Information, Privacy and Defamation

Overview

At Lavery, we were the first major law firm to anticipate, almost 30 years ago, the cardinal importance that information was acquiring in our society. Whether it involves the right of access to governmental information, the protection of personal information, cross-border data flow, the use of information technology, respect of privacy, reputation and personal image or the right to be forgotten, our seasoned lawyers in the information and privacy sector offer you a comprehensive perspective thanks to the depth and breadth of their expertise and the broad range of services they have to offer.

Over the years, Mr. Doray, Ad.E., and his team have represented numerous public and private organizations in matters relating to the confidential nature of documents, the validity of certain governmental decisions, reputation and privacy. They act as legal counsel for many large corporations, professional orders, public organizations and media companies in important cases regarding administrative and constitutional law. Furthermore, they have represented various clients in defamation and invasion of privacy law suits.

Services

  • Legal opinions and dispute resolutions: protection of privacy and personal information in public and private sectors in general and with regards to employer-employee privacy issues in particular (protection of personal information, video-surveillance, use of information technology, collection, use and communication of personal information prior to and during employment, etc.)
  • Legal opinions and dispute resolutions: access to provincial and federal governmental information
  • Legal opinions and dispute resolutions: solicitor-client privilege and litigation privilege
  • Legal opinions and dispute resolutions: freedom of the press, defamation, right to privacy and one's personal image, and protection of information sources
  • Compliance audits and risk management
  • Operational support in case of loss or theft of personal information
  • Representation before government and legislative bodies in matters relating to access to information and privacy policies and legislation
  • Relations with provincial and federal regulatory authorities, including the Commission d'accès à l'information, the Privacy Commissioner of Canada and the Office of the Information Commissioner of Canada
  • Protection of commercial, financial, technical and industrial information supplied to governments by businesses
  • Interpretation of the rules in matters relating to telemarketing and philanthropic solicitation
  • Class action suits in matters relating to the protection of personal information and privacy
  • Structuring online national and international commercial transactions
  • Management and organizational support for businesses and public bodies to ensure their compliance with the applicable rules governing the protection of personal information, namely when designing computer systems and Internet sites
  • Protection of privacy, personal image and reputation in connection with the use of new information technologies (Internet, social media and cloud computing)
  • Archiving and transferring documents electronically
  • Application of the new Canadian anti-spam legislation
  • Application of the Lobbying Transparency and Ethics Act and of the Lobbying Act
  • Application in Canada of the European directives in regards to personal data treatment, the U.S. Helms-Burton law, the Patriot Act and the ITAR
  • Advice relating to the right to be forgotten
  1. The Legal Pitfalls of Using Human DNA and Tissue in Quebec-based Biotechnology Projects

