Stikeman Elliott delivers practical and business-focused legal solutions to the challenges presented by the complex privacy and data protection laws in Canada, at both federal and provincial levels. Our lawyers have played a key role in shaping the development of Canadian regulations and best practices in this rapidly evolving area. We have also advised on some of Canada’s highest profile privacy breach cases in which corporate reputations were at stake and serious penalties and damage awards were possible.

The team includes the Special Digital Privacy Counsel to the Canadian Marketing Association, a former Bell Privacy Ombudsman, and some of Canada’s leading experts on electronic privacy issues such as Canada's anti-spam legislation (CASL) and the collection and use of personal information. Stikeman Elliott helps our clients understand the Canadian data protection regulatory regime and works with them to develop and operationalize compliant practices and programs across Canada. We also work closely with legal authorities and regulators in all Canadian jurisdictions to develop a balanced approach to compliance, implementing robust corporate compliance programs and data breach incident plans that meet regulatory requirements and help minimize litigation exposure.

When faced with cybersecurity breaches clients receive strategic and timely advice on risk management and crisis response, managing multi-disciplinary teams engaged in the investigation and management of data breaches, cyber security crises, cyber-crimes, and other network intrusions. We provide real-time advice and support to clients responding to regulatory inspections, investigations and enforcement proceedings by both federal and provincial regulatory and policing agencies.

Our Expertise

  • Audits and compliance reviews
  • Cyber liability insurance assessment
  • Data breaches
  • Employment privacy issues
  • Health information issues
  • Incident response check-up
  • Office of the Privacy Commissioner
  • Personal and confidential information
  • Policies and governance procedures review
  • Privacy breaches
  • Privacy complaints
  • Privacy impact assessments
  • Privacy policies and best practices
  • Privacy protection in outsourcing
  • Privacy and security due diligence in commercial transactions
  • Privacy and security investigation and litigation
  • Remediation of privacy breaches