a hand holding a knife

Compliance with Privacy & Data Protection

Canadian privacy and data protection legislation is vast. In addition, international privacy regimes may affect organizations in Canada. Having a skilled legal team with a current, comprehensive and practical knowledge of its complexity is a necessity. In order to navigate these various regimes, it is also key to have trusted advisors who have a solid knowledge of technology trends and can benchmark an organization’s practices in a given industry to accurately assess privacy and data protection related risks.
Our lawyers offer comprehensive advice on compliance with privacy laws at the federal and provincial levels as well as with European data protection legislation. We liaise with regulators across the country and follow closely international trends giving us a thorough understanding of regulatory priorities and the new directions that legislative and regulatory developments may take. This invaluable insight allows us to provide our clients with practical, proactive advice to make sound decisions today—and to keep an informed eye to tomorrow.

Our experience with privacy and data protection legislation is unparalleled. This includes:

  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Personal Information Protection Act (Alberta)
  • Personal Information Protection Act (British Columbia)
  • Personal Health Information Privacy and Access Act (New Brunswick)
  • Personal Health Information Act (Newfoundland and Labrador)
  • Civil Code (Québec)
  • Charter of Human Rights and Freedoms (Québec)
  • an act respecting the protection of personal information in the private sector (Québec)
  • an act to establish a legal framework for information technology (Québec)
  • an act respecting access to documents held by public bodies and the protection of personal information (Québec)
  • General Data Protection Regulation (European Union)
  • privacy-related provisions in sector-specific privacy laws
  • provincial laws governing consumer credit reporting and personal information collected by professionals
  • Privacy Act (federal)
  • Canadian Anti-Spam Legislation (CASL) (federal)
  • E-Health (Personal Health Information Access and Protection of Privacy Act)
  • Freedom of Information and Protection of Privacy Act (FIPPA)
  • Ontario Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
  • Personal Health Information Protection Act (Ontario)

We serve a range of clients and sectors, including health care, non-profit and municipalities.


  • Assist air operators with regulatory advice and applications for judicial review to the Federal Court on issues addressing the link between privacy rights and the Access to Information Act.
  • Provided advice respecting questions dealing with human resources and the protection of privacy for various clients, including one of the largest automobile manufacturers; a Canadian leader in consumer products; a leading company in Analog and Digital Television, High-Speed Internet and Telephone services; one of the world's largest professional services firms traded on the TSX stock exchange; one of the world's largest professional services firms, as well as a multinational corporation working in the biopharmaceutical sector.
  • Retained by one of the "Big Four” Canadian accounting firms to develop tools and procedures to enable assisting one of its clients with certain aspects of the legislative requirements of CASL (the Canadian anti-spam law) in connection with its business practices and to provide consulting services to its clients concerning CASL compliance.
  • Assisted a large European retailer which is expanding operations to Canada to revise their privacy policies, systems and agreements pertaining to customer loyalty programs and use of progressive technologies that collect data from consumers.
  • Acted for the City of Ottawa on a precedent setting case that established the privacy of employee personal emails unrelated to the business of the City. The Divisional Court agreed with the City that an employee's personal emails unrelated to their work would not be captured by the public sector privacy legislation.
  • Provided advice and drafted agreements for a party who was terminating an existing long term business relationship where the parties had shared large volumes of personal information and had not adequately accounted for the protection of such information on termination. This transaction involved extensive negotiation, analysis of privacy and consumer protection laws and complex agreements to accomplish the goals of the client to fulfil its legal obligations.
  • Provided advice to one of the world's largest professional services firms (traded on the TSX stock exchange) on its overall strategy for implementing the "binding corporate rules" developed by the Working Group on Article 29 of the European Union.  This  enabled the client to transfer personal data across the borders of different European countries, in compliance with the EU's legal requirements.
  • Represented the Commissioner of Official Languages before the Supreme Court of Canada in the Lavigne case in which the court had to reconcile the obligations of the Commissioner with respect to confidentiality with the disclosure requirements of the Privacy Act.
  • Represented  the Canadian Security Intelligence Service before the Supreme Court of Canada in the Ruby case with respect to the interpretation and application of the Privacy Act.
  • Provided training to the team of the Privacy Commissioner of Canada, in Ottawa, focusing on privacy issues connected with location-based services, and on the challenges relating to the concept of "personal information" in the light of new Internet technologies.

Key Contacts

Stay Up to Date

Subscribe to receive our insights and perspectives on the latest legal developments that will affect you.