    Biotechnology projects rely on sensitive genetic data and biological material Nowadays, innovation-driven companies involved in life sciences, research and biotechnology handle some of the most legally sensitive assets: human tissue, biological material and genetic data. Innovation models involving tissue engineering, biobanks or AI-based analytical technologies are now based on the transfer and use of biological data with high scientific and commercial value. Yet, many organizations still prioritize the scientific and operational aspects of their projects without giving sufficient consideration to the legal restrictions that arise when a project involves a person’s DNA or biological material. From a business standpoint, the risk is that an organization—whether a private company or a public institution—might develop a technology, but then be unable to market that technology because it does not hold the necessary rights to use the biological material and information involved. In Canada, and particularly in Quebec, laws that protect personal and health information have become central to such projects.1 We are no longer simply dealing with typical cybersecurity or privacy concerns. These laws directly affect how biological material is:  collected used transferred stored altered and potentially leveraged for commercial or collaborative research purposes2. Why DNA and human tissue are subject to a particular legal protection The highly sensitive nature of DNA and genetic data is no longer disputed. Canadian case law has long recognized the highly personal and private nature of this type of information.3 It also emphasizes the fact that human tissue and genetic data play a unique role in research and innovation projects because of the identification risks they carry, their scientific value, and the ethical and commercial concerns related to their use.4 This perspective is evident in section 2 of the Act respecting health and social services information5, for example, which defines health information as any information that concerns “any material taken from [a] person,” including biological material. Section 5 and following of this act set out the conditions under which such information may be used, disclosed or transferred in the context of research or collaboration involving third parties6  These obligations supplement those set forth in the Act respecting the protection of personal information in the private sector,7 which requires in particular that personal information be collected for specific and legitimate purposes, and that it be used in a manner consistent with the purposes for which it was originally collected.8 Artificial intelligence, genetic data and the risk of re-identification From a biotechnology perspective, the matter becomes particularly touchy when human tissue or genetic data, which was initially collected for clinical or scientific purposes, is then used for technology or artificial intelligence projects. In fact, many projects that utilize artificial intelligence require not only biological samples and DNA, but also phenotypic data, health information and family history information from the patients from whom the biological samples were obtained. As such, there is a real risk of data cross-referencing here that must be managed with full awareness of the potential impact on those individuals. In certain projects, combining DNA with family information could compromise the privacy of not only the individuals from whom the biological material was collected, but also their family members. This problem has already been raised in relation to genetic genealogy.9 Consent, health information and secondary uses tend to be overlooked A project that was initially intended for research purposes can quickly drift into secondary uses that extend beyond its original scope. However, consent obtained at the outset does not necessarily cover all future uses, particularly where derived data or analysis results are integrated into technology platforms or used to develop analytical tools.10 Research agreements and biological material transfer agreements constitute an essential governance mechanism Agreements have thus become the key governance mechanism. Biological material transfer agreements, collaborative research