privacy
Privacy Laws Are Your Business
Privacy law in Canada continues to evolve in its complexity and impact on business activities. Since 2004, federal privacy law in the form of the Personal Information Protection and Electronic Documents Act ("PIPEDA"), the British Columbia and Alberta Personal Information Protection Acts ("PIPA") and Quebec's privacy law apply to virtually all companies in Canada. McMillan's Privacy Law Group can help your organization examine the impact of these laws on your business and implement measures to ensure compliance.
Applying our expertise in information technology, business, labour and employment and financial services law, our Privacy Law Group helps businesses comply with privacy laws by assisting senior management and boards in understanding the impact of the laws, in determining the best qualifications for a privacy officer for their business and in developing that person's role in the organization. We assist in drafting corporate privacy policies and in reviewing consent provisions, information collection procedures, and privacy agreements for suppliers and third parties. McMillan's Privacy Law Group assists and advises organizations on issues including:
- understanding the requirements of privacy laws;
- designing thorough audits of current information practices;
- assessing compliance requirements;
- defining a corporate privacy strategy;
- preparing and adopting practices and procedures that ensure corporate compliance at every level;
- developing corporate and employee privacy polices as well as function-specific documents such as Internet privacy policies;
- creating procedures and systems to manage access to information;
- advising in cases of privacy or security breaches;
- assisting in developing records retention policies; and
- responding to a regulatory review of your privacy procedures.
Our Experience and Expertise
Our Privacy Group lawyers help clients understand privacy laws, adopt effective procedures and manage privacy issues advantageously. With over 20 practitioners in the Group and representation across Canada, we have the depth of resources and talent to help you develop privacy strategies regardless of the size or complexity of your business.
In conjunction with our Employment and Labour Relations Group, we have developed policies and procedures to assist employers in addressing employee privacy, a particular area of concern. In addition, together with Ethidex, McMillan has developed the Compliance Office™, a technology-based model for privacy compliance systems for insurance companies, for whom the collection, retention, and maintenance of often sensitive personal information is an essential function.
Our Privacy Law Group has the knowledge and experience to help organizations in such varied industries as retail, insurance, health and the automotive sector to manage privacy law issues effectively.
Consumer Privacy
Members of our group help marketers avoid infringement of consumers' privacy expectations and comply with the new private sector privacy laws. Our lawyers are leaders in advising all types of businesses on compliance with the federal Personal Information Protection and Electronic Documents Act, as well as provincial privacy regulations, as these laws affect customer information, medical records and employee privacy. These laws restrict the ways in which companies may collect, use and disclose personal information. We have helped to develop privacy policies, codes and disclosure statements for many of our clients. These procedures serve to document the ways that companies inform and obtain the consent of their customers whose personal information they gather in transactions and in connection with marketing or customer care activities.
Internet Privacy Issues
McMillan guides clients in even the most specialized aspects of privacy policy, including disclosure and consent requirements for data collection on the Internet and through social media. We develop Internet and social media privacy policies, create procedures and systems to manage access and data security, advise on data retention and use, and draft comprehensive but understandable explanation of policies. We also advise multinational firms doing business in Canada, and Canadian businesses operating abroad, on coordinating their domestic privacy policies with statutory or industry codes in other jurisdictions.
Employee Privacy
McMillan has the knowledge and experience to help companies comply with all employment-related aspects of the federal and provincial privacy laws. We have assisted companies in such varied industries as retail, financial services and the automotive sector with adopting effective employee privacy policies. Our services include:
- Defining a corporate privacy strategy;
- Preparing and adopting practices and procedures that ensure compliance at all level;
- Creating policies, procedures and systems to manage information access;
- Responding to regulatory reviews of privacy procedures; and
- Helping multinational firms doing business in Canada coordinate their internal and domestic privacy policies with Canadian statutory requirements.
We also represent individual employees to ensure their rights to access personal information held by employers, to make certain that it is used only for the purposes for which it was collected, and to challenge and correct inaccuracies.
Health Sector Privacy Laws
The Personal Health Information Protection Act, 2004 (Ontario) and health sector privacy laws in other provinces have a significant impact on the way personal information is handled in the health care sector. It is imperative for any "health information custodian" (a defined term) and any other organization that receives personal health information from a custodian to be fully aware of its obligations under these laws.
McMillan's Privacy Law Group works closely with clients to ensure compliance with health sector privacy requirements by gaining a full understanding of our client's activities and goals. We provide comprehensive legal services in all aspects of health privacy law including privacy policies and toolkits, security compliance, permitted disclosures and breach notification.
McMillan's privacy lawyers advise clients in connection with evolving electronic health networks including contractual frameworks (data sharing agreements), security and privacy protection issues.
Publications / Presentations
|