How We Can Help
The Blakes Cybersecurity group is a cross-office multidisciplinary team of lawyers with significant technology, regulatory, privacy, employment, financial services, crisis management and litigation expertise. We understand the complex, interrelated legal, technical and compliance issues required to have an effective cybersecurity strategy. Using innovative and cutting-edge tools, our experienced team advises clients at all points along the cyber-risk spectrum: from risk mitigation training to incident response and dispute resolution.
Our Cybersecurity lawyers work with clients across a wide range of industries to proactively develop measures and controls for mitigating the risks associated with a data breach. We particularly have expertise advising on compliance requirements in highly regulated industries, such as financial services, investment management, energy, transportation and life sciences.
We regularly advise on:
- Improving privacy, data use, breach response policies and procedures, communications, and training
- Privacy and data security risks associated with outsourcing data and in connection with new technologies
- Drafting data protection terms for service provider agreements
- Data protection obligations under federal and provincial legislation
- Educating boards of directors, C‑suites and IT managers of the risks of data breaches, including the potential business, financial, reputational and legal risks unique to each enterprise
- Identifying and controlling risks associated with data collection and retention
- Supporting clients with cybersecurity and privacy due diligence in the context of M&A transactions
In the area of competition law, we advise on information sharing among competitors/industry associations as part of joint/shared responses to threats and on cybersecurity issues arising in the context of securing approval under the Investment Canada Act
, particularly with respect to technology businesses.
In the immediate aftermath of a cyber-attack, we work with subject-matter experts within Blakes and external advisers to provide strategic and expedient counsel on:
- Incident response and crisis management involving legal, IT and crisis communications
- Coordinating legally required notifications under federal and provincial privacy and cybersecurity laws, health privacy legislation and, where applicable, foreign data protection laws
- Responding to allegations of misuse of personal data by an employee
- Conducting internal investigations and managing investigations by law enforcement or regulators
- Public relations and media management
- Management of consumer concerns
- Negotiations with payment card issuers
- Call centre and investor relations communications and training
- Potential class action liability
Innovation is at the core of everything we do. We are constantly seeking new ways to create efficiencies and improve outcomes for our clients. Blakes works hard to innovate and develop our response protocols to reduce response times, thereby improving overall outcomes, as compared with market practice.
Other innovations that benefit our clients include:
- A state-of-the-art cyber-response portal that allows clients, vendors, brokers and insurers to organize, share and respond to incidents in a clear and coordinated manner
- inSource, our inhouse, integrated alternative service delivery model for cost-effective document review, including in relation to data breaches
- Our annual Cybersecurity Trends Study ― the first of its kind in Canada ― which provides a detailed analysis of the cyber threats Canadian businesses are facing today and how they are responding
Blakes has the expertise and experience to defend class actions and other litigation resulting from data breaches, including having defeated certification in high-profile cases.
Examples of our privacy class action defence and other privacy litigation experience include representing:
- An RESP company in obtaining denial of certification of a class proceeding arising out of a privacy breach at an Ontario hospital.
- CHC Casinos Canada Limited and the Ontario Lottery and Gaming Corporation in successfully defending them in class actions arising out of a cyber-attack against Casino Rama.
- An international airline in a class action arising out of a cyber-attack.
- The appellant in Royal Bank of Canada v. Trang, a Supreme Court appeal relating to the balance of legitimate commercial interests with privacy rights in Canada’s federal data protection statute.
- A major North American automotive manufacturer in a proposed privacy class action.
- A corporation in a class action related to the loss of data tapes containing the personal and financial information of its customers.
- An investment firm in a class action in Saskatchewan arising from the theft of a computer hard drive that allegedly contained private investment and personal data.
- A defendant in a class action relating to alleged hacking of a database of information collected through a customer loyalty program.
- The interveners in Ontario (Public Safety and Security) v. Criminal Lawyers’ Association, a Supreme Court appeal on the issue of whether the right to freedom of expression guarantees access to government documents.