Mandates

  • Advised various multinational technology companies, Canadian Big Five banks and global pharmaceuticals on compliance issues arising from Canadian privacy law reforms, including Quebec’s Bill 64/Law 25 and the federal government’s proposed privacy reform bill, Bill C-27 and its impact on certain technological products including guidance on how to comply with new privacy by default and by design requirements.
  • Advised an American multinational technology company focusing on e-commerce, cloud computing, online advertising, digital streaming, and artificial intelligence in the conduct and drafting of privacy impact assessments and privacy policies and procedures for projects involving AI-enabled surveillance devices and biometric systems.
  • Retained by a multinational pharmaceutical company to provide advice and assistance on a variety of privacy matters, including: updating global, internal privacy policies and procedures to comply with Canadian privacy law reforms, including Quebec’s Bill 64/Law 25; advising on compliance issues arising from the collection and processing of personal information in connection with the client’s various business activities, such as patient support programs and digital marketing initiatives; and facilitating cross-border data transfers between Canada, the United States and the European Union in compliance with Canadian and foreign privacy laws.
  • Retained by Canada’s central bank to advise on the creation and implementation of a blockchain-based Canadian Central Bank Digital Currency (CBDC), which included advising on the legal and regulatory framework governing CBDC and providing legal guidance on the privacy implications for end-users and the applicable privacy framework for the client and other CBDC stakeholders, providing guidance on Canadian and foreign privacy laws, such as the CCPA/CPRA and EU/UK GDPR, and assisting the client in implementing privacy by default and by design principles.
  • Assisted an American multinational technology company to support its launch of new product features or services, such as enhanced search capabilities on its e-commerce website, real-time package delivery tracking, and personalized features on its digital streaming service.
  • Assisted a Canadian chain home improvement retailer in relation to an investigation from the Office of the Privacy Commission of Canada pertaining to its use of offline conversion tools.
  • Retained by multinational technology company and Canadian Big Five banks to advise on the collection and use of employee et client personal information through novel technologies for internal investigative purposes.
  • Retained by a Crown corporation and a Confederation of National Trade Union’s development fund for cooperation and employment to provide training on privacy and cyber risks to the corporate board members.
  • Retained by a Canadian Big Five bank to conduct a comprehensive review of its privacy and data protection compliance strategy in response to recent privacy law reforms in Canada, including providing guidance on various privacy-related issues such as biometrics and regulatory reporting, consent management, breach reporting and record-keeping, and outsourcing and cross-border transfers to improve compliance with federal and provincial privacy laws.
  • Advised an American multinational technology company with regards to an investigation by the Quebec privacy regulator to determine whether there is a right to be forgotten in Quebec.
  • Provided privacy training to Canadian Big Five bank legal and privacy department employees on conducting privacy impact assessments and navigating Quebec’s privacy reforms to enable employees to effectively identify and mitigate privacy risks arising from the bank’s data processing activities and to familiarize them with new legal and regulatory developments.
  • Drafted a privacy impact assessment for a multinational technology and e-commerce company pertaining to an illicit motion monitoring program involving the use of novel technologies designed to enhance the security of safety-critical areas within its data centres.
  • Assisted a large Canadian digital retailer with the conduct of a privacy risk assessment for innovative study that sought to collect employee personal information to better understand and predict burnout and fatigue in the workplace.
  • Advised an American multinational technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics with regards to a privacy class action in Quebec alleging mishandling of user data and breach of user privacy in connection with various products and services, such as online browsers, analytics and digital ads, included providing strategic legal advice, defending the company’s position in court, and advocating for its interests.
  • Retained by a business association representing over 60 domestic and international banks operating in Canada to advise its members on the recent reforms to Quebec’s privacy laws, with a particular focus on notice and consent requirements and their impact on various banking channels, including digital, in-person and telephone services.
  • Assisted an American multinational company serving the combined industries of health information technology and clinical research, including assisting the business with the implementation of innovative data processing initiatives involving predictive data analytics in the health care and pharmaceutical care sectors, negotiating an authorization to receive health data for research purposes with Quebec’s privacy regulator and preparing a submission to the Quebec government regarding a bill to enact a new health privacy law in the province (Bill 3).
  • Retained by a multinational pharmaceutical company to conduct virtual and in-person training sessions for the client’s legal and marketing teams on Canadian privacy law reforms and their impact on the client’s business activities.
  • Assisted Canada’s largest railway operator and one of the largest in North America, to manage two large-scale access to personal information requests which required an e-discovery process, providing its response to critical security incidents and data breaches, reviewing its privacy policies and procedures for compliance with the new GDPR-inspired requirements introduced by Bill 64 in Quebec (e.g. privacy impact assessments, Privacy by Design and by Default, tracking and profiling technologies, automated decision-making, cross-border transfers, etc.) and advising on the responsible use of biometric technologies in its terminals and workplaces.
  • Retained by Canadian entertainment centre chain to provide breach response advice, where a breach in its service provider security led to the compromise of clients’ data and loyalty rewards.
  • Advised a consumer credit company in the response to a global security breach, including providing assistance relating to privacy regulators’ investigation.
  • Conducted global compliance assessments and implementation programs for Fortune 300 clients in the technology, media, financial services.
  • Assisted a Fortune 300 in the management of a large security incident involving ransomware.
  • Developed a framework for SOQUIJ to manage privacy risks when developing new solutions and products relying on Artificial Intelligence (referenced in the recent 2018 Quebec AI Committee report).
  • Conducted a comprehensive review of the client data privacy and security practices for one of Canada’s largest retailers.
  • Provided a legal opinion for a Fortune 300 financial institution business practice involving big data analytics and the development of consumer scores.

This content has been updated on March 28, 2023 at 13 h 07 min.