Corporate Governance


Corporate directors have lost their immunity to prosecution, and rules and requirements governing their actions are becoming increasingly stringent.

Drawing on their many years of experience, extensive documentation, and conclusive data, Lavery’s lawyers can help you ensure sound corporate governance, transparency, integrity, and accountability.


  • Audit and assessment of your current practices
  • Formulation and implementation of required changes
  • Training of directors
  • Compliance with laws, rules, and guidelines
  • Preparation of the necessary opinions and reports
  1. Ten things you should know about the amendments to Quebec’s Charter of the French language

    Quebec recently enacted Bill 96, entitled An Act respecting French, the official and common language of Québec, which aims to overhaul the Charter of the French language. Here are 10 key changes in this law that will impose significant obligations on businesses: As of June 1, 2025, businesses employing more than 25 people (currently the threshold is 50 people) for at least six months will be required to comply with various “francization”1 obligations. Businesses with between 25 and 99 employees may also be ordered by the Office québécois de la langue française (the OQLF)2 to form a francization committee. In addition, at the request of the OQLF, businesses may have to provide a francization program for review within three months. As of June 1, 2025, only trademarks registered in a language other than French (and for which no French version has been filed or registered) will be accepted as an exception to the general principle that trademarks must be translated into French. Unregistered trademarks that are not in French must be accompanied by their French equivalent. The rule is the same for products as well as their labelling and packaging; any writing must be in French. The French text may be accompanied by a translation or translations, but no text in another language may be given greater prominence than the text in French or be made available on more favourable terms. However, as of June 1, 2025, generic or descriptive terms included in a trademark registered in a language other than French (for which no French version has been registered) must be translated into French. In addition, as of June 1, 2025, on public signs and posters visible from outside the premises, (i) French must be markedly predominant (rather than being sufficiently present) and (ii) the display of trademarks that are not in French (for which no French version has been registered) will be limited to registered trademarks. As of June 1, 2022, businesses that offer goods or services to consumers must respect their right to be informed and served in French. In the event of breaches of this obligation, consumers have the right to file a complaint with the OQLF or to request an injunction unless the business has fewer than five employees. In addition, any legal person or company that provides services to the civil administration3 will be required to provide these services in French, including when the services are intended for the public. As of June 1, 2022, subject to certain criteria provided for in the bill, employers are required to draw up the following written documents in French: individual employment contracts4 and communications addressed to a worker or to an association of workers, including communications following the end of the employment relationship with an employee. In addition, other documents such as job application forms, documents relating to working conditions and training documents must be made available in French.5 As of June 1, 2022, employers who wish to require employees to have a certain level of proficiency in a language other than French in order to obtain a position must demonstrate that this requirement is necessary for the performance of the duties related to the position, that it is impossible to proceed using internal resources and that they have made efforts to limit the number of positions in their company requiring knowledge of a language other than French as much as possible. As of June 1, 2023, parties wishing to enter into a consumer contract in a language other than French, or, subject to various exceptions,6 a contract of adhesion that is not a consumer contract, must have received a French version of the contract before agreeing to it. Otherwise, a party can demand that the contract be cancelled without it being necessary to prove harm. As of June 1, 2023, the civil administration will be prohibited from entering into a contract with or granting a subsidy to a business that employs 25 or more people and that does not comply with the following obligations on the use of the French language: obtaining a certificate of registration, sending the OQLF an analysis of the language situation in the business within the time prescribed, or obtaining an attestation of implementation of a francization program or a francization certificate, depending on the case. As of June 1, 2023, all contracts and agreements entered into by the civil administration, as well as all written documents sent to an agency of the civil administration by a legal person or by a business to obtain a permit, an authorization or a subsidy or other form of financial assistance must be drawn up exclusively in French. As of September 1, 2022, a certified French translation must be attached to motions and other pleadings drawn up in English that emanate from a business or legal person that is a party to a pleading in Quebec. The legal person will bear the translation costs. The application of the provisions imposing this obligation has, however, been suspended for the time being by the Superior Court.7 As of September 1, 2022, registrations in the Register of Personal and Movable Real Rights and in the Land Registry Office, in particular registrations of securities, deeds of sale, leases and various other rights, must be made in French. Note that declarations of co-ownership must be filed at the Land Registry Office in French as of June 1, 2022. The lawyers at Lavery know Quebec’s language laws and can help you understand the impact of Bill 96 on your business, as well as inform you of the steps to take to meet these new obligations. Please do not hesitate to contact one of the Lavery team members named in this article for assistance. “Francization” refers to a process established by the Charter of the French language to ensure the generalized use of French in businesses. The OQLF is the regulatory body responsible for enforcing the Charter of the French language. The civil administration in this law includes any public body in the broad sense of the term. An employee who signed an individual employment contract before June 1, 2022, will have until June 1, 2023, to ask their employer to provide them with a French translation if the employee so wishes. If the individual employment contract is a fixed-term employment contract that ends before June 1, 2024, the employer is not obliged to have it translated into French at the request of the employee. Employers have until June 1, 2023, to have job application forms, documents related to work conditions and training documents translated into French if these are not already available to employees in French. Among these exceptions are employment contracts, loan contracts and contracts used in “relations with persons outside Quebec.” There seems to be a contradiction in the law with regard to individual employment contracts which are contracts of adhesion and for which the obligation to provide a French translation nevertheless seems to apply. Mitchell c. Procureur général du Québec, 2022 QCCS 2983.

