Privacy and Data Management

Osler’s Privacy team is the largest and most recognized group of practitioners in Canada who focus exclusively on privacy and data management.

Osler has the largest team of practitioners who focus on privacy and data management in Canada. Our team is comprised of acknowledged leaders in the privacy arena and our Group is consistently recognized by industry-leading publications, including a Band 1 ranking in Chambers Canada.

We provide advice on the increasingly complex rules and the broad range of privacy and data-governance issues arising from the collection, use, disclosure and management of personal information. Our fully integrated team is uniquely positioned to provide a comprehensive service offering that includes legal services, online privacy information services and consulting services.

Our lawyers work closely with our innovative AccessPrivacy privacy and data management consulting team, which offers clients an integrated suite of consulting, legal and information services, including our CPO (Chief Privacy Officer) Forum’s thought-leadership program, workshops, conferences, Private Sector Source and Public Sector Source online services and our Monthly Privacy Call. Together with a wide range of internal legal talent, we have an unparalleled level of hands-on privacy and data-management experience that allows us to provide timely, collaborative, practical and cost-effective solutions.

Osler is a program partner of the Information Accountability Foundation (IAF), the preeminent global information policy think tank that works with regulatory authorities, policymakers, business leaders, civil society and other key stakeholders around the world to help frame and advance data protection law and practice through accountability-based information governance.

Our clients span a broad range of industries and sectors, including the following:

  • Banking and financial services, including insurance
  • Business process outsourcing
  • Education, including universities, colleges and school boards
  • Entertainment and media
  • Healthcare, including healthcare service providers and health research
  • Retail and consumer products
  • Technology and social media
  • Telecommunications
  • Transportation
  • Utilities

Drawing on our extensive experience, innovative skills and practical solutions, we

  • advise clients on compliance with all Canadian federal and provincial privacy and data-management laws
  • advise clients on compliance with Canada’s anti-spam legislation (CASL)
  • advise and develop policies and guidelines applicable to privacy issues regarding marketing and advertising programs and campaigns, including social media–related marketing, online behavioural advertising, and marketing to children
  • address and advise on cross-border privacy issues, including the transfer of data outside Canada
  • help clients manage significant privacy information security breaches and regulatory notification issues for individuals
  • assist clients with the compliance and data-governance issues associated with data analytics, fraud-detection programs and other emerging data uses
  • advise on enterprise-wide privacy information–governance compliance monitoring programs
  • advise and respond to investigations and complaints filed with privacy regulatory authorities
  • advise clients on privacy issues and requirements on mergers and acquisitions and corporate finance transactions, and negotiate privacy law provisions for business transactions
  • address workplace privacy issues, including email and Internet use policies affecting an employee’s expectation of privacy, and identify privacy-compliant practices for handling and using employee data
  • advise clients on management of individual requests for access to, and/or correction of, personal information
  • develop and perform comprehensive Privacy Impact Assessments (PIAs), privacy and information risk assessments, preparation of data flow maps
  • develop and implement data-classification and records-management programs
  • develop and implement privacy and data-use and -protection policies and procedures that comply with applicable laws and that maintain business flexibility and public and business partner trust
  • develop and implement policies and procedures necessary to meet payment card industry (PCI) standards
  • advise clients on training and awareness programs 

Key Contacts


Éloïse Gratton, Ad. E.

