Cybersecurity

Overview

Read our white paper on what to do before, during and after a cyber incident

Complete our analysis questionnaire on cybersecurity needs.

Now more than ever, companies of all sizes and in every field must pay particular attention to the issue of cybersecurity.

The rise in cyberattacks and costs associated with data leaks is well documented. Indeed, the mobility of information in a telecommuting context, the use of cloud storage, process automation and the increased connectivity of organizational systems increase organizations’ vulnerability to cyberattacks. Data leaks can adversely affect not only an organization’s reputation with the public, but also the management and continuity of its day-to-day business.

In addition, legislative and regulatory requirements for public and private sector companies that hold personal data and information are also being enhanced, as evidenced, in particular, by the National Assembly of Québec’s very recent adoption of Bill 64 in the wake of high-profile security incidents.

Our expertise

Our service offer covers all aspects of cybersecurity, including identifying risks, understanding the issues at stake, implementing best practices in cyber vigilance and providing support should a company be sued following a breach of confidentiality.

Lavery’s team has extensive experience and expertise, particularly in crisis management with respect to:

  • Protection of personal and other sensitive data
  • Information technology
  • Technology governance
  • IT risk management
  • Disputes (including class actions)
  • Labour and employment law

Our team keeps abreast of legislative changes regarding personal information, an area currently undergoing rapid change. It also has an understanding of cutting-edge technology, including the Internet of Things, artificial intelligence and quantum computing, all of which will drastically affect cybersecurity practices in the coming years.

Service offer to private and public institutions

As we know that legal matters represent only a fraction of the issues that need to be addressed with respect to an organization’s cyber vigilance, our service offer includes legal services geared towards IT security management and non-legal services that combine a range of prevention and response measures to provide an effective and operational solution based on four criteria:

  • Strategy and transformation: Developing strategies and programs that focus on business needs and risks and support growth and resilience by making cybersecurity and privacy a company-wide priority.
  • Incident and threat management: Preparing for, identifying, responding to, investigating and handling threats with confidence.
  • Consumer privacy and protection: Designing, implementing and running a privacy program that enables your organization to maximize the use of data in accordance with the law, while building consumer trust.
  • Implementation and operations: Designing, implementing, running and improving the use of cybersecurity technologies and continuously monitoring your environment to detect and contain threats to your business.

Service offer to SMEs

Our firm has developed a cybersecurity service offer to, in particular, analyze companies’ needs in this area and identify possible flaws that require their attention.

As a first step, your organization must complete a cybersecurity needs analysis questionnaire.

Once the questionnaire is completed, we are able to establish a diagnosis, propose solutions and an action plan to remedy problematic aspects and guide you in implementing our recommendations on the following:

  • Cybersecurity governance: A sound decision-making process is important for any business when it comes to cybersecurity.
  • Processes related to employees, suppliers and subcontractors: A business’ decisions and policies respecting cybersecurity must be properly communicated not only within the organization, but also with all stakeholders.
  • Protection of personal information and data, and Canada’s anti-spam legislation: If your organization collects data or personal information as part of its operations, it must do so in accordance with the law.
  • Technical and technological component to increase cybersecurity: Legal and strategic advice associated with implementing the action plan following our cybersecurity needs analysis.

