Ongoing changes in the accumulation, storage and use of personal data – whether by government, employers, financial institutions, health care providers or the data subjects themselves – have given rise to new and more serious privacy concerns. Recent changes to privacy laws, varying standards internationally and one reported crisis after another have forced business, government and the public to seek guidance on managing the precarious balance between safeguarding personal privacy and third-party interests in acquiring and using personal information.
Bennett Jones performs groundbreaking work with governments, employers, institutions, device providers and public and private information-gatherers, advising on the far-reaching legal implications of privacy regulation, data protection and data dissemination.
Offering both compliance and enforcement advice, we can provide internal compliance procedures and policies for clients ranging from public and private industrial businesses to retail operations, Universities, charities, health regions and ISPs and other entities operating traditional and new media businesses. We train privacy officers on their rights and obligations under the law, and provide opinions and direction on specific incidents involving employees, customers, patients, Internet users, network providers and data miners whose activities involve the handling of sensitive information.
In regard to corporate transactions, we counsel purchasers on the privacy standards governing employee records, customer files and transaction lists as well as the unique due diligence issues involved when key assets of the target include important databases.
We help clients with privacy issues applicable to employee recruitment and the ongoing management of employment relationships.
In a world of cyber breaches, hacking, credit card and ATM fraud, Internet-based file sharing disputes, and acknowledged institutional surveillance of Internet and email usage, we advise on proactive data protection efforts to mitigate risk in advance of a breach or attack and counsel clients who have faced a breach or have been hacked.
We assist with all manner of computer-related privacy
and data protection matters, including electronic communications regulation
We also aid clients with the protection and enforcement of electronic-based privacy rights both domestically and internationally.
The scope of our experience is broad and includes:
- Data Protection / Privacy and Security Policies and Governance
- Health Information Privacy and Security Policies and Governance
- Data Protection / Privacy Compliance Policies and Procedures including integration with electronic communication regulation
- Review of Data Protection / Privacy and Security insurance coverage
- Guidance for boards of directors and senior management on Data Protection / Privacy and Security obligations
- Data Protection / Privacy Investigations
- Data Protection / Privacy Litigation and Regulatory Enforcement
- Liaison with regulatory, law enforcement authorities, and Privacy Commissioners
- Data Protection / Privacy and Security Assessment and Preparedness
- Data Breach Preparedness
- Data Breach Investigation and Response
- Data Breach Litigation and Regulatory Enforcement
- Defense of class action proceedings relating to data breach or privacy incidents
- Cross-Border Data Transfers and Data Protection / Privacy
- Employee Privacy considerations
- M&A Due Diligence Involving Data Protection / Privacy and Security
- Advising on the interaction of Data Protection / Privacy compliance and the regulation of commercial electronic messages
- Licensing and web-contract terms with respect of privacy / data protection, software updates, internet of things and related matters
- Martin Kratz and Steve Major recently acted for a large financial institution in addressing a cyber-attack. Both Kratz and Major participated as members of the incident response team and worked closely with the senior management of the client to identify the risks, review remedial action taken, understand the client's reporting and notification responsibilities, to engage specialized IT, forensic, public relations and other resources and to craft notifications for different classes of individuals potentially affected by the breach and to address and help mitigate potential liability associated with the incident.
- Advising numerous clients and review and drafting of existing policies (IT, Privacy, CASL)
- Advising numerous clients in the sell side of an M&A transaction on compliance with applicable mandatory privacy laws
News & Speaking Engagements