agreements and data-related provisions are no longer solely intended to protect intellectual property or commercial confidentiality. They also serve to define the processes involved in transferring biological samples, ensuring data traceability, imposing restrictions on reuse and meeting anonymization requirements.11 The rights relating to intellectual property, DNA and personal information are interconnected The interplay between biotech innovation, intellectual property and personal information protection raises complex legal issues. A genetic database or a biological model derived from it can be both a strategic business asset AND a collection of highly sensitive personal information. However, any intellectual property rights that may apply to the results, algorithms or analytical methods do not exempt organizations from the obligations set out in Quebec laws regarding the protection of personal and health information12. On the contrary, in order to market a technology, organizations must hold not only the necessary intellectual property rights but also the rights required under the legal framework governing health and personal information. The commercialization of a technology begins long before it is brought to market As organizations increasingly seek to leverage data from scientific research, issues related to the governance of human tissue, DNA and biological material should no longer be treated as a secondary consideration addressed only at the end of a project. They are becoming an integral part of the legal, operational and commercial framework of modern biotechnology projects and therefore deserve careful consideration from the outset. Summary 1. From a legal standpoint, DNA is considered to be health information In Quebec, biological material and genetic data are not merely instruments of research. Under the law, they are defined as highly sensitive “health information”. The collection, use and transfer of this type of information is strictly regulated and requires explicit, informed consent. 2. Intellectual property does not confer all rights to the holder Just because a company develops a high-performance AI algorithm or an innovative biological model does not mean it can circumvent Quebec’s privacy laws. Bringing biotech products to market requires holding the necessary intellectual property rights AND complying with the legal framework governing the use of health data. 3. The pitfall of project drift (secondary uses) Consent obtained at the outset of a clinical research project usually does not extend to future uses, such as the integration of data into AI platforms. Organizations that fail to establish a solid contractual framework (e.g., transfer agreements, anonymization clauses) from the start may never be able to market their technology. Act respecting health and social services information, CQLR c R-22.1, ss. 1, 2, 5, 44 to 49 and 77. Act respecting the protection of personal information in the private sector, CQLR c P-39.1, ss. 4, 5, 8, 12 and 14. R. v. Dyment, 1988 CanLII 10 (SCC), [1988] 2 SCR 417 Marie Hirtle and Bartha Maria Knoppers, Le stockage des éléments du corps humain, les droits de propriété intellectuelle et les autres droits de propriété, Industrie Canada, 2014. Act respecting health and social services information, supra, note 1, s. 2. Id., ss. 5, 44 to 49 and 77. Act respecting the protection of personal information in the private sector, supra, note 2. Id., ss. 4, 5, 8, 12 and 14. Clausius, K., Kenny, E. & Crawford, M. J. (2023). BILL S-231: The Ethics of Familial and Genetic Genealogical Searching in Criminal Investigations. Canadian Journal of Bioethics / Revue canadienne de bioéthique, 6(3-4), 44–56.  Act respecting health and social services information, supra, note 1, ss. 44 to 49; Act respecting the protection of personal information in the private sector, supra, note 2, ss. 12 and 14. Act respecting health and social services information, supra, note 1, ss. 48 and 49; Act respecting the protection of personal information in the private sector, supra, note 2, ss. 18.3 and 23. Act respecting health and social services information, supra, note 1, ss. 5 and 49; Act respecting the protection of personal information in the private sector, supra, note 2, ss. 12, 17 and 18.3.

