Skip to main content

Cybersecurity & Incident Response

Cyber Security

The Cybersecurity & Incident Response Group at Fasken is adept at helping U.S. companies understand and adhere to the complex cybersecurity and privacy laws that apply to foreign companies doing business in Canada. 

Our team advises a wide range of clients, ranging from small and medium-sized enterprises to Fortune 100 and Fortune 500 companies.  


Cyber Security

From cybersecurity risk management and incident prevention through incident planning, response and litigation/class action defense, our team has a full range of expertise in cybersecurity and privacy matters.

We provide guidance on investigating, responding to and containing cybersecurity and privacy breaches, as well as on reporting to law enforcement. We have considerable experience in leading incident responses and in working behind-the-scenes with internal response teams, including those based in the US. As a testament to our expertise, many leading cyber insurance carriers have selected us as preferred counsel and first responders to assist policyholders in responding to cybersecurity incidents.

We work with clients and third-party experts to help prevent, mitigate and plan for cybersecurity risks through:

  • Offering advice on legal, regulatory and industry/technical standards;
  • Mitigating legal liability exposure;
  • Reviewing service provider and vendor contracts;
  • Developing strategies for cybersecurity assessments and incident responses; and
  • Building and refining effective incident response plans and training programs

We have acted as lead counsel in a number of landmark individual and class action litigation related to privacy and cybersecurity incidents. We have worked for more than 15 years with privacy regulators in Canada, both directly and on behalf of clients. In recognition of our expertise, we have been commissioned by the Office of the Privacy Commissioner of Canada to author more than a half-dozen landmark privacy reports, interpretations and other guidance materials.

Among other concerns, we have helped clients respond to:

  • Cyber extortion in the context information theft, DDoS attacks and ransomware;
  • Sophisticated and large-scale hacking, malware and phishing attacks;
  • Lost/stolen laptops, drives, USBs, and paper records;
  • Business practice claims (e.g. alleged misuse of information for commercial purposes);
  • Breaches impacting payment cards and PCI rules;
  • Careless, snooping and rogue employees; and
  • Service provider breaches.