Ayse Gauthier is an experienced lawyer maintaining a dynamic practice focused on cybersecurity, privacy and data protection.

Ayse advises Canadian and international companies in various sectors regarding compliance with Canadian and Québec privacy legislation. She has extensive experience in the field of cybersecurity having acted as breach counsel in numerous incidents, providing legal advice and assistance to comply with notification and reporting obligations as well as managing the engagement of various service providers and technical experts for ransom advisory services, forensic investigation, data recovery as required.

Prior to joining McMillan, Ayse served as senior counsel at a global law firm headquartered in London, where she notably advised a number of major London-based and Canadian insurers regarding coverage under cyber insurance policies as well as monitoring on their behalf the handling of numerous cybersecurity and privacy incidents, including several privacy class actions.

Ayse has also previously gained legal experience as a research lawyer at the Federal Court of Appeal, the Court of Appeal of Québec and the Université de Montréal and through internships with several intergovernmental organizations. Bringing this broad and varied experience to her current role, Ayse is known for her sound legal reasoning and her ability to provide practical advice in complex matters.

Representative Matters

  • Advising numerous multinational companies on compliance matters arising from amendments to Quebec’s private sector privacy legislation.
  • Breach counsel for a smart building cybersecurity solution provider regarding an incident affecting a critical infrastructure sector entity.
  • Breach counsel for a federal government institution subject to the Privacy Act regarding a data theft incident.
  • Breach counsel for an Ontario-based health clinic facing a ransomware incident involving personal health information of over 500,000 individuals;
  • Breach counsel for an online networking and training platform facing the leak of information of over 2,000,000 members worldwide;
  • Breach counsel for a consultancy firm facing a business email compromise resulting in fraudulent payments by the affected individuals, coordinated the engagement of computer experts and local counsel in over a dozen jurisdictions, provided legal advice, carried out the notification campaign and regulatory response;
  • Breach counsel for an electronic data interchange solution provider for a number of Canadian banks and crown corporations facing a security incident with data exfiltration;
  • Advised a multinational insurance intermediary in responding to a ransomware attack involving several million individuals worldwide in collaboration with counsel in different jurisdictions, including representation before Canadian federal and provincial privacy and insurance regulators and before the Small Claims Court in Ontario;
  • Advised a US law firm dedicated exclusively to representing organizations facing data privacy events with respect to over 70 multijurisdictional data breaches regarding the application of Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy legislation; coordinated notification of affected Canadians, reported to relevant privacy commissioners;
  • Advised numerous international charities and universities affected by the breach of their cloud-based relationship management software provider;
  • Coverage counsel for a leading cyber insurer with respect to claims brought under cyber insurance policies in hundreds of matters arising from a wide range of incidents including ransomware, business email compromise, fraudulent instruction, cryptojacking, device theft, third-party claims and privacy class actions;
  • Advised the insurers of a Canadian point of sale device and restaurant delivery management service provider with respect to a putative class action under the Illinois Biometric Information Privacy Act (BIPA);
  •  Advised the insurers of an information and telecommunications service provider in the air transport industry with respect to the reasonableness of a proposed settlement in a putative privacy class action arising out of a data breach involving over 200,000 Canadians;
  •  Advised the insurers of a professional order in a putative privacy class action arising out of a data breach involving over 300,000 Canadians;
  • Advised the insurers of a food manufacturer with respect to potential employment-related claims arising out of the ransomware attack on their third-party workforce management service provider;
  • Advised a large reinsurance company on compliance with recent amendments to Quebec privacy legislation;
  • Represented consulting engineers subcontracted by the engineering, procurement, and construction management (EPCM) contractor in a large mining construction project in northern Quebec with respect to allegations of negligence and delay.

Speaking Engagements

"Technology, Competence and Ethics: Staying Afloat in Stormy Seas", 2022 Can-Tech Law Annual Conference: Data Disruption: Managing Changes in Data, Speaker. Technology and Law, Toronto, ON

November 2, 2022

Teaching Engagements

  • Guest Speaker, Polytechnique Montréal, Undergraduate Course on Cybercriminality Analysis (Analyse de la personnalité cybercriminelle I), Fall 2022 & Winter 2023


Rankings & Recognitions

  • Recognized by Best Lawyers in Canada (2024) as a “One to Watch” in the area of Privacy and Data Security Law
  • University of Ottawa Faculty of Law, Dean’s list

Community Involvement

  • Accredited Mediator at the Small Claims Division of the Court of Québec
  • Arbitrator at the Willem C. Vis International Commercial Arbitration Moot and the Foreign Direct Investment International Arbitration Moot (in person and virtual, throughout 2011-2018)
  • Chairperson for the Concordia University Student Tribunals on various student codes of conduct

Directorships & Affiliations

  • International Association of Privacy Professionals, Member and Certified Information Privacy Professional/Canada (CIPP/C)
  • Member, Chartered Institute of Arbitrators (CIArb)
  • Silicon Valley Arbitration & Mediation Center – SVAMC, Accredited Mediator
  • International Association of Privacy Professionals: Member, Certified Information
  • Privacy Professional/Canada (CIPP/C), Certified Information Privacy Manager (CIPM)

Education & Admissions

Certified Information Privacy Professional/Canada – IAPP
Certified Information Privacy Manager – IAPP
2023 (in progress)
Master of Laws - LLM, Privacy and CybersecurityOsgoode Hall Law School, York University
Called to the Ontario Bar
Called to the Québec Bar
Graduate Studies in International LawUniversité de Montréal
Postgraduate Diploma, International Commercial Arbitration, with MeritQueen Mary University of London
J.D., National Program in Common Law (cum laude)University of Ottawa
LL.B., Civil LawUniversité de Montréal
B.Com., Marketing and International BusinessMcGill University


Insights (2 Posts)View More

Featured Insight

McMillan’s Annual Privacy, Data Protection and Cybersecurity Client Seminar

Join McMillan's Privacy & Data Protection Group on Tuesday, October 17th for an overview of recent significant decisions and regulatory guidance.

Tuesday, October 17, 2023
Featured Insight

Clocking In and Opting Out: Quebec CAI Issues Warning About Biometric Time Clocks in the Workplace

Following CAI's recent observations, this bulletin provides guidance to comply with the applicable requirements to implement biometric time clocks in Quebec.

Read More
May 24, 2023