People

Services

Industries

Firm

About

Knowledge

Careers

News

Events

Contact

Connect

Privacy Policy

Disclaimer

Terms of Use

Accessibility

Legal

Calgary

Edmonton

Montréal

Ottawa

Toronto

Vancouver

New York

in the sale of its entire Canadian fossil fuel-based electricity generation portfolio for approximately $835 million

A large financial institution, addressing a cyberattack

Numerous clients with litigation risks arising from cyberattacks

Numerous clients with review and drafting of existing policies (IT, Privacy, CASL)

Select Experience

All Industries

Energy

Food & Agribusiness

Infrastructure

Mining

Private Equity & Investment Funds

Property Development & Real Estate

Bennett Jones lawyers recognized globally for data information technology

Recognition

Recognized as ecommerce law firm of the year - Canada

Ruth E. Promislow

 Data Security and Privacy, Commercial Litigation Lawyer at Bennett Jones Toronto

Partner

Caroline Poirier

Information Technology, Privacy and Data Protection Lawyer at Bennett Jones Montreal

Suzie Suliman

Commercial Transactions Lawyer at Bennett Jones Toronto

Associate, Trademark Agent

The Office of the Privacy Commissioner of Canada (OPC) issued its findings on August 27, 2025 in connection with an investigation regarding the issue of whether individuals have the right to have information about them de-listed from search engine results.  The OPC found that in limited circumstances, there is such a right where the search results are likely to cause significant harm to an individual, such as a risk of harm to a person's safety or dignity, that outweigh any public interest in that information remaining accessible when searching the individual's name.

Right to Have Your Information De-Listed

Right to Have Your Information De-Listed? The Federal Privacy Commissioner Issues Decision

Leah Tolton KC, FEA

Corporate Commercial Lawyer at Bennett Jones Edmonton

In an era where digital threats are more sophisticated than ever, cybersecurity has become a pressing concern for family enterprises. These businesses are attractive targets for cyberattacks and need to balance the critical goals of protecting themselves while maintaining operational efficiency.

Q and A on Cybersecurity and Family Enterprises How to Navigate the Digital Frontier

Q&A on Cybersecurity and Family Enterprises: How to Navigate the Digital Frontier

Emma Arnold-Fyfe

Commercial Litigation Lawyer at Bennett Jones Vancouver

Associate

When we are retained by clients to guide them through a cyber-attack in which information has been stolen by a threat actor, we almost always find that the client has unnecessarily stored sensitive information far beyond the period for which it required that data. There are two key problems with this approach (or lack thereof) to data retention: (1) in the face of a cyber-attack where criminals steal your information, the organization is incurring unnecessary liability by retaining information it does not need, and (2) when it comes to personal information, retention beyond the required period can itself give rise to regulatory investigation and penalties, and to litigation claims.

Data Spring Cleaning Minimize Your Liability

Data Spring Cleaning: Minimize Your Liability

Businesses are increasingly defrauded through common scams known as business email compromise scams (BEC scams) for which they do not have insurance to cover the resulting losses. Fortunately, there are easy-to-implement strategies to minimize the risk of falling victim to this fraud before it’s too late.

Dont Be the Next Victim of a BEC Scam

Don't Be the Next Victim of a BEC Scam

Asking the right questions within your organization is key to effectively managing cyber risk. Here are 10 questions that you should ask your team.

10 Key Questions to Guide Cyber Risk Management

J. Sébastien A. Gittens

Intellectual Property and Technology Commercialization Lawyer at Bennett Jones Calgary

Partner, Trademark Agent

Stephen D. Burns

Technology Lawyer, Intellectual Property Lawyer at Bennett Jones Calgary

David Wainer

Commercial Transactions Lawyer at Bennett Jones Calgary

On May 31, 2025, the Alberta Security Management for Critical Infrastructure Regulation (the Regulation) will come into force and is expected to alter existing security requirements for critical resource infrastructure in Alberta. Notably, critical infrastructure facilities identified as such by the Alberta Energy Regulator will be obligated to comply with CSA Z246.1: Security Management for Petroleum and Natural Gas Industry Systems published by the Canadian Standards Association, as may be amended or replaced from time to time (the CSA Standard).

New Information Technology Security Requirements for Critical Infrastructure Facilities in Alberta

Data Governance Protection and Cybersecurity

Overview

Strategic Risk Management

Thorough and Organized Incident Response

Vigorous Advocacy and Defence

Key Contacts


Bennett Jones Data Governance Protection and Cybersecurity We help clients protect data, manage cyber risks and respond to incidents with legal strategies that safeguard business and ensure compliance. Key Contacts Ruth E. PromislowPartner Overview Cybersecurity attacks have become an inevitable business risk for companies, large and small. Companies must now develop, and continually update, plans to protect personal data, design an incident response plan should it be attacked, and address the scope of litigation risks and regulatory obligations upon an incident. As part of our ongoing cybersecurity efforts to ensure safe and reliable service to our clients, we recently became ISO 27001 certified. The work undertaken to achieve and retain this certification gives us unique insight into clients� challenges in minimizing exposure and maintaining compliance in this increasingly complex and threatening area. Clients work with us for our practical approach to addressing cybersecurity: Strategic Risk Management Cybersecurity preparedness including implementing data protection plans meant to reduce reputational, business continuity and regulatory risk. Guidance for boards of directors and senior management on data protection obligations. Development of data breach policies, playbooks and scenario plans. M&A due diligence involving data protection, privacy and security. Review of data protection insurance coverage. Health information privacy, including security policies and governance. Thorough and Organized Incident Response Executing efficient response plans, either as managers or supporting team members. Data breach investigation, including addressing employee misconduct. Liaison with regulatory, law enforcement authorities and Privacy Commissioners. Seamless coordination with public/government relations service providers. Vigorous Advocacy and Defence Defending against litigation or class action proceedings relating to data breach or privacy incidents. Defending against regulatory proceedings and negotiating with regulatory agencies. Key Contacts Ruth E. Promislow, Partner Toronto • 416.777.4688 • promislowr@bennettjones.com