Privacy + Data Management
Privacy + Data Management
News + Views + Events
Helpful Links
Client Stories

Cloud computing, identity theft, database security, surveillance, privacy policies, and access to information: individuals and organizations, both large and small, are increasingly faced with challenging issues in the area of privacy and information handling. The Field Law Privacy + Data Management Group is a recognized leader in the area of privacy law, offering a full range of services to guide our clients through the complex landscape of privacy law.

Field Law helps public bodies and organizations protect their businesses and strengthen their relationships with their customers and the public. We work with our clients to conduct privacy audits, prepare privacy impact assessments, and draft and review internal and external privacy policies and procedures. We facilitate corporate transactions by reviewing contracts and other legal documents involving non-disclosure agreements, waivers, confidentiality agreements and releases. We provide our clients with sound and practical advice on records management issues, confidentiality matters, employee and customer information management, reporting privacy breaches and compliance with mandatory reporting legislation. We provide responsive research and legal opinion services, and offer training and seminars on a full spectrum of privacy related topics.

Field Law offers a full range of services in judicial and administrative proceedings involving privacy matters. We advise and act for public bodies, health service providers, individuals and other organizations in Information and Privacy Commissioner reviews, inquiries and investigations. Specific services we provide to our clients include:

  • Providing advice on information handling practices and the collection, use and disclosure of information under the applicable legislation, including the Personal Information Protection Act (Alberta), the Freedom of Information and Protection of Privacy Act (Alberta) and the Health Information Act (Alberta).
  • Assisting clients in understanding what information needs to be provided to an individual who requests access to information and assisting in responding to access requests.
  • Providing advice to clients with respect to the circumstances in which personal information can be disclosed without breaching applicable privacy statutes.
  • Assisting clients with the management of employee information.
  • Working with clients who have inadvertently disclosed personal information to manage the privacy breach, including whether the breach must be reported to the Office of the Information and Privacy Commissioner.
  • Representing clients before privacy commissioners, whether provincial or federal, in the context of complaints, inquiries and investigations.
  • Representing clients before courts in applications for judicial review from decisions of privacy commissioners.
  • Representing clients before courts in applications to produce records under rule 5.13 of the Alberta Rules of Court.
  • Defending clients who have been sued for breach of privacy.
  • Drafting privacy policies, procedures, and operational manuals to assist clients in ensuring that policies and procedures are compliant with applicable privacy legislation.
  • Providing customized training to clients and their employees on applicable legislation and the implementation and enforcement of their policies, procedures and operational manuals.

Federal Privacy Matters and Canada’s Anti-Spam Legislation

On July 1, 2014, Canada’s Anti-Spam Legislation (CASL) came into force. CASL regulates the form and content of electronic communications and imposes consent requirements. Failure to comply with CASL could lead to the imposition of large fines and ultimately will give affected individuals a private right of action. In light of CASL’s broad application, stringent standards for consent, and penalties for non-compliance, organizations that send electronic messages should develop a compliance plan.

CASL is complex legislation, with detailed regulations, and with various federal bodies involved in its interpretation and enforcement. Field Law’s Privacy and Data Management Group can help your organization understand requirements under CASL. We can assist with a review of your organization’s marketing and communication practices and have experience in the following areas:

  • Providing practical advice to clients concerning compliance with the Personal Information Protection and Electronic Documents Act (Canada) and CASL.
  • Representing clients before the Canadian Radio-television and Telecommunications Commissioner in the context of proceedings under CASL.
  • Reviewing and auditing client organization’s current marketing and communications practices for CASL compliance.
  • Developing and implementing CASL compliance action plans.
  • Preparing CASL-compliant consent forms and processes, unsubscribe mechanisms, and identification notices.
  • Reviewing client agreements with third party providers to ensure compliance with CASL.


