News of data privacy breaches are becoming more common these days. Since many businesses have become dependent on electronically stored data, there’s also an increased risk of becoming liable when senstive data and personal information are illegally exposed. When these things happen, privacy breach lawyers are there to guide businesses in protecting themselves and acting promptly.
What is a privacy breach lawyer in Canada?
Privacy breach lawyers are legal professionals who are knowledgeable on Canadian privacy laws and can assist clients with anything under these laws. They’re also called cybersecurity lawyers, because they can assist not just in reactive circumstances, but also to protect your business from any future cyberattacks.
With a lot of laws that Canada has when it comes to data protection, it’s impossible to know all about them, while at the same time running a business or organization. Through the help of a privacy breach lawyer, an entity can soundly comply with these data protection laws. They can also assist entities when breaches do happen, such as by knowing what course of legal remedies to take.
Privacy breaches
Watch this video to learn what businesses should do in cases of privacy breaches, for which a privacy breach lawyer can be of help:
If you need help from a lawyer in protecting your business from privacy breaches, you can reach out to the best data privacy lawyers in Canada as ranked by Lexpert. This directory can also be altered according to province and city.
Cyberattacks and ransomwares as forms of privacy breach
“Canada is no different from the rest of the world when it comes to breaches, particularly cyberattacks,” says Jennifer Davidson, a partner at Deeth Williams Wall LLP.
Because many essential vendors that Canadian organizations use are international in scope, she adds, they’re just as susceptible to the larger vendor-based breaches that affect organizations across the globe.
“Last year, we saw the MOVEit breach affect well over 1,000 companies internationally, 152 of which were Canadian entities, including Canada Post, the Government of Nova Scotia and ScotiaTrust.”
Canadian organizations are also affected by directed hits from ransomware gangs seizing the opportunity for a payday, Davidson says. “Canadian dollars look no different than US dollars or Euros once converted to cryptocurrency in a payout.”
She also highlights cyberattacks against different organizations, from governments to businesses, “all within the last 12 months, with no signs of slowdown.”
What laws is a privacy breach lawyer an expert of?
Currently, there are several key privacy laws in Canada, whether it’s to protect an organization against a breach or an individual’s right to privacy. These laws are also found both at the federal and provincial levels.
Here are some important federal laws governing data privacy and privacy breaches in Canada:
- Privacy Act
- Canada's anti-spam legislation (CASL)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
On the other hand, below are some examples of provincial data privacy laws:
- Ontario: Personal Health Information Protection Act (PHIPA)
- British Columbia: Personal Information Protection Act (PIPA)
Many provinces have their own versions of the Freedom of Information and Protection of Privacy Act (FIPPA). It’s worth noting that some laws only apply to health information (such as Ontario’s PHIPA) or are like the provincial version of the federal PIPEDA (such as BC’s PIPA).
With a lot of laws to consider, a privacy breach lawyer can direct an individual or a business to the specific statute/s that govern them. Whether it’s to enforce a right or for filing a complaint, identifying which law a right or remedy flows from is important.
What are the roles of privacy breach lawyers in Canada?
There are two sides which privacy breach lawyers can represent or be of service to:
- individuals who are owners of personal information
- businesses handling the information
A privacy breach lawyer can also be present, either to prepare an organization in case of a privacy breach, to remedy a situation when it occurs, or even both.
“Breach counsel performs a combination of functions within an incident response,” Davidson says. “Our role is to advise on the legal obligations associated with a rapidly developing incident response where informed decisions need to be made on a moment-by-moment basis.”
As breach counsel, she adds, they provide the legal landscape to inform decision-makers on issues including:
- forensic investigation
- communications
- regulatory compliance
- ransom negotiations
Enforce an individual’s privacy-related rights
Under Canada’s privacy laws, an individual is granted several rights, which a privacy breach lawyer can help them enforce. These rights may include:
- to have one’s prior consent (either express or implied, as allowed by law) before their personal information can be collected, used, disclosed, or stored
- for their personal information, that was collected and stored, be protected according to law by the organization handling them
- to have one’s personal information be accessed, corrected, or even erased upon the request of the one who owns them
When these rights are violated by the organization, whether a private entity or by the government, a privacy breach lawyer is the first person that these individuals must turn to.
Help a business against privacy breaches
Data protection and privacy breaches are relevant to businesses, regardless of the sector, size, and nature of operations. Here are some of the things that privacy breach lawyers can help businesses when it comes to these legal issues:
- information dissemination: these lawyers can explain the applicable privacy requirements that the law imposes on a particular business or organization, based on the data it handles in relation to these privacy laws
- policy creation and implementation: a privacy breach lawyer can help businesses craft their own policies, and guide them in its execution, from its top management down to its employees, including possible trainings for the organization
- legal compliance: lawyers can help businesses comply with the requirements set by law when dealing with data privacy; for instance, set-up procedures to satisfy the prior consent requirements under the PIPEDA, the CASL, and other provincial laws
- privacy audit: when an organization is already handling personal information and other sensitive data, lawyers can assist them with the auditing to check their compliance with privacy laws
Davidson says that, as a breach lawyer, their goal is to help an affected organization recover from a traumatic, debilitating event, with minimal downtime, while ensuring regulatory compliance in the protection of the personal information under the organization’s care.
“Given our experience, we are often tasked with ensuring that all teams are coordinated and operating at peak efficiency to investigate, remediate, and recover, without undue delay.”
Privacy breach lawyers do not only assist Canadian entities, but also foreign ones that want to conduct business in the country. Usually, there would be nuances between the foreign laws they’re used to versus the Canadian privacy laws. As such, lawyers can also help these foreign companies comply with the laws that are applicable to them.
Cases handled by privacy breach lawyers
Privacy breach lawyers can handle cases on either side of the privacy breaches. They can represent the plaintiff, who is usually the individual whose private personal information was mishandled or exposed illegally. They can also represent the respondent, which can be the organization alleged to have been negligent in the handling of personal information.
Representing a client does not only mean that a case is filed in court. It can also be for the filing of complaints before administrative and regulatory bodies. For instance, a privacy breach lawyer can assist an individual when filing a complaint before the Office of the Privacy Commissioner (OPC). Filing complaints can also be before a provincial regulatory body, as empowered by a provincial privacy law.
When would an organization need a privacy breach lawyer?
Many organizations bring on breach counsel to help prepare for a privacy breach before it happens, Davidson says.
“Organizations that have prepared for events have a smoother response and increased efficiency, reducing downtime. Proper incident preparedness is a rotating cycle of preparation activities, testing and evaluation.”
As a breach counsel, she is often brought in to help advise on these activities and train the response team.
She adds that they’re also called during an incident to guide, advise, and assist the response team in their activities — whether they have prepared in advance or not.
“There are many legal minefields that plague a response, and breach counsel helps navigate the path to avoid those dangers that can be avoided and respond to those that cannot.”
When looking for privacy breach lawyers, you can also use our directory of the Lexpert-ranked best data privacy law firms in Canada.