Lawyer Profile Detail
AREA OF EXPERTISE
Osgoode Hall Law School
Kirsten Thompson is a partner in our National Technology Group, and leads the firm’s national Cybersecurity, Privacy and Data Management group. She has both an advisory and advocacy practice, with a focus on providing privacy, data security and information governance advice to clients in a wide variety of industries.
Ms. Thompson advises on the informational elements of business transactions and helps clients manage information crises such as data breaches, investigations and class actions. She has been lead Canadian counsel on some of the largest North American data breaches. She also assists clients navigating the legal and privacy requirements of new products and technologies, as well as provides compliance advice both within and across jurisdictions. Additionally, she helps clients and boards in developing policies and practices around social media, surveillance, biometrics, marketing and telematics, including conducting privacy audits and information governance risk assessments. Prior to joining the firm, she was in house counsel at a North American technology company where she was responsible for both the business and legal aspects of information management.
DATA INCIDENT MANAGEMENT AND LITIGATION
- Advised retailers, credit agencies and health information custodians in respect of data breaches, including managing the breach, drafting notices and notifications, responding to privacy commissioners, assisting with investigations and post-event debriefing. Lead Canadian counsel on some of the largest North American data breaches.
- Initiated and defended against Freedom of Information and Access to Information requests in multiple jurisdictions and advised clients on the strategic use of access regimes in pre-litigation.
- Advised on legal, regulatory and market issues affecting companies in the areas of Big Data, data analytics and data monetization, both from the perspective of an acquirer/adopter and from the perspective of an innovator.
- Advised both provincial and national employers on HR privacy issues, including employee records issues, recruitment and screening issues, employee drug and alcohol testing, workplace surveillance (including the use of biometrics, CCTV, and location-based tracking (GPS), as well as traditional methods) and technology management issues such Bring Your Own Device policies and information security.
- Advised numerous international organizations on data transfers and institutional compliance with UK/EU, Canadian and US privacy laws
- Conducted a privacy audit of the Canadian operations of a North American publicly traded (TSX) provider of technology solutions and services, including developing an enterprise-wide records retention policy.
- Retained by a US publicly traded (NASDAQ) information, analytics and marketing services provider to provide advice in respect of an expansion of a service into Canada.
BUSINESS TRANSACTIONS, TECHNOLOGY AGREEMENTS, AND POLICIES
- Advised a US-based acquiring corporation about the management and integration of Canadian personal information held by the target corporation; also conducted due diligence of a target corporation’s privacy and information governance practices.
- Advised a cloud provider entering Canada as to the privacy and regulatory barriers in respect of adoption of cloud services by health care providers, facilities and other health-related enterprises.
- Advised a health care facility on the information and data security issues arising in the context of an agreement with a third party health care application developer.
- Reviewed and/or drafted employer policies on privacy, acceptable computer use, Bring Your Own Device, social media, data and records retention and surveillance.
BEHAVIOURAL AND ONLINE MARKETING
- Advised a number financial institutions and payment providers on issues related to the value realisation of transaction data via insight generation and the potential legislative barriers
- Advised a technology company on legal and privacy considerations in respect of providing geo-fencing services to retailers; provided similar advice in respect of wearable technology and telematics
- Advised an international client on best practices regarding the recording of customer calls in and across multiple jurisdictions, and the storage and use of such recordings.
- Advised an entertainment services company on the information management and sharing practices for a customer loyalty program across multiple providers.
Ms. Thompson regularly speaks and writes on substantive matters of law and procedure, as well as being a regular contributor to a variety of legal and popular magazines. Her publications have been cited by the Supreme Court of Canada and the Quebec Superior Court.
Ms. Thompson is listed in the current edition of Chambers Canada: Canada's Leading Lawyers for Business as a leading lawyer in the area of Privacy and Data Protection.
Ms. Thompson received her LLB from Queen’s University, where she graduated with a number of awards and distinctions, and her LLM from Osgoode Hall Law School. Prior to obtaining her law degrees, she obtained her B.Sc. from the University of Calgary and her B. Journalism (Hons.) from Carleton University. She also holds a specialized Certificate in E-Discovery from Osgoode Hall.
Ms. Thompson was called to the Ontario bar in 2000. She is a member of the Canadian Bar Association, the Advocates’ Society, International Association of Privacy Professionals, the Guild of Sommeliers, and is on the Board of IT.CAN and Women’s College Hospital.
Review of the Federal Financial Sector Framework - Department of Finance Canada Second Consultation Paper including Focus on Fintech, Open Banking
Major Changes to Canada’s Export and Technology Transfer Controls Coming into Force Shortly
Department of Finance Releases Consultation Paper on New Retail Payments Oversight Framework Providing for Functional Regulation of Payment Service Providers
Key Banking Decisions of 2016: The Supreme Court of Canada releases its decision in Royal Bank of Canada v. Trang
Digital Privacy Act is Now Law
FIPA Report Calls For Unnecessary Regulation of Auto Sector Privacy: Are Other Sectors of the Economy Next?
Transactions & Cases