    Read more
  2. Bill C-18 (Online News Act): Canada looking to create a level playing field for news media

    Earlier this month, Canadian Heritage Minister Pablo Rodriguez introduced Bill C-18 (Online News Act) in Parliament. This bill, which was largely inspired by similar legislation in Australia, aims to reduce bargaining imbalances between online platforms and Canadian news outlets in terms of how these “digital news intermediaries” allow news content to be accessed and shared on their platforms. If passed, the Online News Act would, among other things, require these digital platforms such as Google and Facebook to enter into fair commercial agreements with news organizations for the use and dissemination of news related content on their platforms. Bill C-18, which was introduced on April 5, 2022, has a very broad scope, and covers all Canadian journalistic organizations, regardless of the type of media (online, print, etc.), if they meet certain eligibility criteria. With respect to the “digital news intermediaries” on which the journalistic content is shared, Bill C-18 specifically targets online communication platforms such as search engines or social media networks through which news content is made available to Canadian users and which, due to their size, have a significant bargaining imbalance with news media organizations. The bill proposes certain criteria by which this situation of bargaining imbalance can be determined, including the size of the digital platform, whether the platform operates in a market that provides a strategic advantage over news organizations and whether the platform occupies a prominent position within its market. These are clearly very subjective criteria which make it difficult to precisely identify these “digital news intermediaries.” Bill C-18 also currently provides that the intermediaries themselves will be required to notify the Canadian Radio-television and Telecommunications Commission (“CRTC”) of the fact that the Act applies to them. The mandatory negotiation process is really the heart of Bill C-18. If passed in its current form, digital platform operators will be required to negotiate in good faith with Canadian media organizations to reach fair revenue sharing agreements. If the parties fail to reach an agreement at the end of the negotiation and mediation process provided for in the legislation, a panel of three arbitrators may be called upon to select the final offer made by one of the parties. For the purposes of enforceability, the arbitration panel’s decision is then deemed, to constitute an agreement entered into by the parties. Finally, Bill C-18 provides digital platforms the possibility of applying to the CRTC for an exemption from mandatory arbitration provided that their revenue sharing agreements meet the following criteria: Provide fair compensation to the news businesses for news content that is made available on their platforms; Ensure that an appropriate portion of the compensation would be used by the news businesses to support the production of local, regional and national news content; Do not allow corporate influence to undermine the freedom of expression and journalistic independence enjoyed by news outlets; Contribute to the sustainability of Canada’s digital news marketplace; Ensure support for independent local news businesses, and ensure that a significant portion of independent local news businesses benefit from the deals; and Reflect the diversity of the Canadian news marketplace, including diversity with respect to language, racialized groups, Indigenous communities, local news and business models. A bill of this scope will certainly be studied very closely by the members of Parliament, and it would not be surprising if significant amendments were made during this process. We believe that some clarifications would be welcome, particularly as to the precise identity of businesses that will be considered “digital information intermediaries” for the purposes of the Online News Act.

    Read more
  3. A False Sense of Cybersecurity?

