Canadian Lawyer InHouse

June/July 2020

Legal news and trends for Canadian in-house counsel and c-suite executives

Issue link:

Contents of this Issue


Page 28 of 35 27 governance built into enterprise risk manage- ment within organizations. "From my standpoint, in-house counsel are the quarterback of everything related to cyber, privacy and data governance," says Ahmad. "A lot of people turn to in-house counsel as the best risk management advisor within the organization because they can balance legal and business in a meaningful way." Ahmad advises in-house counsel to take an inventory of data by creating a detailed data map of the information they hold. "What information do you hold? Where do you hold it and how is it held? Is it corporate data or trade secrets? Is it on the premises in a server or on a cloud? Is it encrypted or not?" he asks. Such an inventory allows organiza- tions to take stock of the data they hold and to remove old legacy systems and data sets that are no longer needed as a good way to "As a fully digital business, one of our top priorities is to make sure we protect the company from external and internal breaches," says Alice Davidson, vice president and general counsel at Mogo. "We designed our systems in such a way that people have the ability to work remotely and still be under the protective shield of our IT security system. The risk is certainly greater, but, as an organiza- tion, we were well prepared for that." While many employees were already accustomed to remote work, Mogo transi- tioned to a fully remote workforce at the start of the pandemic, which involved moving desk-top computers home for call-centre staff. Some employees have been permitted to use their own personal computers at home, which has not been a security concern, Davidson says. "They are remotely connecting to the Mogo environment, so there is no way they can transfer data to personal computers or vice verse," she says. Additional security training on the protection of data was implemented, and confidentiality agreements were required for some staff. Imran Ahmad, a partner at Blake Cassels & Graydon LLP, has seen a global move toward an increase in privacy, data protection and governance. He notes a general awareness to have more privacy data protection and data reduce the digital footprint and, therefore, lower the risk level. If there is a cybersecurity breach, lawyers advise retaining outside counsel expertise. "It is not just about responding but ensuring that all boxes are ticked along the way," says Leslie. "Legal privilege issues arise and the need to protect information is born out of this situation." When a data breach involves client data, in-house counsel must be able to demonstrate that they took all reasonable steps to prevent such an attack. Referring to Sierra Systems, Piasentin says: "We do work for many health authorities, so if there was a breach and personal information was disclosed and we did not have the proper security in place, we would be in trouble; so, it's important that we can demonstrate that we took all necessary security measures and it was beyond our capability to prevent." "We are making sure people are aware of vulnerabilities and they know the steps they need to take to prevent Zoom bombs and additional security breaches that could hurt us or our clients." Robert Piasentin, Sierra Systems

Articles in this issue

Links on this page

Archives of this issue

view archives of Canadian Lawyer InHouse - June/July 2020