Partner, Privacy and Data Management, Montréal, Toronto


Adam Kardash

Partner, Privacy and Data Management, Toronto

Representative Work

  • Advising banks and financial institutions, credit retailers and credit reporting agencies on privacy law requirements, jurisdiction and issues arising under Canadian privacy legislation.
  • Advising health care, pharmaceutical, pharmacy and medical device companies on requirements of Canadian health information legislation.
  • Advising major direct mail marketers, retailers, manufacturers and Internet-based businesses on compliance with Canadian privacy and developing anti-spam legislation.
  • Advising a broad range of businesses on Internet-related privacy issues involving collection, use and sharing of personal information.
  • Advising on privacy law requirements and negotiating privacy protection provisions in a broad range of merger, share and asset transactions and securitizations involving personal and health information databases, assets and portfolios.
  • Providing Canadian privacy law advice in numerous international transfers or outsourcings of financial services, bill payment, employee information and customer database information.
  • Advising clients on responding to data breach issues including strategies for mitigating related harm and for complying with data breach notification obligations.
  • Representing business in courier, transportation, financial services, credit reporting and high technology sectors in complaints before Privacy Commissioner of Canada.
  • Representing numerous clients in Access to Information/Freedom of Information proceedings.
  • Advising clients from all sectors on the impact of Access to Information and Freedom of Information and Protection of Privacy laws on agreements and transactions involving governments and the public sector, funding from or providing services to governments and litigation with governments.

Latest Insights

  • Osler Update Jul 10, 2024

    The role of ISO/IEC 42001 in AI governance

    Global overview of emerging AI standards The rapid advancement of artificial intelligence (AI) has brought about a complex landscape of regulatory cha...

    Read more
    The role of ISO/IEC 42001 in AI governance
  • Osler Update Jul 5, 2024

    Leveraging AI in franchising: opportunities and legal considerations

    Introduction Artificial Intelligence (AI) has been a driving force in reshaping and transforming business operations across various industries. In the...

    Read more
    Leveraging AI in franchising: opportunities and legal considerations
  • Osler Update Jun 5, 2024

    The board’s oversight in the age of AI: ethics, compliance and competitive advantage

    Artificial intelligence (AI) is reshaping the global business landscape at an almost dizzying speed. Many organizations, and their directors, are eage...

    Read more
    The board’s oversight in the age of AI: ethics, compliance and competitive advantage
  • Osler Update May 10, 2024

    Emerging AI security risks and considerations: key takeaways from the NIST adversarial machine learning report

    As AI systems become increasingly prevalent and their integration into organizations become more entrenched, businesses face novel and evolving securi...

    Read more
    Emerging AI security risks and considerations: key takeaways from the NIST adversarial machine learning report
View all Insights
Stay up to date with our latest insights

Awards and Recognition

  • Chambers Canada: Canada’s Leading Lawyers for Business: Privacy & Data Protection (Band 1)
    • The team is recognised by market commentators as “experts in the field who are devoted to privacy issues and have a lot of connections to private sector organisations.”
    • The group also receives praise from clients for being “responsive, knowledgeable and engaged counsel.”
  • The Legal 500: Recognized in Technology (Tier 1)
  • GDR 100: Recognized in Data Management

In the Media

  • Osler News May 21, 2024

    Prominent privacy lawyers Éloïse Gratton and François Joli-Coeur join Osler’s market-leading national Privacy and Data Management practice

    Osler is pleased to welcome prominent privacy law practitioners Éloïse Gratton and François Joli-Coeur to the firm’s market-leading national Privacy a...

    Read more
    Prominent privacy lawyers Éloïse Gratton and François Joli-Coeur join Osler’s market-leading national Privacy and Data Management practice
  • Media Mentions Sep 20, 2023

    Federal parties look poised to use new law to fight B.C. privacy regulations, court documents indicate – The Hill Times

    Adam Kardash says in an interview that the argument federal political parties are making that they should be exempt from B.C.’s privacy laws is detrim...

    Read more
  • Osler News May 5, 2023

    Rosario Cartagena joins Osler’s Privacy and Data Management group as counsel

    Osler welcomes Rosario Cartagena to the firm’s national Privacy and Data Management group as counsel. Rosario is a leading expert in health privacy ma...

    Read more
  • Media Mentions Oct 10, 2022

    Ontario’s electronic monitoring legislation must enhance privacy rights for employees, experts say – The Globe and Mail

    Improving the disclosure of provincially-regulated employers who currently do not tell their employees how they are being monitored is a benefit of ne...

    Read more
View all