    Ransomware has wreaked so much havoc in recent years that many people forget about other cybersecurity risks. For some, not storing personal information makes them feeling immune to hackers and cyber incidents. For others, as long as their computers are working, they do not feel exposed to no malware. Unfortunately, the reality is quite different. A new trend is emerging: malware is being released to collect confidential information, including trade secrets, and then such information is being sold to third parties or released to the public.1 The Pegasus software used to spy on journalists and political opponents around the world has been widely discussed in the media, to the point that U.S. authorities decided to include it on their trade blacklist.2 However, the use of spyware is not limited to the political sphere. Recently, a California court ordered a U.S. corporation, 24[7].ai, to pay $30 million to one of its competitors, Liveperson.3 This is because 24[7].ai installed competing technology on mutual client websites where LivePerson’s technology already is installed. Liveperson alleged in its lawsuit that 24[7].ai installed spyware that gathered confidential and proprietary information and data regarding Liveperson’s technology and client relationships. In addition, the software which 24[7].ai allegedly installed removed some features of Liveperson’s technology, including the “chat” button. In doing so, 24[7].ai interfered in the relationship between Liveperson and its clients. This legal saga is ongoing, as another trial is scheduled to take place regarding trade secrets related to a Liveperson client.4 This legal dispute illustrates that cybersecurity is not only about personal information, but also about trade secrets and even the proper functioning of business software. A number of precautions can be taken to reduce the risk of cybersecurity incidents. Robust internal policies at all levels of the business help maintain a safe framework for business operations. Combined with employee awareness of the legal and business issues surrounding cybersecurity, these policies can be important additions to IT best practices. In addition, employee awareness facilitates the adoption of best practices, including systematic investigations of performance anomalies and the use of programming methods that protect trade secrets. Moreover, it may be advisable to ensure that contracts with clients provide IT suppliers with sufficient access to conduct  the necessary monitoring for the security of both parties. Ultimately, it is important to remember that the board of directors must exercise its duty with care, diligence and skill while looking out for the best interests of the business. Directors could be held personally liable if they fail to meet their obligation to ensure that adequate measures are implemented to prevent cyber incidents or if they ignore the risks and are wilfully blind. Thus, board members must be vigilant, be trained in and aware of cybersecurity in order to integrate it into their risk management approach. In an era in which intellectual property has become a corporation’s most important asset, it goes without saying that it is essential to put in place not only the technological tools, but also the procedures and policies required to adequately protect it! Contact Lavery for advice on the legal aspects of cybersecurity. See Page, Carly, “This new Android spyware masquerades as legitimate apps,” Techcrunch, November 10, 2021.; Page, Carly, “FBI says ransomware groups are using private financial information to further extort victims,” Techcrunch, November 2, 2021. Gardner, Frank, “NSO Group: Israeli spyware company added to US trade blacklist,” BBC News, November 3, 2021. Claburn, Thomas, “Spyware, trade-secret theft, and $30m in damages: How two online support partners spectacularly fell out,” The Register,June 18, 2021. Brittain, Blake, “LivePerson wins $30 million from [24] in trade-secret verdict,”Reuters, June 17, 2021.

    Read more
  4. Adoption of Bill 64: what do public bodies need to know?

