Skip Navigation



While there is widespread commitment to strengthening cybersecurity nationally and globally, recent high-profile data security incidents demonstrate the persistence of cyber-attacks and their devastating financial and reputational effects on an enterprise, its officers, directors, employees and shareholders.

Private- and public-sector organizations from a wide range of industries face a broad spectrum of threats ranging from the breach of a computer network to the theft or loss of personal information, intellectual property and financial data.

Complying with complex laws involving data protection and loss, consumer protection, privacy, disclosure requirements combined with increased regulatory oversight and class action activity requires a comprehensive approach to cybersecurity both before a data breach and afterwards. 

How We Can Help
The Blakes Cybersecurity group is a multidisciplinary team of lawyers with significant technology, regulatory, privacy, employment, financial services, crisis management and litigation expertise. We understand the complex, interrelated legal, technical and compliance issues involved in cybersecurity. Our experienced team advises clients at all points along the cyber-risk spectrum: from risk mitigation to incident response and dispute resolution.

Risk Mitigation
We work with clients across a wide range of industries to proactively develop measures and controls for mitigating the risk of a data breach. We have particular expertise advising on compliance requirements in highly regulated industries, such as financial services, investment management, and life sciences.

We regularly advise on:

  • Improving privacy, data use, breach response policies and procedures, communications, and training

  • Privacy and data security risks associated with outsourcing data and in connection with new technologies

  • Drafting data protection terms for service provider agreements

  • Data protection obligations under various federal and provincial legislation

  • Educating board of directors, the C‑suite and IT managers of the risks of data breaches, including the potential business, financial, reputational and legal risks unique to each enterprise

  • Risks associated with data collection and retention 

In the area of competition law, we advise on information sharing among competitors/industry associations as part of joint/shared responses to threats and on cybersecurity issues arising in the context of securing approval under the Investment Canada Act, particularly with respect to technology businesses.

Incident Response
In the immediate aftermath of a cyber-attack, we work with subject-matter experts within Blakes and other external advisers to provide strategic and expedient counsel on: 

  • Incident response and crisis management involving the legal, IT, communications, HR and training functions across an organization as well as third-party vendors

  • Legally required notice under provincial privacy laws and health privacy legislation (federal legislation is pending)

  • Responding to allegations of misuse of personal data by an employee

  • Conducting internal investigations and managing investigations by law enforcement or regulators

  • Public relations and media management

  • Management of consumer concerns

  • Negotiations with payment card issuers

  • Call centre and investor relations communications and training

  • Potential class action liability 

Dispute Resolution
Blakes has the expertise and experience to defend class actions and other litigation resulting from data breaches. In addition to regularly coordinating with U.S. and other foreign counsel, we offer true cross-border experience: members of our team have acted in the U.S. as counsel to major retailers and service providers in responding to litigation and U.S. government investigations arising from their data breaches.

Examples of our privacy class action defence and other litigation experience include advising:

  • A major North American automotive manufacturer in a proposed privacy class action

  • Defending a corporation in a class action related to the loss of data tapes containing the personal and financial information of its customers

  • Representing an investment firm in a class action in Saskatchewan arising from the theft of a computer hard drive that allegedly contained private investment and personal data

  • Advising a defendant in a class action relating to alleged hacking of a database of information collected through a customer loyalty program 

Our litigators are supported by our market-leading E-Discovery & Document Management team, who provide strategic advice on processes for protecting the security and privacy of documents and data in significant document production and discovery obligations.

Read more