    Read more
  2. Behind the Scenes of Sports, Data Never Takes a Break

    The World Anti Doping Agency suffered a data breach in 2016­—a vivid illustration that even the most prominent sporting institutions are not immune to cyber incidents. The authorities have now formalized what was previously just an observation: In a bulletin published in 2024, the Canadian Centre for Cyber Security warned that the entire sports ecosystem—spectators, athletes, organizations and government representatives—is the target of cyberattack campaigns.  Malicious actors will attempt extortion through business email compromise, ransomware attacks, phishing, malicious websites and search engine poisoning, among others. Take heed, as when an incident occurs that is serious enough to require a report to the authorities, it is often too late to establish sound governance and engage in due diligence. The sporting competitions of today are producing massive amounts of data. The quantity is staggering, and the data itself almost Orwellian. Check the tables below to see for yourself. Data collected on athletes  League Information collected NFL Performance data (statistics, position and movement metrics, speed, and passing, rushing and receiving yards) Medical and/or health data (examinations, injuries, concussion protocols) Substance screening data Data on disciplinary actions and investigations Professional and contractual data Travel, logistics and security data NHL Performance data Medical and/or health data (examinations, injuries, concussion protocols) Substance screening data Data on disciplinary actions and investigations Professional and contractual data Travel, logistics and security data MLB Performance data Medical and/or health data (examinations, injuries, concussion protocols) Substance screening data Data on disciplinary actions and investigations Professional and contractual data Travel, logistics and security data   Collection of customer information online  League Information collected NFL  Information provided by individuals  Identifiers: name, email, address, telephone number, date of birth; unique identifiers (username, password, SSN and other government identifiers if required, e.g. for awards) Demographic data and other protected categories: gender, race, ethnicity, sexual orientation Financial and commercial information: payment data, purchase history Real-time geolocation; precise geolocation Communication and marketing preferences Favorite team and inferences about preferences Audio, electronic and visual information (e.g., photos provided) Biometric data, if you opt for biometric authentication at the stadium; with consent and additional notice if required Information about your contacts (name, email) that you share; if authorized, access to your contacts, calendars and photos Search queries Content posted (comments, forums) Professional and employment information Education information Information that may be health-related (e.g., accessible seating) Correspondence, waivers, consents and other information sent Automatic collection  Device and network identifiers and technical data: IP address, MAC address, advertising identifiers, device type, browser, OS Usage: page views, links clicked, browsing journeys, application usage data Tracking and emails: cookies, pixels, tags, interaction with emails (opened emails, clicks) Social media (if linked): data received according to your settings and the platform’s policy Logs and traffic: server logs, stadium Wi-Fi traffic Video and audio recordings: CCTV and pictures taken or video recorded during events   NHL  Information provided by individuals Identifiers and contact information (name, email, telephone number, address, date of birth) Commercial information (payments, purchases, services) Demographic data (language, age, gender, race, ethnicity, household composition and income) Preferences (favourite team, favourite players) Photos and/or videos Content, feedback (comments, surveys) Contact information of friends Application data (resume, references, checks permitted) Automatic collection Activity and interactions (content viewed, bids, purchases, time spent, cookies, tags), access methods (browser, OS, IP address, browsing history before and after) Device information and identifiers (type, unique identifiers, local content if allowed) Location (GPS, Bluetooth, Wi-Fi, cells) Inferences about preferences Commercial information about transactions (e.g., timestamps) Collection from third parties Member clubs (ticketing, login credential, usage logs) Fanatics, NHL Shop, NHL Auctions (name, email, items purchased; marketing engagement statistics) Other business partners, public sources, commercial sources (data brokers) Connected social media (according to the platform’s settings and policies) NHL teams* Contact information: name, email address, home address, gender, date of birth, telephone number (e.g., ticket purchase, ticket transfer, account creation, inquiries, contests, promotions) Demographic data and preferences (age group, race, gender; preferred events, preferred products, e.g., surveys) Health data related to accessibility needs Video surveillance in venues (security; sharing limited by law) Anonymous traffic analysis and device counting (cameras, technological devices; Wi-Fi); statistics that can be shared with partners Depersonalized web analytics (Google Analytics); opt-out option Online advertising and/or remarketing (Google, Facebook, LinkedIn, etc.) through cookies; opt-out mechanisms (platform settings; DAAC) Geolocation through applications if enabled Social media: profile data and authorized interactions Technical data (IP, browser, OS, resolution, location, language, origin, keywords, pages viewed, data entered, ads viewed), identifiers (IDFA, AAID), connection information (operator, ISP, Wi-Fi); ability to recognize a device) MLB Information provided by individuals Identifiers and contact information: full name, email address, home address, telephone numbers, date of birth Security and authentication: password Payments: payment details Demographic data: demographic characteristics Content and recordings: voice recordings, audiovisual recordings Preferences and interests: information about your interests and preferences Activity and event related data: information requested for an activity or event (e.g., emergency contact) Sensitive personal information: as defined by applicable laws (e.g., racial or ethnic origin; health information such as disabilities or allergies) Automatic collection  Technical and usage data: IP addresses, device data, usage data Location and contacts: location data; contacts saved on your mobile device Collection from third parties Data from third parties and integrations: information provided by other companies if individuals connect their services * This data is collected about website users, people who visit venues, people who apply for jobs or participate in contests, people who submit drafts.   