Law Times

Law Times • November 25, 2013 Page 13 FOCUS AccessPrivacyHB Heenan Blaikie offers comprehensive privacy services BY Julius Melnitzer For Law Times N ational law firm Heenan Blaikie LLP has seven lawyers in Toronto and Calgary focused full time on privacy work, a fact that gives it one of the largest dedicated privacy practices in the country. "With the growing sophistication of [chief privacy officers] at a rapidly growing number of companies, there's no more room for dabbling," says Adam Kardash of Heenan Blaikie's Toronto office. And what room there is doesn't necessarily involve pure legal advice. "After a while, it became clear that our client base needed something beyond law or at least as law has historically been practised," says Kardash. "What they were looking for was a consulting type of service that featured a broader value package that included thought leadership, a more commoditized delivery of certain kinds of information, and a new approach to pricing privacy-related service." That led to the creation in 2007 of AccessPrivacyHB, a division of Heenan Blaikie Management Ltd., an entity wholly owned by the law firm and complementary to Heenan Blaikie's national privacy and information management law practice. "Our vision was to be the leading provider of privacy compliance and information governance solutions with the goal of helping clients maintain, establish or repair trust with consumers, patients, employees, and other stakeholders," says Kardash. "To do that, we needed a much broader service offering." Kardash heads AccessPrivacyHB and is one of its two managing directors along with Pamela Snively, a lawyer and consultant who was chief risk officer at Davis + Henderson, a publicly traded business process outsourcer, before joining AccessPrivacyHB in 2009. Before that, she was chief privacy officer and senior counsel at Symcor Inc., a large financial processing outsourcer. At both companies, Snively's responsibilities included the implementation of a privacy and security program. Her work at Symcor required her to meet the rigorous and complex demands of the Canadian financial community and its regulators regarding sensitive personal financial data. The AccessPrivacyHB team has eight other members: one from the firm's commercial law group and the rest from the privacy group. Snively works almost exclusively as a consultant, but the other seven lawyers work very differently depending on whether they're advising on pure legal matters or performing a consultancy-imbued role helping clients develop a strategic approach to privacy and information management. "None of the lawyers in the AccessPrivacy group bill individually," says Kardash. "As consultants, we bill on a project or fixed-fee basis." AccessPrivacyHB's mandates include doing a comprehensive assessment of a major retailer's personal information management and privacy risk mitigation practices; creating privacy governance frameworks; conducting an anonymous benchmark survey for the financial sector in which it gathers information from competitors and then shares it anonymously for the benefit of all; delivering privacy incident workshops focusing on mandatory reporting requirements for breaches; and providing internal guidance on privacy issues in cloud computing. AccessPrivacyHB, in conjunction with the law firm, also provides online subscription services including Private Sector Source, a search engine for federal and provincial privacy legislation, case law, regulations, orders, guidelines, and other resources; and Public Sector Source, an electronic guide to Ontario's Freedom of Information and Protection of Privacy Act, the Municipal Freedom of Information and Protection of Privacy Act, the Access to Information Act, and the Privacy Act. Another offering is the CPO Forum, a thought-leadership program that consists of workshops, exchanges, and training sessions. The workshops, which can be specific to a particular sector, are thought-leadership events and often involve privacy regulators and industry association representatives. The current year features workshops on online behavioural advertising, privacy and cyber insurance, and legislative amendments. The exchanges provide chief privacy officers and in-house counsel with opportunities to network and interact with their peers through informal conversations over quarterly lunches. Also available is an annual package, a tailored training program aimed at helping organizations demonstrate to their stakeholders and regulators that they've complied with privacy officer training requirements. Two other training options for chief privacy officers include introductory and advanced programs. The introductory program covers the core elements of developing and implementing as well as maintaining and improving privacy programs. As with other programs, it also focuses on demonstrating accountability to regulators and stakeholders. The advanced program aims to keep experienced chief privacy officers abreast of current developments with a focus on new compliance expectations, emerging challenges, and best practices, "as well as a strategic approach to achieving a best-in-class and demonstrably compliant privacy program," according to AccessPrivacyHB's web site. Other programs include customized employee and organization training with AccessPrivacyHB either doing the sessions itself or designing materials for its clients to administer. As the icing on the cake, AccessPrivacyHB holds a monthly privacy telephone conference that offers insights into emerging issues and notable developments in privacy and information management. The 30-minute calls are free and subscribers can access them online at any time. "We have had hundreds of companies across North America involved in the calls," says Kardash. LT LEXPERT® LEGAL EDUCATION SEMINARS FALL 2013 SCHEDULE WEBCAST OPTION AVAILABLE FOR EACH COURSE! THE 6th ANNUAL ADVERTISING AND MARKETING LAW FORUM December 10, 2013, Toronto, Ontario ANTI-BRIBERY AND CORRUPTION COMPLIANCE: COPING WITH THE ONSLAUGHT CORPORATE GOVERNANCE 2013: MEETING SHAREHOLDER EXPECTATIONS December 3, 2013, Toronto, Ontario December 5, 2013, Calgary, Alberta December 9, 2013, Calgary, Alberta December 12, 2013, Toronto, Ontario INFORMATION PRIVACY AND DATA PROTECTION: TECHNOLOGY, SECURITY AND CORPORATE ACCOUNTABILITY IN TODAY'S MARKETPLACE CONDUCTING EFFECTIVE WORKPLACE INVESTIGATIONS: WHEN IGNORANCE ISN'T BLISS THE LIFE CYCLE OF PHARMACEUTICALS: ADDING VALUE AT EACH STAGE December 10, 2013, Toronto, Ontario December 9, 2013, Toronto, Ontario December 2, 2013, Toronto, Ontario For more information or to register for these seminars, please visit www.lexpert.ca/events www.lawtimesnews.com

• Cover