulting from the loss of a data tape that contained personal information. We successfully obtained a dismissal of the class action.
  • Representing Google as a defendant in a potential privacy class action (now at the pre-certification stage) on behalf of persons whose electronic data was allegedly transmitted over an unsecured wireless internet connection and whose personal information was allegedly intercepted.
  • Representing Bell Canada in a privacy class action on behalf of Internet subscribers regarding Bell's alleged practice of deliberately slowing down consumer services during peak hours in an attempt to favour business users and alleged use of deep packet inspection technology to access and collect the content of messages sent using Bell's service.
  • Representing the Investment Industry Regulatory Organization of Canada (IIROC) in a privacy class action regarding an incident involving the loss of an unencrypted laptop containing the financial information of more than 52,000 brokerage firm clients we successfully obtained a dismissal of the class action.
  • Representing numerous hospitals and healthcare institutions facing potential or actual claims relating to unauthorized use or disclosure of healthcare information, ranging from small individual breaches and large situations involving loss or theft of data storage devices.
  • Representing a leading New York-based broker-dealer prosecuting an action to obtain emergency injunctive relief against a computer network service provider that refused to provide administrative passwords necessary for access to essential functions such as email and the ability to print.
  • Obtaining civil search orders for US and Canadian satellite television broadcasters whose copyrighted television signals were being pirated, in order to seize computer servers and identify wrongdoers.
  • Obtaining equitable discovery orders for a client following the theft of its confidential information that appeared on a website in order to require the Internet service provider to disclose IP addresses of the wrongdoers.
  • Obtaining an extraordinary mandatory injunction to require an Internet hosting service provider to shut down servers being used to facilitate the global theft of copyrighted works via the internet.
  • Obtaining an extraordinary mandatory injunction to require a point-of-sale service provider to remove from a national retailer's point-of-sale system an unauthorized lock designed to disable the system if disputed fees were not paid.
  • Representing a healthcare institution in a privacy class action by hospital employees brought under the intrusion upon seclusion breach of privacy tort in a case that is expected to define the parameters of this new tort.
  • Representing a hospital in two proposed privacy class actions alleging that hospital employees improperly accessed new-mother contact details and sold that information to persons selling RESPs.
  • Representing a Canadian bank being sued for the criminal actions of a rogue employee alleged to have breached the privacy of bank customers by accessing electronically stored information.

Related Expertise

Key Contacts

View All Professionals

Insights

View All Insights
View All Insights

 

Digital thumbprint on computer chip | Empreinte numérique sur puce informatique

 

Managing Privacy in a Connected World – Webinar Series

 

BLG's Cybersecurity, Privacy & Data protection team is committed to bringing together leaders and experts in a variety of fields to share their knowledge and insights on how to best manage privacy in an increasingly connected world.

 

Learn more

Stay Up to Date

Subscribe to receive our insights and perspectives on the latest legal developments that will affect you.
Register