Edmonton Police Service v Alberta (Information and Privacy Commissioner), 2020 ABQB 207
Edmonton Police Service v Alberta (Information and Privacy Commissioner), 2020 ABQB 10
September 2023 - 6 min read
Addressing the Legal Issues Arising from the Use of AI in Canada
In September 2023, the Canadian government released new guidelines highlighting the increasing impact of Artificial Intelligence (AI) on businesses. Intellectual property, liability, data privacy, bias, transparency, ethics, and govern...
August 2023
The Best Lawyers™ in Canada 2024
43 Lawyers Recognized
Field Law is pleased to announce that 44 of our lawyers are recognized in their respective practice areas in the 18th edition of The Best Lawyers™ in Canada. Recognition in Best Lawyers™ is based on peer reviews of ...
April 2023 - 7 min
Know the Limits of Private Information
Edmonton AM with Mark Connolly, Tara McCarthy
A tight rental market in Alberta has led to some landlords asking for a lot of personal information from prospective tenants. CBC heard from some tenants who said landlords they dealt with were asking for their social insurance numbers, copies of drive...
March 15, 2023
How Much Personal Information is Your Employer Entitled to?
Edmonton AM with Mark Connolly, Tara McCarthy
Personal information belonging to current and former Indigo Books employees was recently compromised in a massive hacking incident. To learn more about what information employers should and should not be collecting, Edmonton AM was joined by Jason...
February 2023
2022 - A Year in Review: Labour + Employment (Part 2)
Seminar + Webinar
Join members of our Labour + Employment Group for our annual Year in Review, which focuses on legal updates for management and employee groups.Part 2 of this series will cover Privacy, Employment and Human Rights. To view the recording for Part 1, whic...
September 2022
Privacy Torts + Vicarious Liability: What Can Organizations Do?
Over the last two decades, we have slowly realized that our personal information is not nearly as personal or private as it used to be. It seems that someone or something is attempting to collect and use our personal information at every turn. Both the...
August 25, 2022
The Best Lawyers™ in Canada 2023
39 Lawyers Recognized
Field Law is pleased to announce that 39 of our lawyers are recognized in their respective practice areas in the 17th edition of The Best Lawyers™ in Canada. Recognition in Best Lawyers™ is based on peer reviews of ...
August 2022 - 3 min read
The Artificial Intelligence and Data Act… Coming Soon to AI Near You
In June 2022, the Government introduced Bill C-27, an Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act. A major component of this propose...
April 7, 2022
Coffee + Counsel: Employer Considerations for the Removal of Vaccination Policies
Q+A Session
Join us for another edition of Coffee + Counsel, a complimentary series that brings you together with a few of our lawyers for an unscripted chat about legal issues pertinent to organizations in Alberta. Your questions guide the discussion, and we prov...
March 2022
Alberta ‘Energy War Room’ Not Public Body Under Provincial Privacy Law, Commissioner Rules
The Lawyers' Daily
February 24, 2022
2021 - A Year in Review: Labour + Employment (Part 2)
Join members of our Labour + Employment Group for our annual Year in Review webinar, which focuses on legal updates for management and employee groups.Part 2 of this series will cover Privacy, Human Rights and Employment. To view the recordin...
February 3, 2022
Financial + Legal Checkup for Medical Practitioners
What legal issues should medical practitioners be aware of when operating a private practice? What financial processes should be in place to support the business's health?  Join Field Law's Britt Tetz and Marc Yu and KWB Chartered Profe...
January 2022
Meet Our Newest Partners
Field Law welcomes Jill Bishop and Richard Stobbe to its partnership.Field Law is pleased to welcome Jill Bishop and Richard Stobbe as firm partners, starting January 1, 2022.“Both Richard and Jill have demonstrated leadership and commitment to e...
October 2021
Alberta Awards First Damages for Public Disclosure of Private Facts
Until recently, a person’s ability to sue for privacy concerns in Canada has been limited to traditional torts such as defamation, negligent/intentional infliction of mental distress, breach of confidence or harassment. This has not been satisfac...
August 2021
The Best Lawyers™ in Canada 2022
38 Field Lawyers Recognized
Field Law is pleased to announce that 38 of our lawyers are recognized in their respective practice areas in the 16th edition of The Best Lawyers™ in Canada. Recognition in Best Lawyers™ is based on peer reviews of ...
May 13, 2021
Coffee + Counsel: How to Protect Your Business Against Phishing Attacks
Q+A Session
Join us for another edition of Coffee + Counsel, a complimentary series that brings you together with a few of our lawyers for an unscripted chat about legal issues pertinent to organizations in Alberta. Your questions guide the discussion, and we prov...
May 2021
Gone Phishing? Cybersecurity Issues Are a Recurring Struggle for Organizations
