Fingerprint scanning on blue technology illustration
Fingerprint scanning on blue technology illustration
Fingerprint scanning on blue technology illustration

PRIVACY & DATA PROTECTION

Privacy and Data Protection are interrelated concepts that involve complex statutory, regulatory and common law requirements and restrictions. Privacy and data breaches – whether accidental or intentional – are frequent front-page news stories that damage corporate reputations and have led to an increasing number of class action lawsuits. Our privacy and data protection lawyers help clients examine the impact of privacy and data protection laws and regulatory requirements upon their businesses and implement measures to reduce risks.

Canada has a complex network of laws governing privacy and data protection compliance, including private-sector, health-sector and public sector statutes, sector-specific privacy obligations, statutory privacy torts, and evolving common law torts such as “intrusion upon seclusion” and “publicity given to private life.” To provide support to our client, our lawyers routinely prepare and adopt practices and procedures that ensure compliance. We advise clients on establishing a comprehensive privacy compliance infrastructure, so that they can reduce the risk of privacy complaints, investigations by privacy commissioners and other regulatory bodies, and privacy-related litigation. An effective compliance infrastructure can also help clients to mitigate the damage of any risks that may materialize.


McMillan’s Privacy & Data Protection Group developed an interactive tool with 21 questions (and answers) to help you evaluate risks related to Canadian data processing activities. For more information on navigating the complex privacy law landscape in Canada, please contact a member of our dedicated team.

Go to Interactive Tool


Our lawyers regularly develop organizational and employee privacy policies and function-specific documents, such as Internet privacy policies, acceptable use policies, and cookies policies. Among other things, McMillan’s data privacy lawyers provide guidance on the application of privacy laws; draft and review privacy policies, consent provisions and information collection procedures; advise on cases of privacy or security breaches; advise on issues related to cross-border transfers of information, including cloud computing; represent clients in privacy-related litigation; and CASL compliance.

Workplace privacy also presents unique issues and challenges. The sheer volume of personal employee information companies handle is just one of the reasons why privacy laws in the workplace are taking centre stage of late. Another emergent workplace privacy issue concerns medical privacy laws in the workplace, which have come to the fore as businesses navigate the legalities of workplace drug testing since Canada legalized marijuana and COVID testing came into play.

McMillan’s workplace privacy lawyers draft and review employee privacy policies, and advise corporations on the application of privacy laws, privacy issues related to searching employees and their property, collection of biometric information, privacy issues unique to unionized workforces, and more.

McMillan’s team also has valuable experience interpreting and applying Canada’s Anti-Spam Legislation (CASL) across organizations, reviewing CASL compliance and training client teams, and dealing with the CRTC and the Privacy Commissioner on CASL compliance matters. Our expertise extends to publication of a legal text, Internet Law Essentials: Canada’s Anti-Spam Law.

Essentially we help clients understand how they can balance compliance with innovation, employer rights, and business needs.

Cybersecurity is no longer solely an issue for IT or technical staff. An effective plan to protect the organization against cyber threats requires insight into both the technical threats and the many and varied ways in which those threats can manifest in personal, physical, and financial damage. Understanding and responding effectively to those threats requires a comprehensive understanding of legal and regulatory obligations and risks, all of which are rapidly evolving.

Among other things, McMillan’s cybersecurity lawyers draft security and data protection policies and protocols; advise on compliance with applicable privacy laws and other legislation; educate managers and directors on the risks associated with a data breach; prepare and implement  a notice strategy to respond to data breaches; advise on dealing with the public and regulators following a breach; and assist with internal investigations and obtaining court orders for timely disclosure of necessary information from third parties.

Although organizations may use their best efforts to develop and implement policies and procedures to comply with Canada’s complex and rapidly evolving privacy and data protection regime, disputes regarding breach of privacy and mishandling of personal information are often unavoidable. McMillan helps organizations manage the risk of being drawn into litigation through, for example, inadvertent disclosure of customer information, employee misconduct, or even external hacking of their information systems.

The importance of an immediate and effective response is underscored by the recent wave of reported class actions relating to privacy and data breaches, many of which allege that the organization did not promptly notify individuals who were at risk of harm.

McMillan’s Privacy Group is experienced at resolving disputes in a client-focused way. We pair specialized privacy expertise with McMillan’s renowned Litigation Group to provide a comprehensive team that can advise and represent clients in all types of privacy litigation.

Primary Contacts

View All Contacts

Lyndsay A. Wasser

Partner, Privacy & Data Protection | Employment & Labour Relations

Kristen Pennington

Partner, Privacy & Data Protection | Employment & Labour Relations

Mitch Koczerginski

Partner, Litigation & Dispute Resolution | Privacy & Data Protection

Deals and Cases

Tools

Insights (10 Posts)View More

Featured Insight

Company Ordered to Cease Using Facial Recognition Technology to Monitor Access to its Facilities: Overview of Quebec Privacy Regulator’s Decision

In this bulletin, we provide an overview of the Quebec privacy regulator's decision in ordering the Company to cease using its facial recognition technology.

Read More
Feb 11, 2025
Featured Insight

Beyond Borders: BC Court issues seminal ruling on the jurisdictional application of the Personal Information Protection Act

In Clearview v. OIPC, the BC Supreme Court provided clear guidance on the application of BC PIPA to foreign companies: the real and substantial connection test.

Read More
Jan 8, 2025
Featured Insight

Bill C-26: A New Chapter in Canadian Cybersecurity Regulation

On December 5, 2024, parliament passed an act respecting cyber security (Bill C-26), which ushers in a new era of cybersecurity for federal organizations.

Read More
Dec 24, 2024
Featured Insight

Naughty or Nice? Wrapping up the Year with a Look at Children’s Privacy in Canada

In this bulletin, we identify the key questions for private sector organizations attempting to handle children's data in accordance with Canadian law.

Read More
Dec 18, 2024
Featured Insight

Exploring the No-Go Zones: Overview of the Guidance Issued by the Canadian Privacy Regulator Relating to Inappropriate Purposes

In this bulletin, we provide an overview of "No-Go Zones" identified by the OPC, including emerging No-Go Zones.

Read More
Dec 17, 2024
Featured Insight

Alberta Proposes Modernized Public Sector Privacy and Information Access Legislation: Unpacking Bills 33 and 34

Alberta proposes Bills 33 & 34 to modernize public sector privacy and information access laws. Learn about the key changes and their impact on organizations.

Read More
Nov 20, 2024
Featured Insight

Canadian Privacy Regulators Issue Resolution about Deceptive Design Patterns

Canadian privacy regulators have issued a joint resolution with expectations for organizations about the use of deceptive design patterns on websites and apps.

Read More
Nov 14, 2024
Featured Insight

Towards a Shared Understanding: Canada’s New Sustainable Investment Guidelines & Mandated Climate Disclosures

Canada’s New Sustainable Investment Guidelines (Taxonomy) & Mandated Climate Disclosures

Read More
Nov 4, 2024
Featured Insight

McMillan’s Annual Privacy, Data Protection and Cybersecurity Client Seminar

This program will provide an overview of recent significant decisions and regulatory guidance, along with discussions about the privacy implications of AI and how deceptive design patterns could be impacting your organization’s legal compliance.

Details
Thursday, October 24, 2024