Cybersecurity attacks have become an inevitable business risk for companies, large and small. Companies must now develop, and continually update, plans to protect personal data, design an incident response plan should it be attacked, and address the scope of litigation risks and regulatory obligations upon an incident.
As part of our ongoing cybersecurity efforts to ensure safe and reliable service to our clients, we recently became ISO 27001 certified. The work undertaken to achieve and retain this certification gives us unique insight into clients’ challenges in minimizing exposure and maintaining compliance in this increasingly complex and threatening area.
Clients work with us for our practical approach to addressing cybersecurity:
Strategic Risk Management
- Cybersecurity preparedness including implementing data protection plans meant to reduce reputational, business continuity and regulatory risk
- Guidance for boards of directors and senior management on data protection obligations
- Development of data breach policies, playbooks and scenario plans
- M&A due diligence involving data protection, privacy and security
- Review of data protection insurance coverage
- Health information privacy, including security policies and governance
Thorough and Organized Incident Response
- Executing efficient response plans, either as managers or supporting team members
- Data breach investigation, including addressing employee misconduct
- Liaison with regulatory, law enforcement authorities and Privacy Commissioners
- Seamless coordination with public/government relations service providers
Vigorous Advocacy and Defence
- Defending against litigation or class action proceedings relating to data breach or privacy incidents
- Defending against regulatory proceedings and negotiating with regulatory agencies
- Acting for a large financial institution in addressing a cyber-attack. Our lawyers participated as members of the incident response team and worked closely with the senior management of the client to identify the risks, review remedial action taken, understand the client's reporting and notification responsibilities, to engage specialized IT, forensic, public relations and other resources and to craft notifications for different classes of individuals potentially affected by the breach and to address and help mitigate potential liability associated with the incident.
- Advising numerous clients and review and drafting of existing policies (IT, Privacy, CASL)
- Advising numerous clients with respect to litigation risks arising from cyberattacks.
News & Speaking Engagements