The prevalence of fraudulent activity has increased during the COVID-19 pandemic. In 2020 alone, the Canadian Anti-Fraud Centre reported 70,948 cases of fraud, with $108.8M lost to fraud. Between March 6, 2020, and March 31, 2021 alone, $7.25...
May 5, 2021
The Modernization of Canadian Privacy Law: Where Are We Heading?
Individuals and organizations, both large and small, are increasingly faced with challenging issues in the area of privacy and information handling. Bill C-11, the Digital Charter Implementation Act, 2020, seeks to modernize Canadian privacy legis...
May 2021 - 3 min read
Feds Promise to Create Data Commissioner, More Funding for IP as Part of Fiscal Plan
The Lawyer's Daily
February 24 + March 10
2020 - A Year in Review Webinar Series
Did you miss the Field Law Labour + Employment Group's annual Year in Review? The recordings are now available! Is employer-friendly OHS legislation coming to a worksite near you? What are the impacts of COVID-19 on employment legislation a...
March 2021
Canada’s new privacy regime in Alberta
Canadian Bar Association
March 2021 - 4 min read
Facial Recognition: A Privacy Law Perspective
Humans love to look at faces – our families, our friends, complete strangers. In some ways, our brains are optimized for facial identity recognition. We’re good at it, so of course we want to teach machines how to do it even bette...
January 2020 - 5 min read
Alberta’s Legislation on Privacy and Protection of Personal Information needs Review: Commissioner
The Lawyer's Daily
December 2020 - 3 min read
New Year, New Privacy Amendments?
What May be in Store for Alberta’s Public and Private Sectors
This year has been marked by accelerated efforts to amend existing federal and provincial privacy legislation.  As anticipated, the Alberta Information and Privacy Commissioner (Commissioner) has proposed a number of amendments to the Freedom of I...
December 2020 - 9 min read
Case Summary: In re Capital One Consumer Data Sec. Breach Litig.
Defence + Indemnity
A U.S. District Court holds that the report of a forensic consultant, engaged on retainer in advance, in response to a data breach is NOT privileged. In re Capital One Consumer Data Sec. Breach Litig., 2020 U.S. Dist. LEXIS 91736 (U.S. Dist. Ct., E Va....
November 2020
Alberta's Health Information Act: What is Changing?
Bill 46: Health Statutes Amendment Act, 2020 (Bill 46) was recently introduced in the Alberta Legislature. The omnibus bill amends a number of pieces of health legislation, including the Health Information Act (HIA). As the Minister of Health...
November 2020 - 5 min read
European Influence and the Modernization of Canadian Privacy Law: Is Alberta Next?
Canada’s privacy laws have arguably lagged behind the European Union for years. The EU’s General Data Protection Regulation (GDPR) has incorporated a human rights-based approach to privacy within its data protection legislati...
September 16, 2020
Privacy for Condo Corporations: Understanding + Complying with PIPA
Condominiums in Alberta are defined as organizations which are subject to the requirements of the Personal Information Protection Act (PIPA). This means that condo corporations must develop and adhere to policies and practices that comply with PIPA whe...
August 2020
The Best Lawyers™ in Canada 2021
38 Fielders Recognized
Field Law is pleased to announce that 38 of our lawyers are recognized in their respective practice areas in the 15th edition of The Best Lawyers™ in Canada. Recognition in Best Lawyers™ is based on peer reviews of ...
July 7, 2020
Privacy for Health Care Organizations: What Has Changed and What Hasn’t?
Health care organizations have had to adapt quickly during the COVID-19 pandemic. In addition to managing an unknown disease and focusing on patient care, day to day operational life has changed- videoconferencing, fit for work screening, and liab...
May 2020 - 4 min read
The ABTraceTogether App - Key Privacy Considerations
In a bid to help combat the spread of the novel coronavirus (COVID-19), Alberta has become the first Canadian province to launch a contact tracing app to track community transmission of COVID-19.Alberta released the app, ABTraceTogether, on May 1, 2020...
May 2020 - 5 min read
Returning to Campus During a Pandemic: Privacy Issues
This week, as this article went to press, several major Canadian and American universities announced plans to maintain classes online when the fall semester starts in September. Other universities and colleges are making plans to bring students ba...
May 2020
Cybersecurity in the Age of COVID-19 (And Beyond)
April 1, 2020
Privacy + Data Management Considerations for Employers in a Pandemic
During a pandemic it can be difficult to balance employee privacy rights with the need to collect the information required to make critical decisions. Presented by Katrina Haymond and Kelly Nicholson, this webinar will provide employers with informatio...
February 2020
Can Border Officers Search Your Phone?
A few months ago, and despite widespread criticism, the Canadian government passed legislation allowing US border officers to conduct warrant-less searches on Canadian soil.  The Pre-Clearance Act implemented a bilateral treaty betw...