How leagues are structured Regarding privacy and personal information, we must look at how sports leagues are organized to understand who does what. In most cases, sports leagues are non-profit organizations or corporations. An entire framework of rules is built around these structures, defining both how governance is done and what business model is used. First, there are the articles of association and by-laws, which dictate governance, team admissions, voting rights, and the powers of the commissioner or board of directors. There are also the sporting and competition regulations regarding eligibility, game schedules, transfers, drafts, salary caps and cost control mechanisms. The leagues also adopt integrity and security policies against doping, betting and manipulation, harassment and abuse, as well as commercial agreements covering broadcasting, sponsorships, ticketing and data leveraging, among others. There can also be collective agreements with players’ associations and formal dispute resolution mechanisms. In this environment, the league plays a central role. It generally has the power to adopt, interpret and amend its rules; admit teams; manage expansion and relocation projects and changes of control; as well as the power to impose sanctions such as fines, point deductions, suspensions or exclusions. It also centralizes strategic commercial rights, media rights, trademarks and data, and it implements revenue-sharing policies designed to maintain a competitive balance between teams. Personal information: the roles of each Teams In day-to-day relations with athletes and customers, teams are generally the main point of contact. They sign contracts with players, sell tickets, manage subscriptions and operate online stores and loyalty programs. In practice, teams are often the ones that collect personal information, that explain what the information is used for, that decide what information needs to be collected and that put in place security and incident management measures. Teams must therefore be able to clearly inform athletes and customers about the purposes for which personal information is collected, the means by which it is collected, the categories of information collected, who receives the information, and the rights that  athletes and customers have. Teams must limit collection to what is necessary. They must ensure that information is accurate; they must obtain valid, manifest, free, informed and explicit consent for sensitive information such as health or biometric data; they must implement security measures adapted to risks; they must manage and report confidentiality incidents likely to cause serious harm; they must respond to requests for access and rectification; and they must stringently govern the sharing of information with service providers and mandataries. Athletes and customers often see the team as the true holder of their data. Leagues The role leagues play regarding personal information is more difficult to understand, as it varies depending on activities. When a league directly collects information from an individual, for example through an official application, a broadcasting platform or a transactional site for its own purposes, it must assume responsibilities comparable to those a team has. This is what MLB Advanced Media does, for example, defining itself as a “data controller” with respect to its customers’ data. But in many cases, the league acts behind the scenes. In some respects, it acts as a mandatary for the teams, negotiating and signing technology contracts, broadcasting agreements and other commercial agreements that will be used by the teams. In other respects, it acts as a service provider, offering centralized technology platforms, ticketing systems, data infrastructure and shared administrative services. Under Quebec law, these two roles—mandatary and service provider—are treated the same: The team can transmit to the league the information it needs to perform the mandate or service contract without having to ask for the consent of each person again, provided that a written agreement imposes clear measures to protect privacy, limits the use of data to the sole purposes of the mandate or service and governs data retention. The league must also promptly inform a team’s privacy officer of any privacy breach or attempted privacy breach and allow the officer to conduct checks. Also, teams and the league can always choose to base certain exchanges of information on the explicit consent of athletes or customers. However, such consent must be genuinely explicit, free, informed, given for specific purposes and presented separately when asked to be given in writing. Conclusion Although professional leagues are the ones in the spotlight, the same logic applies to amateur or non-professional sports organizations. In all cases, the relationship between the league, the team and the athlete or customer must be clearly governed from a privacy standpoint. Sports organizations should map the flow of personal information, harmonize the information messages they give to the those concerned, establish a standard agreement governing the sharing of information between teams and the league, provide simple mechanisms for access and rectification, and have key employees trained in privacy matters. Incorporating these points into articles of association, by-laws and team and league agreements will reduce risks and strengthen the confidence of athletes, parents, fans and business partners. Yet, a fundamental question still remains: Given that by law, data can only be collected for serious and legitimate reasons (necessity criterion), is the mass of information currently collected in the sports ecosystem really warranted? Sports organizations will have no choice but to delve into this strategic issue. 

