Cybersecurity

Overview

Read our white paper on what to do before, during and after a cyber incident

Complete our analysis questionnaire on cybersecurity needs.

Now more than ever, companies of all sizes and in every field must pay particular attention to the issue of cybersecurity.

The rise in cyberattacks and costs associated with data leaks is well documented. Indeed, the mobility of information in a telecommuting context, the use of cloud storage, process automation and the increased connectivity of organizational systems increase organizations’ vulnerability to cyberattacks. Data leaks can adversely affect not only an organization’s reputation with the public, but also the management and continuity of its day-to-day business.

In addition, legislative and regulatory requirements for public and private sector companies that hold personal data and information are also being enhanced, as evidenced, in particular, by the National Assembly of Québec’s very recent adoption of Bill 64 in the wake of high-profile security incidents.

Our expertise

Our service offer covers all aspects of cybersecurity, including identifying risks, understanding the issues at stake, implementing best practices in cyber vigilance and providing support should a company be sued following a breach of confidentiality.

Lavery’s team has extensive experience and expertise, particularly in crisis management with respect to:

  • Protection of personal and other sensitive data
  • Information technology
  • Technology governance
  • IT risk management
  • Disputes (including class actions)
  • Labour and employment law

Our team keeps abreast of legislative changes regarding personal information, an area currently undergoing rapid change. It also has an understanding of cutting-edge technology, including the Internet of Things, artificial intelligence and quantum computing, all of which will drastically affect cybersecurity practices in the coming years.

Service offer to private and public institutions

As we know that legal matters represent only a fraction of the issues that need to be addressed with respect to an organization’s cyber vigilance, our service offer includes legal services geared towards IT security management and non-legal services that combine a range of prevention and response measures to provide an effective and operational solution based on four criteria:

  • Strategy and transformation: Developing strategies and programs that focus on business needs and risks and support growth and resilience by making cybersecurity and privacy a company-wide priority.
  • Incident and threat management: Preparing for, identifying, responding to, investigating and handling threats with confidence.
  • Consumer privacy and protection: Designing, implementing and running a privacy program that enables your organization to maximize the use of data in accordance with the law, while building consumer trust.
  • Implementation and operations: Designing, implementing, running and improving the use of cybersecurity technologies and continuously monitoring your environment to detect and contain threats to your business.

Service offer to SMEs

Our firm has developed a cybersecurity service offer to, in particular, analyze companies’ needs in this area and identify possible flaws that require their attention.

As a first step, your organization must complete a cybersecurity needs analysis questionnaire.

Once the questionnaire is completed, we are able to establish a diagnosis, propose solutions and an action plan to remedy problematic aspects and guide you in implementing our recommendations on the following:

  • Cybersecurity governance: A sound decision-making process is important for any business when it comes to cybersecurity.
  • Processes related to employees, suppliers and subcontractors: A business’ decisions and policies respecting cybersecurity must be properly communicated not only within the organization, but also with all stakeholders.
  • Protection of personal information and data, and Canada’s anti-spam legislation: If your organization collects data or personal information as part of its operations, it must do so in accordance with the law.
  • Technical and technological component to increase cybersecurity: Legal and strategic advice associated with implementing the action plan following our cybersecurity needs analysis.

Representative mandates

  • Advised one of the largest professional orders in Quebec regarding a major computer security breach affecting its employees and members.
  • Advised a major Canadian chemical company on the theft of its employees’ and customers’ personal data.
  • Advised a Canadian tax and financial planning association following a cyberattack on its IT service provider.
  • Advised and provided a legal opinion to one of the most prominent public organizations in Quebec on the appropriateness and content of an incident report resulting from a breach of confidentiality following a cyberattack.
  • Advised a multinational tobacco company on the measures to be implemented in the event of a computer security breach and reviewed its policies, guidelines and response plans in this regard.
  • Provided training to executives of a multinational cybersecurity insurance organization.
  • Provided training to a major accounting and tax firm on cybersecurity and privacy.
  • Advised a Crown corporation on applying the General Data Protection Regulation (GDPR) and created a matrix to identify cases where this European legal framework, which includes rules on IT security breaches, should be applied.
  • Participated in data protection IT audits for various companies as part of a partnership with an international consulting firm.
  • Advised a Canadian vehicle parts company that was held to ransom following an unwarranted intrusion into its databases containing all of the technical drawings of its American and European vehicle manufacturer clients.
  • Reviewed the physical and software security rules of two major Canadian financial institutions’ IT and telecommunications systems and negotiated and drafted the physical and software security obligations incumbent on the service provider to which the operation of these systems was outsourced in order to ensure adequate contractual protection for the financial institutions against any breach of confidentiality of personal and other sensitive data entrusted to the service provider.
  • Assisted a European law firm with a major employee and supplier data breach involving a multinational electronics company and its subsidiaries in several jurisdictions around the world.
  • Advised a publicly traded company in the implementation of IT governance and security measures for the sharing of trade secrets between its various sites in Canada, the United States and Europe.
  • Represented a European company that was the victim of a cyber incident to claim damages from those responsible for the incident located in Canada.
  1. Lavery represents ImmunoPrecise Antibodies as it acquires BioStrand

    On March 29, 2022, ImmunoPrecise Antibodies Ltd (IPA) announced that it acquired BioStrand BV, BioKey BV, and BioClue BV (together, “BioStrand”), a group of Belgian entities pioneers in the field of bioinformatics and biotechnology. With this €20 million acquisition, IPA will be able to leverage BioStrand’s revolutionary AI-powered methodology to accelerate the development of therapeutic antibody solutions. In addition to creating synergies with its subsidiaries, IPA expects to develop new markets with this revolutionary technology and strengthen its position as a world leader in biotherapeutics. Lavery was privileged to support IPA in this cross-border transaction by providing specialized expertise in cybersecurity, intellectual property, securities and mergers and acquisitions. The Lavery team was led by Selena Lu (transactional) and included Eric Lavallée (technology and intellectual property), Serge Shahinian (intellectual property), Sébastien Vézina (securities), Catherine Méthot (transactional), Jean-Paul Timothée (securities and transactional), Siddhartha Borissov-Beausoleil (transactional), Mylène Vallières (securities) and Marie-Claude Côté (securities). ImmunoPrecise Antibodies Ltd. is a biotherapeutic, innovation-powered company that supports its business partners in their quest to discover and develop novel antibodies against a broad range of target classes and diseases.

    Read more