    Bill 64, also known as the Act to modernize legislative provisions as regards the protection of personal information, was adopted on September 21, 2021, by the National Assembly of Québec. This new bill amends some 20 laws relating to the protection of personal information, including the Act respecting Access to documents held by public bodies and the Protection of personal information ("Access Act"), the Act respecting the protection of personal information in the private sector (“ARPIPS”) and the Act to establish a legal framework for information technology (“AELFIT”). While these changes will affect both public bodies and private businesses, this article focuses exclusively on the new requirements for public bodies covered by the Access Act.  We have prepared an amended version of the Access Act in order to reflect the exact changes brought about by Bill 64. 1. Strengthening consent mechanisms and increasing individual control over personal information By way of Bill 64, some important changes were made to the notion of consent when disclosing personal information to public bodies. From now on, any time an individual’s consent is required by the Access Act, public bodies must ensure that the concerned individual’s consent is given separately from any other disclosed information (s. 53.1). Furthermore, any consent to the collection of sensitive personal information (e.g., health or financial information that gives rise to a reasonable expectation of privacy) will have to be expressly obtained from the data subject (s. 59). The amended Access Act now also provides that minors under the age of 14 must have a parent or a guardian consent to the collection of their personal information. For minors over the age of 14, consent can be given either directly by the minor or by their parent or guardian (s. 53.1). The right to data portability is one of the new rights enforced by Bill 64. These added provisions to the Access Act allow data subjects to obtain data that a public body holds on them in a structured and commonly used technological format and to demand that this data be released to a third party (s. 84). Whenever a public body renders a decision based exclusively on automated processing of personal information, the affected individual must be informed of this process. If the decision produces legal effects or otherwise affects the individual concerned, upon request, the public body must also disclose to the individual (i) the personal information used in reaching the decision, (ii) the reasons and main factors leading to the decision, and (iii) the individual’s right to have this personal information rectified (s. 65.2).  Furthermore, public bodies that use technology to identify, locate or profile an individual must now inform the affected individual of the use of such technology and the means that are available to them in order to disable such functions (s. 65.0.1). 2. New personal data protection mechanisms Public bodies will now be required to conduct a privacy impact assessment whenever they seek to implement or update any information system that involves the collection, use, disclosure, retention or destruction of personal data (s. 63.5). This obligation will effectively compel public bodies to consider the privacy and personal information protection risks involved in a certain project at its outset. In fact, the Access Act now states that every public body must create an access to information committee, whose responsibilities will include offering their observations in such circumstances. 3. Promoting transparency and accountability for public bodies The changes brought about by Bill 64 also aim to increase the transparency of processes employed by public bodies in collecting and using personal data, as well as placing an emphasis on accountability. As such, public bodies will now have to publish on their websites the rules that govern their handling of personal data in clear and simple language (s. 63.3). These rules may take the form of a policy, directive or guide and must set out the various responsibilities of staff members with respect to personal information. Training and awareness programs for staff should also be listed. Any public body that collects personal information through technological means will likewise be required to publish a privacy policy on their website. The policy will have to be drafted in clear and simple language (s. 63.4). The government may eventually adopt regulations to specify the required content of such privacy policies. Moving forward, public bodies will also have to inform data subjects of any personal data transfer outside of the province of Quebec (s. 65). Any such transfer will also need to undergo a privacy impact assessment, which will include an analysis of the legal framework applicable in the State where the personal information will be transferred (s. 70.1). Furthermore, any transfer of personal data outside of Quebec must be subject to a written agreement that takes into account, in particular, the results of the privacy impact assessment and, if applicable, the agreed-upon terms to mitigate the risks identified in the assessment (s. 70.1). A public body that wishes to entrust a person or body outside of Quebec with the task of collecting, using, communicating or retaining personal information on its behalf will have to undertake a similar exercise (s. 70.1 (3)). 4. Managing confidentiality incidents Where a public body has reason to believe that a confidentiality incident (which is defined in Bill 64 as the access, use, disclosure or loss of personal information) has occurred, public bodies will be required to take reasonable steps to mitigate the injury caused to the affected individuals and to reduce the risk of further confidentiality incidents occurring in the future (s. 63.7). In addition, where the confidentiality incident poses a risk of serious harm to the affected individuals, these individuals and the Commission d’accès à l’information (“CAI”) must be notified (unless doing so would interfere with an investigation to prevent, detect or suppress crime or violations of law) (s. 63.7). Public bodies must now also keep a register of confidentiality incidents (s. 63.10), a copy of which must be sent to the CAI upon request. 5. Increased powers for the CAI Bill 64 also grants the CAI an arsenal of new powers aiming to ensure that public bodies, as well as private companies, comply with privacy laws. For example, in the event of a confidentiality incident, the CAI may order any public body to take appropriate action to protect the rights of affected individuals, after allowing the public body to make representations (s. 127.2). Furthermore, the CAI now has the power to impose substantial administrative monetary penalties, the value of which may reach up to $150,000 for public bodies (s. 159). In the event of repeat offences, fines will be doubled (s. 164.1). 6. Coming into force The amendments made by Bill 64 will come into force in several stages. Most of the new provisions of the Access Act [DM1] will come into force two years after the date of assent, which was granted on September 22, 2021. However, some specific provisions will take effect one year after that date, including: The requirements regarding actions to be taken in response to confidentiality incidents (s. 63.7) and the powers of the CAI upon disclosure by an organization of a confidentiality incident (s. 137.2); and The exception to disclosure without consent for research purposes (s. 67.2.1). Conclusion The clock is now ticking for public bodies to implement the necessary changes in order to comply with the new privacy requirements outlined in Bill 64, which received official assent on September 22, 2021. We invite you to consult our privacy specialists to help ensure proper compliance with the new requirements of the updated Access Act. The Lavery team would be more than pleased to answer any questions you may have regarding the upcoming changes and the potential impacts on your org

    Read more
  1. Guillaume Lavoie participates in a McGill-HEC Montréal EMBA panel on governance

    On June 13, Guillaume Lavoie, partner and head of the Lavery CAPITAL and Mergers and Acquisitions groups, will participate in a panel on governance organized by McGill-HEC Montréal EMBA being held at the HEC Montréal. Entitled Les défis et enjeux de la gouvernance, the panel will address the various issues and challenges faced by different industries and types of organizations to stimulate a discussion on governance based on concrete examples experienced by the panelists. The panel will also include Louise St-Pierre, former CEO of Cogeco Connexion, Josée Duplessis, Chief of Staff for the Federal Minister of Family, Children and Social Development and Ginette Mailhot, founder of Capital Humain Plus and a director of Anges Québec. All profits will be donated to Women in Governance and its president and co-founder, Caroline Codsi, will moderate. Click here to register.

    Read more