    Read more
  3. Data Anonymization: Not as Simple as It Seems

    Blind spots to watch for when anonymizing data Anonymization has become a crucial step in unlocking the value of data for innovation, particularly in artificial intelligence. But without a properly executed anonymization process, organizations risk financial penalties, legal action and serious reputational harm, with potentially significant consequences for their operations. Understanding the anonymization process What the law says Under Quebec’s Act respecting the protection of personal information in the private sector (the “Private Sector Act”) and the Act respecting Access to documents held by public bodies and the Protection of personal information (the “Access Act”), information concerning a natural person is considered anonymized if it irreversibly no longer allows the person to be identified directly or indirectly. Since anonymized information no longer qualifies as personal information, this distinction is of crucial importance. However, beyond this definition, neither Act provides details on how anonymization should actually be performed. To fill this gap, the government adopted the Regulation respecting the anonymization of personal information (the “Regulation”), which sets out the criteria and framework for anonymization, grounded in high standards of privacy protection. What organizations need to know before starting Under the Regulation, before beginning any anonymization process, organizations must clearly define the “serious and legitimate purposes” for which the data will be used. These purposes must comply with either the Private Sector Act or the Access Act, as applicable, and any new purpose must meet the same requirement. The process must also be supervised by a qualified professional with the expertise to select and apply appropriate anonymization techniques. This supervision ensures both the proper implementation of the chosen methods and the ongoing validation of technological choices and security measures. The four key steps of data anonymization   DepersonalizationThe first step is to remove or replace all personal identifiers, such as names, addresses and phone numbers, with pseudonyms. It is essential to anticipate how different data sets might interact, in order to minimize the risk of re-identifying individuals through cross-referencing. Preliminary risk assessmentNext comes a preliminary analysis of re-identification risks. This step relies on three main criteria: individualization (inability to isolate a person within a dataset), correlation (inability to connect datasets concerning the same person) and inference (inability to infer personal information from other available information). Common anonymization techniques include aggregation, deletion, generalization and data perturbation. Organizations should also apply strong protective measures, such as advanced encryption and restrictive access controls, to minimize the likelihood of re-identification. In-depth risk analysisAfter the preliminary phase, a deeper risk analysis must be conducted. While no anonymization process can eliminate all risk, that risk must be reduced to the lowest possible level, taking into account factors such as data sensitivity, the availability of public datasets and the effort required to attempt re-identification. To sustain this low level of risk, organizations should perform periodic reassessments that account for technological advances that could make re-identification easier over time. Documentation and record-keepingFinally, organizations must keep a detailed record describing the anonymized information, its intended purposes, the techniques and security measures used, and the dates of any analyses or updates. This documentation strengthens transparency and demonstrates that the organization has fulfilled its legal obligations regarding anonymization.

    Read more
  4. Businesses: Four tips to avoid dependency or vulnerability in your use of AI

    While the world is focused on how the tariff war is affecting various products, it may be overlooking the risks the war is posing to information technology. Yet, many businesses rely on artificial intelligence to provide their services, and many of these technologies are powered by large language models, such as the widely-used ChatGPT. It is relevant to ask whether businesses should rely on purely US-based technology service providers. There is talk of using Chinese alternatives, such as DeepSeek, but their use raises questions about data security and the associated control over information. Back in 2023, Professor Teresa Scassa wrote that, when it comes to artificial intelligence, sovereignty can take on many forms, such as state sovereignty, community sovereignty over data and individual sovereignty.1 Others have even suggested that AI will force the recalibration of international interests.2 In our current context, how can businesses protect themselves from the volatility caused by the actions of foreign governments? We believe that it’s precisely by exercising a certain degree of sovereignty over their own affairs that businesses can guard against such volatility. A few tips: Understand Intellectual property issues: Large language models underlying the majority of artificial intelligence technologies are sometimes offered under open-source licenses, but certain technologies are distributed under restrictive commercial licenses. It is important to understand the limits imposed by the licenses under which these technologies are offered. Some language model owners reserve the right to alter or restrict the technology’s functionality without notice. Conversely, permissive open-source licenses allow a language model to be used without time restrictions. From a strategic standpoint, businesses should keep intellectual property rights over their data compilations that can be integrated into artificial intelligence solutions. Consider other options: Whenever technology is used to process personal information, a privacy impact assessment is required by law before such technology is acquired, developed or redesigned.[3] Even if a privacy impact assessment is not legally required, it is prudent to assess the risks associated with technological choices. If you are dealing with a technology that your service provider integrates, check whether there are alternatives. Would you be able to quickly migrate to one of these if you faced issues? If you are dealing with custom solution, check whether it is limited to a single large language model. Adopt a modular approach: When a business chooses an external service provider to provide a large language model, it is often because the provider offers a solution that is integrated to other applications that the business already uses, or because it provides an application programming interface developed specifically for the business. In making such a choice, you should determine whether the service provider can replace the language model or application if problems were to arise. If the technology in question is a fully integrated solution from a service provider, find out whether the provider offers sufficient guarantees that it could replace a language model if it were no longer available. If it is a custom solution, find out whether the service provider can, right from the design stage, provide for the possibility of replacing one language model with another. Make a proportionate choice: Not all applications require the most powerful language models. If your technological objective is middle-of-the-road, you can consider more possibilities, including solutions hosted on local servers that use open-source language models. As a bonus, if you choose a language model proportionate to your needs, you are helping to reduce the environmental footprint of these technologies in terms of energy consumption.  These tips each require different steps to be put into practice. Remember to take legal considerations, in addition to technological constraints, into account. Licenses, intellectual property, privacy impact assessments and limited liability clauses imposed by certain service providers are all aspects that need to be considered before making any changes. This isn’t just about being prudent—it’s about taking advantage of the opportunity our businesses have to show they are technologically innovative and exercise greater control over their futures. Scassa, T. 2023. “Sovereignty and the governance of artificial intelligence.” 71 UCLA L. Rev. Disc. 214. Xu, W., Wang, S., & Zuo, X. 2025. “Whose victory? A perspective on shifts in US-China cross-border data flow rules in the AI era.” The Pacific Review, 1–27. See in particular the Act respecting the protection of personal information in the private sector, CQLR c. P-39.1, s. 3.3.

