Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/944967
MARCH 2018 26 INHOUSE DEALING WITH GLOBAL PRIVACY DEMANDS At InfoTech Inc., provider of Wellness Checkpoint in Winnipeg, a health and pro- ductivity risk management service that allows employers to make better decisions around what to offer their employees in terms of well-being services, Mike Hicks, chief oper - ating officer and general counsel, is dealing with the demands of the company's Europe- an customers around the pending EU Gen- eral Data Protection Regulation. Founded in 1984 and launched in 1990 in Winnipeg, Wellness Checkpoint is a Soft- ware as a Service online health risk assess- ment tool for employees of large companies. It provides client companies an idea of the health footprint of its workforce so they can better design the programs they make avail- able to them. "For example, you may find you have a lot of people in your company who smoke, but you may have more of an issue with stress and depression that is hurting the business and productivity of people in the company. At a population level, the tool helps look at what are the important issues and cost drivers you are experiencing now?" explains Hicks. The company has some Canadian cus - tomers such as CIBC, CBC and Air Canada that have employees worldwide, but it also has many global companies in the EU. "Winnipeg is an interesting place to do business because, even for a Winnipeg busi - ness, the minute you have business outside Winnipeg, it's either west or east quite a dis- tance or down in the U.S., so you're almost national or international by definition when you're in Winnipeg," says Hicks. "And when you start to grow — there's no such thing as a Manitoba-only business if you're in the technology or service industry because you need to serve people outside Winnipeg be - cause it's not a big enough market here." When it was first launched, the company grew fairly quickly, including Dupont as a client, which wanted to use the service in its European operations. "One of the key differentiators is we can go Consistent with trends across North America, Olson says, Viterra has placed an emphasis on managing costs and building a largely self-sufficient legal group that de - velops expertise in-house to deliver ongo- ing value to the business. This model requires a focus on internal talent development and knowledge of the agribusiness sector, says Olson. Resource requirements both internally and exter - nally are regularly reviewed to maintain a balance between cost efficiency and appro- priate resourcing for business needs at any given time. "When warranted, we do invest in ex- ternal counsel to address resource capacity issues or when specialized legal advice is required, for example, on litigation matters and certain M & A activity. It's an inter- esting time to be in-house, as we're seeing all kinds of external legal support options developing beyond traditional full-service firms," says Olson. "We're watching closely as the innovation in legal service models develops and non-traditional options for resourcing become more mainstream." A key strategic focus for Viterra is the re - lationships with its farm customers. "Our fu- ture success depends on our ability to consis- tently provide our customers with solutions to help them achieve their goals," he says. A big part of this is working to provide technology solutions to farm customers who want online platforms for market informa - tion and grain marketing opportunities. "De- velopment of these technology solutions such as myViterra, our online customer portal, has created very interesting legal work around proactive measures related to data protec- tion, cybersecurity, cloud and cross-border storage, electronic funds transfers and e-sig- nature contracting," Olson says. Changes in the way farm customers consume market information and engage in business with Viterra has created many opportunities and challenges for legal to provide support for the business internally. Viterra maintains a legal group of three lawyers and one paralegal to serve the needs of the business. "In recent years, we have seen our role evolve to include time outside of traditional legal drafting and advising to include strategy and general advising to the business," says Olson. to a big company and say 'We can serve your people wherever they may be' and that's what took us international," says Hicks. The GDPR will and is already influencing Canadian law, says Hicks. The Canadian pri - vacy law is adapting to the new reality. "If you look at consumer expectations about how [a company] is going to treat my data — there is a lot of stuff creeping into business practice. You have to follow the current high water mark for the things you need to comply with. Canadian law is tracking that and there will need to be changes made to the Canadian law to maintain the adequacy requirement." In some respects, Hicks says, InfoTech is similar to other Winnipeg companies in that even people who live in Winnipeg haven't heard of it — Wellness Checkpoint is the product name, but InfoTech is the company. As Hicks is the solo legal professional in the organization, he uses external legal ser - vices locally and globally. "I get to do all the procurement work — our clients are pri- marily multinationals so the procurement work is interesting. I also do the privacy work. Information and privacy is a very big deal these days, particularly for Europeans, so GDPR is 'huge' for InfoTech." GDPR will come into force in May of this year, but the trickle-down effect isn't just that companies like InfoTech need to comply with it because they have Europeans using their software tool. "Pretty much every one of our clients that is a multinational is im - pacted by it, so they aren't just asking us 'Are you going to be OK?' they are testing and doing security reviews and sending people to look and confirm that we are ready." Hicks says much of what GDPR requires is coming from a privacy perspective, but how an organization delivers privacy is within the realm of information security. "It involves very detailed questionnaires and in - terviews about your infrastructure, how you keep things and so it's an awful lot of work to satisfy people about what we're doing." InfoTech was always subject to the Euro - pean Directive, which is the predecessor to GDPR, and a lot of the things it required, Our future success depends on our ability to consistently provide our customers with solutions to help them achieve their goals. EVAN OLSON, Viterra Inc.