February 2020
“False Light” Publicity: A New Risk in Data Management
Canadian courts have traditionally been more reluctant than their American counterparts to recognize torts relating to privacy interests. The American Law Society adopted the following four torts protective of individual privacy some time ago in its we...
February 2020
Access to Information and Privilege: The Saga Continues
The Alberta Court of Queen’s Bench has provided some much-needed guidance on solicitor-client privilege in the context of access to information requests in Edmonton Police Service v. Alberta (Information and Privacy Commissioner), 2020 ...
January 28, 2020
How to Protect Your Business Against Cyber Threats
In 2010 the Government of Canada “launched a national effort to defend against [cyber security] threats with Canada’s first Cyber Security Strategy”: National Cyber Security Strategy (the National Strategy). This outlines three t...
Winter 2020
2019 - A Year in Review Seminar Series
Join the Field Law Labour + Employment Group for our annual seminars featuring legal updates and practical challenges for management and employee groups.Part 1 has been approved for 1.75 CPD hours and Part 2 has been approved for 2.25 CPD hou...
December 2019
Case Summary: Bourbonnière v Yahoo! Inc.
Defence + Indemnity
Certification for a class action relating to a data breach was refused because, among other things, the Plaintiff was held not to have suffered a compensable loss. The Plaintiff failed to demonstrate a compensable loss such as actual fraud or identity ...
September 26, 2019
Must Have Policies for Employers: Why, What + How
Join Field Law in Edmonton and Calgary and learn tips and tricks to assist with the implementation and enforcement of three workplace policies Employers should have in place in today’s market.We will explore how changes in legislation and culture...
August 2019
Alberta Court of Appeal Confirms the Limitation Period for Statutory Damages Claims under PIPA
The Alberta Court of Appeal has recently confirmed that the limitation period under the Alberta Limitations Act applicable to a statutory claim for damages under the Personal Information Protection Act (PIPA) does not begin to run until a Commissioner&...
May 2019
Estate Planning for Privacy
The Supreme Court of Canada may soon be considering the intersection between estate and privacy law as well as the public policy behind the “open court” principle.  The personal representatives of the estates of murdered Canadian billi...
February 2019
A New Approach to the Reasonable Expectation of Privacy: R v Jarvis, 2019 SCC 10
Labour + Employment
Though it emerges in a criminal law context, the new decision of the Supreme Court of Canada in R v Jarvis, 2019 SCC 10 is likely to have an impact on future cases that consider the scope of an individual’s privacy interest, whether in the crimin...
February 6, 2019
2018 Year in Review for Northern Employers
Join Field Law for a review of the most important legal cases from 2018. Topics covered will include: Labour Employment Human Rights Occupational Health + Safety Privacy Immigration Cannabis This seminar will be broadcast live via ...
Winter 2019
2018 A Year in Review Seminar Series
The Field Law Labour and Employment Group presents the annual Year in Review seminars in Calgary and Edmonton. Join us for legal updates and practical challenges for management and employee groups in the areas of:  Part 1: Human Rights ...
December 2018
Case Summary: Wm Morrison Supermarkets PLC v Various Claimants
Defence + Indemnity
Employers can be vicariously liable at common law for the actions of a rogue employee who brings about an unauthorized cyber data breach, even where the employee’s motive was to harm the employer and not to injure the third parties ...
October 17 + 18, 2018
Cybersecurity Roundtable: Risks + What to Do
In our previous workshop, “Cybersecurity for Canadian Organizations”, we presented an overview of cybersecurity risks and obligations, as well as what should be done to prevent or mitigate risks and how to respond to cyber incidents. Buildi...
December 2017
R v Jarvis: Is There a Reasonable Expectation of Privacy in Schools?
Workwise Newsletter
In R v Jarvis, the Ontario Court of Appeal recently discussed the existence of a reasonable expectation of privacy in a school environment. Background The Respondent, a high school teacher, was surreptitiously recording female students and te...
June 2017
Government of Canada Suspends CASL's Private Right of Action Provisions
By Order in Council dated June 7, 2017, the federal government suspended the coming into force of the private right of action provisions under Canada’s Anti-Spam legislation (CASL), “in response to broad-based concerns raised by businesses,...
September 2016
The Wild West: Drone Laws and Privacy in Canada
‘Drones’ were first known by the military as unmanned aerial vehicles, and later by the International Civil Aviation Organization as remotely piloted aircraft systems. Drones come in various shapes and sizes and can be p...

