Skip Navigation



Notwithstanding widespread commitment to strengthening cybersecurity nationally and globally, recent high-profile data security incidents demonstrate the persistence of cyber-attacks and their devastating financial, operational and reputational impacts on a business, its officers, directors, employees and shareholders.
Private- and public-sector organizations from a number of industries face a broad spectrum of threats ranging from the breach of a computer network to the theft or loss of personal information, intellectual property and financial and other sensitive corporate data.
Navigating Canada’s complex legal landscape involving data protection and loss, consumer protection, privacy and disclosure requirements can be challenging and requires a comprehensive approach to cybersecurity both before a data breach and afterwards. Increased regulatory oversight and class action activity raise the already-high stakes for companies preparing for or responding to a security incident.

How We Can Help
The Blakes Cybersecurity group is a cross-office multidisciplinary team of lawyers with significant technology, regulatory, privacy, employment, financial services, crisis management and litigation expertise. We understand the complex, interrelated legal, technical and compliance issues required to have an effective cybersecurity strategy. Using innovative and cutting-edge tools, our experienced team advises clients at all points along the cyber-risk spectrum: from risk mitigation training to incident response and dispute resolution.

Risk Mitigation
Our Cybersecurity lawyers work with clients across a wide range of industries to proactively develop measures and controls for mitigating the risks associated with a data breach. We particularly have expertise advising on compliance requirements in highly regulated industries, such as financial services, investment management, energy, transportation and life sciences.

We regularly advise on:

  • Improving privacy, data use, breach response policies and procedures, communications, and training
  • Privacy and data security risks associated with outsourcing data and in connection with new technologies
  • Drafting data protection terms for service provider agreements
  • Data protection obligations under federal and provincial legislation
  • Educating boards of directors, C‑suites and IT managers of the risks of data breaches, including the potential business, financial, reputational and legal risks unique to each enterprise
  • Identifying and controlling risks associated with data collection and retention 
  • Supporting clients with cybersecurity and privacy due diligence in the context of M&A transactions
In the area of competition law, we advise on information sharing among competitors/industry associations as part of joint/shared responses to threats and on cybersecurity issues arising in the context of securing approval under the Investment Canada Act, particularly with respect to technology businesses.

Incident Response
In the immediate aftermath of a cyber-attack, we work with subject-matter experts within Blakes and external advisers to provide strategic and expedient counsel on: 
  • Incident response and crisis management involving legal, IT and crisis communications
  • Coordinating legally required notifications under federal and provincial privacy and cybersecurity laws, health privacy legislation and, where applicable, foreign data protection laws
  • Responding to allegations of misuse of personal data by an employee
  • Conducting internal investigations and managing investigations by law enforcement or regulators
  • Public relations and media management
  • Management of consumer concerns
  • Negotiations with payment card issuers
  • Call centre and investor relations communications and training
  • Potential class action liability 
Innovation is at the core of everything we do. We are constantly seeking new ways to create efficiencies and improve outcomes for our clients. Blakes works hard to innovate and develop our response protocols to reduce response times, thereby improving overall outcomes, as compared with market practice.
Other innovations that benefit our clients include:
  • A state-of-the-art cyber-response portal that allows clients, vendors, brokers and insurers to organize, share and respond to incidents in a clear and coordinated manner
  • inSource, our inhouse, integrated alternative service delivery model for cost-effective document review, including in relation to data breaches
  • Our annual Cybersecurity Trends Study ― the first of its kind in Canada ― which provides a detailed analysis of the cyber threats Canadian businesses are facing today and how they are responding
Dispute Resolution
Blakes has the expertise and experience to defend class actions and other litigation resulting from data breaches, including having defeated certification in high-profile cases.

Examples of our privacy class action defence and other privacy litigation experience include representing:
  • An RESP company in obtaining denial of certification of a class proceeding arising out of a privacy breach at an Ontario hospital.
  • CHC Casinos Canada Limited and the Ontario Lottery and Gaming Corporation in successfully defending them in class actions arising out of a cyber-attack against Casino Rama.
  • An international airline in a class action arising out of a cyber-attack.
  • The appellant in Royal Bank of Canada v. Trang, a Supreme Court appeal relating to the balance of legitimate commercial interests with privacy rights in Canada’s federal data protection statute.
  • A major North American automotive manufacturer in a proposed privacy class action.
  • A corporation in a class action related to the loss of data tapes containing the personal and financial information of its customers.
  • An investment firm in a class action in Saskatchewan arising from the theft of a computer hard drive that allegedly contained private investment and personal data.
  • A defendant in a class action relating to alleged hacking of a database of information collected through a customer loyalty program. 
  • The interveners in Ontario (Public Safety and Security) v. Criminal Lawyers’ Association, a Supreme Court appeal on the issue of whether the right to freedom of expression guarantees access to government documents.
Awards & Recognition

Global Data Review’s GDR 100 ranks Blakes among the best data law firms, noting that the Firm has “market-leading practitioners…who advise on wide-ranging data projects” and that clients “seek out its expertise in the immediate aftermath of cyber incidents.”

Lawyers in our Cybersecurity group are recognized for their expertise in technology law, privacy, dispute resolution, class action defence, competition, securities, financial services regulatory and employment law in the most recent editions of the following publications:  

  • Chambers Canada: Canada's Leading Lawyers for Business

  • Chambers Global: The World’s Leading Lawyers for Business

  • Benchmark Canada: The Definitive Guide to Canada's Leading Litigation Firms and Attorneys

  • Benchmark Litigation’s 40 & Under Hot List

  • The Canadian Legal Lexpert Directory

  • The Lexpert/American Lawyer Guide to the Leading 500 Lawyers in Canada

  • The Lexpert Guide to the Leading US/Canada Cross-Border Litigation Lawyers in Canada

  • Benchmark Canada: The Definitive Guide to Canada's Leading Litigation Firms and Attorneys

  • The Best Lawyers in Canada

  • Who's Who Legal: Canada

  • Who’s Who Legal