privacy and data protection compliance  


The ever-increasing value and risks associated with use of personal information have focused organizations on privacy compliance. In part, this has been driven by a constant stream of media stories highlighting poor information handling practices by some organizations, as well as a number of significant privacy breaches. Such breaches now commonly result in class action lawsuits.

In Canada, there is a complex network of laws governing privacy and data protection, including private-sector, health-sector and public sector statutes, sector-specific privacy obligations (e.g., for financial institutions), statutory privacy torts, and evolving common law torts such as "intrusion upon seclusion" and "publicity given to private life".

McMillan's Privacy Group understands privacy laws and their impact on day-to-day business activities, including the risks and opportunities associated with cross-border data transfers and outsourcing, privacy issues in areas with specific sensitivities such as youth, online, financial and health privacy, and the use of personal information for secondary marketing purposes. We advise clients on establishing a comprehensive privacy compliance infrastructure, so that they can reduce the risk of privacy complaints, investigations by privacy commissioners and other regulatory bodies, and privacy-related litigation. An effective compliance infrastructure can also help clients to mitigate the damage of any risks that may materialize.

McMillan professionals help clients lead by:
  • Advising on compliance with all aspects of applicable privacy laws across Canada
  • Providing guidance on the application of privacy laws to marketing activities, including online tracking and targeting of customers
  • Designing and performing audits of current practices and risks associated with the use of personal information (data mapping, risks assessment)
  • Designing and implementing privacy compliance strategies, tools and processes
  • Drafting and reviewing privacy policies as well as consent provisions and information collection procedures
  • Drafting and reviewing data transfer agreements and privacy provisions in service agreements with suppliers and other third parties
  • Assisting in developing records retention policies
  • Helping organizations to develop the role of a privacy officer for their business
  • Advising in cases of privacy or security breaches
  • Advising on issues related to cross-border transfers of information, including cloud computing
  • Responding to access requests, disclosure requests from government authorities, privacy complaints and regulatory investigations
  • Representing clients in privacy-related litigation
  • Advising on CASL compliance
  • Advising on sector-specific privacy obligations, such as health sector privacy laws and regulatory guidelines applicable to the financial sector
November 2020

Advocacy and Employment Law Bulletin

July 2020

Insurance Bulletin

May 2020

Privacy Law Bulletin, Business Law Bulletin

February 2020

Privacy Law Bulletin

November 2017

Cybersecurity Bulletin

October 2017
August 2017

Litigation Bulletin

August 2017

 (McMillan Internal)

June 2017

Litigation, Business Law and Technology Bulletin

April 2017

Cybersecurity Bulletin

January 2017

Privacy and Class Action Bulletin

October 2016

Canadian Securities Law News (November 2016, Number 274)
Securities Bulletin and Cybersecurity Bulletin

September 2016

Cybersecurity Bulletin

July 2016

Cybersecurity Bulletin