Organizations have more data at their disposal than ever before. Generally, this is a good thing: data can help inform organizations’ strategic and operational decision-making. Increasingly, though, data is also a business risk. Organizations face increasingly complex laws governing the collection, storage, use and disclosure of information. Data breaches can also expose organizations to significant operational and reputational harm. To properly manage these risks, organizations must understand their legal obligations and adopt effective policies and information management practices.
WeirFoulds proudly serves organizations such as public institutions, universities (and other educational institutions), and healthcare providers (including hospitals, regulatory bodies, and their respective stakeholders), providing advice on the impact of the Personal Information Protection and Electronic Documents Act (PIPEDA), Municipal Freedom of Information and Protection of Privacy Act, Freedom of Information and Protection of Privacy Act, and the Personal Health Information Protection Act.
We also assist in the development of information management systems, privacy policies and codes, and provide advice relating to access to information requests, prepare submissions to regulators, and represent organizations that face legal challenges in the wake of a data breach.
Meet our lawyers and professionals in this area
Lisa Danay Wallace
James G. Kosa
Areas of Expertise
- Access to Information requests
- Best practices
- Bring Your Own Device (BYOD) advice
- Data breaches
- Due diligence
- Information governance
- Privacy and security policies
- Regulatory submissions
- Acted for the LCBO in a series of judicial review applications, appeals and reconsiderations of the Information and Privacy Commissioner of Ontario (IPC) decisions relating to the ability of the LCBO to collect personal information regarding wine club members placing orders (through clubs) with the LCBO. WeirFoulds was successful (on judicial review and in resisting a motion for leave to appeal) in quashing (on procedural fairness grounds) the IPC’s Order requiring the LCBO to cease collecting and to destroy the personal information in question. The IPC’s subsequent reconsideration decision was upheld on judicial review, and we have been acting for the LCBO in liaising with the IPC to agree upon the steps to be taken by the LCBO to implement the IPC’s order.
- Acted on the leading case in Canada on electronic discovery. Air Canada v. WestJet Airlines Ltd.(2006), 267 D.L.R. (4th) 483 (Ont. S.C.J.).
- Advising on access requests on an ongoing basis. Representing a client in adjudication before the Information and Privacy Commissioner of access appeal involving confidential third party information and mediation involving access to compensation information.
- Provided a legal opinion to an international entity regarding the scope of CASL to its operations including whether certain electronic communications constitute “commercial electronic messages”.