Representative mandates

  • Advised one of the largest professional orders in Quebec regarding a major computer security breach affecting its employees and members.
  • Advised a major Canadian chemical company on the theft of its employees’ and customers’ personal data.
  • Advised a Canadian tax and financial planning association following a cyberattack on its IT service provider.
  • Advised and provided a legal opinion to one of the most prominent public organizations in Quebec on the appropriateness and content of an incident report resulting from a breach of confidentiality following a cyberattack.
  • Advised a multinational tobacco company on the measures to be implemented in the event of a computer security breach and reviewed its policies, guidelines and response plans in this regard.
  • Provided training to executives of a multinational cybersecurity insurance organization.
  • Provided training to a major accounting and tax firm on cybersecurity and privacy.
  • Advised a Crown corporation on applying the General Data Protection Regulation (GDPR) and created a matrix to identify cases where this European legal framework, which includes rules on IT security breaches, should be applied.
  • Participated in data protection IT audits for various companies as part of a partnership with an international consulting firm.
  • Advised a Canadian vehicle parts company that was held to ransom following an unwarranted intrusion into its databases containing all of the technical drawings of its American and European vehicle manufacturer clients.
  • Reviewed the physical and software security rules of two major Canadian financial institutions’ IT and telecommunications systems and negotiated and drafted the physical and software security obligations incumbent on the service provider to which the operation of these systems was outsourced in order to ensure adequate contractual protection for the financial institutions against any breach of confidentiality of personal and other sensitive data entrusted to the service provider.
  • Assisted a European law firm with a major employee and supplier data breach involving a multinational electronics company and its subsidiaries in several jurisdictions around the world.
  • Advised a publicly traded company in the implementation of IT governance and security measures for the sharing of trade secrets between its various sites in Canada, the United States and Europe.
  • Represented a European company that was the victim of a cyber incident to claim damages from those responsible for the incident located in Canada.
  1. Lavery assists Agendrix in obtaining two ISO certifications for data security and privacy

    On February 6, 2023, Agendrix, a workforce management software company, announced that it had achieved certification in two globally recognized data security and privacy standards, ISO/IEC 27001:2013 and ISO/IEC 27701:2019. This made it one of the first staff scheduling and time clock software providers in Canada to obtain these certifications. The company is proactively engaging in all matters related to the security and confidentiality of the data processed by its web and mobile applications. The ISO/IEC 27001:2013 standard is aimed at improving information security systems. For Agendrix’s customers, that means its products comply with the highest information security standards. ISO/IEC 27701:2019 provides a framework for the management and handling of personal information and sensitive data. This certification confirms that Agendrix follows best practices and complies with applicable laws. A Lavery team composed of Eric Lavallée, Dave Bouchard, Ghiles Helli and Catherine Voyer supported Agendrix in obtaining these two certifications. More specifically, our professionals assisted Agendrix in the review of their standard contract with their customers, as well as in the implementation of policies and various internal documents essential to the management of personal information and information security. Agendrix was founded in 2015, and the Sherbrooke-based company now has over 150,000 users in some 13,000 workplaces. Its personnel management software is a leader in Quebec in the field of work schedule management for small and medium-sized businesses. Agendrix’s mission is to make management more human-centred by developing software that simplifies the lives of front-line employees. Today, the company employs more than 45 people.

    Read more
  2. Lavery represents ImmunoPrecise Antibodies as it acquires BioStrand

    On March 29, 2022, ImmunoPrecise Antibodies Ltd (IPA) announced that it acquired BioStrand BV, BioKey BV, and BioClue BV (together, “BioStrand”), a group of Belgian entities pioneers in the field of bioinformatics and biotechnology. With this €20 million acquisition, IPA will be able to leverage BioStrand’s revolutionary AI-powered methodology to accelerate the development of therapeutic antibody solutions. In addition to creating synergies with its subsidiaries, IPA expects to develop new markets with this revolutionary technology and strengthen its position as a world leader in biotherapeutics. Lavery was privileged to support IPA in this cross-border transaction by providing specialized expertise in cybersecurity, intellectual property, securities and mergers and acquisitions. The Lavery team was led by Selena Lu (transactional) and included Eric Lavallée (technology and intellectual property), Serge Shahinian (intellectual property), Sébastien Vézina (securities), Catherine Méthot (transactional), Jean-Paul Timothée (securities and transactional), Siddhartha Borissov-Beausoleil (transactional), Mylène Vallières (securities) and Marie-Claude Côté (securities). ImmunoPrecise Antibodies Ltd. is a biotherapeutic, innovation-powered company that supports its business partners in their quest to discover and develop novel antibodies against a broad range of target classes and diseases.

    Read more