Access to Information Requests

We were approached by an insurance company whose insured had made an access to information request for records relating to an insurance claim. The insurance company wanted to preserve its relationship with the insured while protecting internal records.

Working with the client and insurance adjuster, we reviewed the records being sought by the insured and devised a fair approach to the access request. We gave the insured access to a substantial amount of records to alleviate concerns over the claim's handling while maintaining a firm approach in withholding records that were sensitive to the client. The insured sought a review of our response to the Office of the Information and Privacy Commissioner. We maintained our position, taking into account the need to set a precedent for future access requests that may be made to the client by other individuals.

We successfully defended our position before the Privacy Commissioner and also managed to avoid further Inquiry. Processes before the Privacy Commissioner can take time to resolve, and we were able to provide regular updates on the status and minimize expenses incurred.

Identifying Anonymous Wrongdoers

A client was being anonymously defamed on an online review platform and needed assistance identifying the name of the defamer to determine the appropriate party to commence legal action against.

Using an extraordinary pre-litigation Court remedy available, called a “Norwich Order,” we were able to compel the IP address of the anonymous wrongdoer from the review platform. This information allowed us to identify the Internet Service Provider (ISP) associated with the IP address and obtain a subsequent Norwich Order to compel the ISP to provide the subscriber information. With the subscriber information, we could expose the otherwise anonymous wrongdoer and give our client access to justice.

Access to Information Under PIPA

A client, who is an organization governed by the Personal Information Protection Act (PIPA), received an access request where the applicant was seeking all personal information in the organization’s custody or control. 

Working with the organization’s Privacy Officer, we helped her to understand the applicable requirements under PIPA, identify which records needed to be reviewed in response to the request, and understand the timelines that they needed to follow to comply with the request. After reviewing the records, we advised the client which records constituted the applicant’s personal information.

Given that the client was concerned about disclosing the records, we also provided advice on the records that they could potentially withhold according to the exceptions in PIPA.  We then assisted the client in providing a written response to the applicant, explaining what records would be disclosed, which records were being withheld, and the reasons for withholding the records. 

The client also wanted to understand her obligations under PIPA better so that they had the tools needed to respond to similar access requests in the future.  We were able to assist by educating them regarding the requirements in PIPA, and by providing a framework that could be used to deal with future access requests.

Providing practical advice on the FOIPP Act

A public institution needed advice about its obligations under the Freedom of Information and Protection of Privacy Act (FOIPP Act). While the FOIPP Act can be complicated, Leanne helped break that complexity down by offering an opinion clearly setting out the public institution’s obligations and providing specific and practical recommendations to the public institution on how to meet those obligations.

Access to Information Under the FOIP Act

A public body client with a highly controversial and newsworthy matter was looking for advice on how to respond to a request for information under the Freedom of Information and Protection of Privacy Act (Alberta) (FOIP Act). 

By working with the client, we crafted a message to the public without violating the privacy interests and competitive business and financial information that the client was obligated to protect from disclosure. This approach was compliant with the statutory legal obligations of the public body while also protecting the client’s interests and avoiding unwanted media attention. 

Policy Drafting

A client approached us for help in drafting a privacy policy. The policy needed to be robust because failing to protect personal information could be detrimental to the services delivered by the client, the client’s public image and could result in regulatory penalties.  

Collaborating with the client, we prepared a policy which addressed the wide array of circumstances and persons providing personal information to the client. The policy helped the client meet its statutory obligations under the Personal Information Protection Act (Alberta) and regulatory obligations unique to the client as a utility provider.  

Custom Tools to Empower Clients

The client, a public body, required tools and rules on confidentiality and privacy laws applicable to its role as an administrative tribunal.

We drafted the documents and rules to be used by the public body to help guide their compliance with their statutory obligations when making decisions about confidentiality requests. 

This work empowered the client with models and tools to use when addressing confidentiality issues and insulated the client from judicial review, and complaints to the Privacy Commissioner.