    Read more
  1. Lavery recognized in Best Lawyer's new directory of Canada's best law firms for 2025

    We are pleased to announce that Lavery has been recognized as one of the top law firms in the new edition of Best Law Firms - Canada published by Best Lawyers for 2025. Our firm was ranked in 16 practice areas nationally and 50 practice areas regionally. These recognitions are further demonstration of the expertise and quality of legal services that characterize Lavery's professionals. Firms on the 2025 Best Lawyers - Canada list are recognized for their professional excellence through evaluations by their clients and peers. Areas of expertise in which Lavery is recognized: Tier 1 Administrative and Public Law (National / Regional) Banking and Finance Law (Regional) Class Action Litigation (Regional) Commercial Leasing Law (Regional) Construction Law (Regional) Corporate and Commercial Litigation (Regional) Corporate Law (Regional) Family Law (National / Regional) Information Technology Law (Regional) Insolvency and Financial Restructuring Law (Regional) Insurance Law (National / Regional) Intellectual Property Law (Regional) Labour and Employment Law (Regional) Mergers and Acquisitions Law (Regional) Mining Law (Regional) Natural Resources Law (Regional) Product Liability Law (Regional) Securities Law (Regional) Trusts and Estates (Regional) Workers' Compensation Law (Regional) Tier 2 Administrative and Public Law (Regional) Advertising and Marketing Law (Regional) Alternative Dispute Resolution (Regional) Biotechnology and Life Sciences Practice (Regional) Class Action Litigation (National) Corporate Governance Practice (Regional) Corporate Law (National / Regional) Director and Officer Liability Practice (Regional) Energy Law (Regional) Environmental Law (Regional) Family Law (Regional) Health Care Law (Regional) Insurance Law (Regional) Intellectual Property Law (National) Labour and Employment Law (National) Professional Malpractice Law (Regional) Real Estate Law (Regional) Tax Law (Regional) Trusts and Estates (National) Tier 3 Aboriginal Law / Indigenous Practice (Regional) Alternative Dispute Resolution (Regional) Banking and Finance Law (National) Construction Law (National) Corporate and Commercial Litigation (National) Defamation and Media Law (Regional) Employee Benefits Law (Regional) Equipment Finance Law (Regional) Family Law Mediation (Regional) Health Care Law (Regional) Insolvency and Financial Restructuring Law (National) Mergers and Acquisitions Law (National) Mining Law (National) Privacy and Data Security Law (Regional) Private Funds Law (Regional) Professional Malpractice Law (Regional) Project Finance Law (Regional) Securities Law (National) Workers' Compensation Law (National) About Lavery Lavery is the leading independent law firm in Quebec. Its more than 200 professionals, based in Montréal, Quebec, Sherbrooke and Trois-Rivières, work every day to offer a full range of legal services to organizations doing business in Quebec. Recognized by the most prestigious legal directories, Lavery professionals are at the heart of what is happening in the business world and are actively involved in their communities. The firm’s expertise is frequently sought after by numerous national and international partners to provide support in cases under Quebec jurisdiction. About Best Lawyers Best Lawyers is the oldest and most respected lawyer ranking service in the world. For almost 40 years, Best Lawyers has assisted those in need of legal services to identify the lawyers best qualified to represent them in distant jurisdictions or specialized areas. Best Lawyers lists are published in leading local, regional, and national publications across the globe.  

