Privacy and information management has rapidly become a significant legal issue for many organizations. Loss of reputation, the threat of regulatory enforcement, and litigation risk are causing even the best managed organizations to re-examine their approach to information governance. Heenan Blaikie has a leading Privacy and Information Management team that regularly advises clients on a broad range of privacy and information governance issues. Our skills enable clients to navigate privacy and data protection laws and standards while maintaining business flexibility and stakeholder trust.
Who We Are
Heenan Blaikie has a national team of Privacy and Information Management practitioners with extensive subject matter expertise in various areas, including:
- federal and provincial privacy legislation in the private, health and public sectors
- access to information legislation
- social and new media
- banking and financial services
- records management and retention, including electronic health records
- outsourcing and marketing initiatives
- regulatory investigations
- health privacy
- workplace privacy
In addition, our lawyers work closely with our firm’s AccessPrivacyHB privacy and information management consulting team. Together, we have an unparalleled level of hands-on experience that allows us to provide timely, practical and cost-effective business solutions.
Services Overview
Our Privacy and Information Management law team provides advice to clients concerning:
- Compliance with all Canadian federal and provincial privacy and information management laws in the private, health and public sectors
- Anti-spam legislation compliance
- Compliance with all international data protection laws, including U.S. federal, state and sectoral privacy and information management laws and the EU Data Protection and Telecommunications Privacy Directives
- Enterprise-wide privacy and information governance compliance monitoring and audit programs
- Security breach management and incident response, including individual and regulatory notification
- Representation of clients in investigations conducted by privacy regulatory authorities
- Management of consumer privacy concerns
- Management of individual requests for access to or correction of personal information
- Development and performance of comprehensive Privacy Impact Assessments (PIAs) and privacy and information management risk assessments, including preparation of data flow maps
- Development and implementation of privacy and data use and protection policies and procedures that comply with applicable laws and maintain business flexibility, and public and business partner trust
- Development and implementation of policies and procedures necessary to meet Payment Card Industry (PCI) standards
- Development and implementation of data classification and records management programs
- Development and negotiation of outsourcing and other service provider contractual arrangements involving personal information, including transborder data flows
- Privacy matters arising from mergers and acquisitions
- Privacy matters related to marketing and advertising programs and campaigns, including the National Do Not Call List (DNCL), anti-spam requirements, and marketing to children
- Training and awareness programs
In addition, the Access to Information team:
- advises clients on compliance with all Canadian federal and provincial access to information legislation
- helps clients process and respond to access requests
- represents clients in matters before federal and provincial regulators as well as before the courts in judicial reviews
- provides access to information and privacy training and awareness programs
- advises clients on access to information compliance
The lawyers in the Privacy and Information Management and Access to Information law teams represent a diverse group of clients, including Canadian and multinational corporations, public and broader public sector entities, regulatory authorities and not-for-profit organizations, in numerous industries and fields:
- Banking and financial services, including insurance
- Business process outsourcing and vendor management
- Education, including universities, colleges and school boards
- Entertainment and media
- Government, including federal, provincial, municipal and any related agencies
- Healthcare, including hospitals, health boards, healthcare service providers and researchers
- Police services
- Retail and consumer products
- Telecommunications
- Transportation, including transit commissions
- Utilities
- Entities that do business with any of the above
In April 2007, the firm launched its electronic guide to Ontario’s public sector access and privacy legislation. The guide, AccessPrivacy.ca, is an innovative tool designed to assist institutions and the public to understand legal developments in these areas. The electronic guide has been expanded to include federal access to information law matters.