A proliferation of cyberattacks against individuals, governments, and businesses (particularly over the past decade) has elevated data breach prevention, response, and remediation to the forefront of our global digital economy. Safeguarding personal and sensitive business data and thwarting increasingly sophisticated cybersecurity threats are critical for preserving and enhancing the value of technological assets and maintaining a sustainable competitive advantage in the market.

By leveraging Dickinson Wright’s Canada/U.S. seamless cross-border platform, we provide our clients with legal advice on everything from regulatory compliance to technology related M&A transactions. Our cross-disciplinary offering is built around the following core areas of expertise.

Data Privacy Laws

Virtually every business with operations in Canada or the United States is now subject to some form of law regulating how personal information is collected, stored, and used. More likely than not, multiple sets of privacy laws apply to most businesses. Some of these laws will have wide applicability, while others may be industry specific. With such a mosaic of privacy laws, effective and efficient compliance requires expert advice.

Our dedicated team of data privacy and cybersecurity lawyers provide timely, full-spectrum advice to help our clients identify, address and respond to evolving statutory, regulatory compliance, contractual and best-practice information privacy obligations. We take a proactive, risk-prevention oriented approach to meeting our clients’ unique data security needs so that more of our clients’ resources can be devoted to achieving their strategic goals.

We have assisted clients in conducting technical system audits, drafting and reviewing end user agreements, updating company and employee policy documents, advising on franchise-specific issues, understanding cyberinsurance policies, and other matters. When it comes to data privacy laws, we offer a range of services.

Cybercrime Investigation and Remediation

Cybercrime has been on the rise for a number of years now. While much of the attention deservedly falls on the innocent victims whose personal information has been compromised, the impact of cybercrime on the business must also be considered. For a business the loss of customer information may be just the beginning.

Our lawyers have the experience necessary to advise businesses through the aftermath of a cyberattack including compliance with mandatory breach reporting and record keeping requirements prescribed by relevant legislation, as well as representing clients facing threatened litigation and settling claims or negotiating reduced penalties and fines.


Due to the sensitive nature of one’s personal health information, it is common for governments to enact additional, more stringent laws that apply specifically to health care practitioners and service providers. The United States has the Health Insurance Portability and Accountability Act (HIPAA). While Canada does not currently have any healthcare privacy laws at the federal level, most provinces have to date passed their own form of equivalent legislation.

Our knowledgeable and experienced lawyers can navigate through even the most complex web of issues posed by healthcare privacy legislation and deliver effective and practical advice.


Privacy laws aren’t just for the benefit of customers and end users. Almost every business will at some point have to collect personal information from its own employees and all of the information collected is subject to the same protection against unlawful disclosure or misuse. For large companies that may have hundreds or even thousands of employees, keeping employee information secure can pose special challenges.

Dickinson Wright works with businesses of all sizes to assist with their legal needs when it comes to compliance requirements with respect to employee information and data.

Government and Regulatory Investigations

When a significant data breach occurs or other related corporate misconduct comes to light, the usual response is for the relevant governmental agency to open an investigation and, if the situation warrants, assess a penalty or fine against the company. In Canada, investigation into violations of federal privacy laws are handled by the office of the Privacy Commissioner of Canada.

Governmental investigations of privacy law violations are procedurally as well as substantively very different from conventional lawsuits and other allegations that businesses occasionally face. Dickinson Wright lawyers are well equipped to deliver a positive result to any business facing investigation.


Prevention may be the best way to resolve a dispute, but inevitably some disputes will end up in court for various reasons. Whatever the claim, our seasoned team of litigators can rigorously represent our clients’ interests – whether against individual or class action lawsuits or enforcing obligations or indemnification provisions – so that they can meet their legal and business goals in an efficient and straightforward manner.

Corporate Structure

Effective use of corporate structuring is a proven approach to mitigating risk and liability within an organization and the cybersecurity world is no different. Our corporate lawyers have years of experience in structuring businesses in way that protects from potential exposure and ensures that a business’ valuable assets are insulated.