    Read more
  2. Bernard Larocque appointed a Judge of the Superior Court of Québec

    We were very pleased to learn of the announcement of the Minister of Justice confirming the appointment of Bernard Larocque as a Judge of the Superior Court of Québec for the district of Montréal. The Superior Court of Québec is an ordinary court of law in Quebec hearing all disputes that a formal provision of law has not assigned to the jurisdiction of another court. The Superior Court plays a key role in Quebec's justice system. Bernard Larocque joined the firm in 1998 as a member of the litigation group and became a partner in 2003. His practice focused mainly on civil litigation, including defamation, insurance law, class actions, professional liability and administrative disputes. He has frequently appeared before the courts, including the Supreme Court of Canada and the Court of Appeal of Quebec.?His excellence and reputation as a litigator earned him the title of Fellow by the prestigious American College of Trial Lawyers in March 2020. Bernard has also always been active in the community and has been deeply involved with the Justice Pro Bono Board of Directors for over twenty years, which he has chaired since 2020. "Bernard will be serving on the bench with several of his former colleagues and friends from the firm. He embodies Lavery's values, driven by excellence, diligence, a deep sense of duty and a desire to give back to society. These are all qualities that will carry him through this next important chapter in his legal career," concludes Anik Trudel, CEO at Lavery.

    Read more
  3. Marie-Hélène Jolicoeur speaks at the ACUQ

    This spring, Marie-Hélène Jolicoeur, a partner of the Labour and Employment Law group, delivered four four-hour training sessions for close to one hundred emergency call centre workers in Québec. These sessions were delivered as part of a skills improvement program created by the Association des centres d’urgence du Québec (ACUQ). Entitled Médias sociaux et confidentialité de l’information, the training reviewed the legal obligations by which emergency call centre workers are bound and analyzed the employment impact of disclosing confidential or other information obtained in the course of employment on social media.

    Read more
  1. Lavery assists Agendrix in obtaining two ISO certifications for data security and privacy

    On February 6, 2023, Agendrix, a workforce management software company, announced that it had achieved certification in two globally recognized data security and privacy standards, ISO/IEC 27001:2013 and ISO/IEC 27701:2019. This made it one of the first staff scheduling and time clock software providers in Canada to obtain these certifications. The company is proactively engaging in all matters related to the security and confidentiality of the data processed by its web and mobile applications. The ISO/IEC 27001:2013 standard is aimed at improving information security systems. For Agendrix’s customers, that means its products comply with the highest information security standards. ISO/IEC 27701:2019 provides a framework for the management and handling of personal information and sensitive data. This certification confirms that Agendrix follows best practices and complies with applicable laws. A Lavery team composed of Eric Lavallée, Dave Bouchard, Ghiles Helli and Catherine Voyer supported Agendrix in obtaining these two certifications. More specifically, our professionals assisted Agendrix in the review of their standard contract with their customers, as well as in the implementation of policies and various internal documents essential to the management of personal information and information security. Agendrix was founded in 2015, and the Sherbrooke-based company now has over 150,000 users in some 13,000 workplaces. Its personnel management software is a leader in Quebec in the field of work schedule management for small and medium-sized businesses. Agendrix’s mission is to make management more human-centred by developing software that simplifies the lives of front-line employees. Today, the company employs more than 45 people.

    Read more