Kirsten Thompson is a partner in our National Technology Group, and leads the firm’s national Cybersecurity, Privacy and Data Management group. She has both an advisory and advocacy practice, with a focus on providing privacy, data security and information governance advice to clients in a wide variety of industries.
Kirsten's work has focused most recently on the data aspects of financial technology, advising both fintechs and incumbents on data-driven innovation strategies in the financial services sector; including:
- loyalty program development and integration;
- mobile payment platform implementation and integration into Internet of Things connected devices, including consumer devices, civic infrastructure and vehicles;
- de-identification, anonymization and aggregation approaches (including “screen scraping” and API technologies) in complex regulatory environments;
- the development of alternative credit risk models; and
- the development of insurtech and regtech solutions.
She is one of Canada’s leading experts on “Open Banking” and the implications of PSD2 and related regulatory initiatives (e.g. competition, privacy, etc.) affecting the aggregation and use of customer information in the context of financial services. She competed in the Ontario Securities Commission hackathon in 2016 where her team developed a student loan repayment “gamification” solution that leveraged both the UK Open Bank Project open source API and test customer data available in the Open Banking Working Group sandbox and student loan information made available on the Government of Canada’s Open Government Portal.
Kirsten has also advised on enterprise-wide “big data” projects, from the initial defensible destruction, digitization and data cleaning through to the development of legal and ethical frameworks to guide the use of data analytics (including predictive analytics). She is working with her colleagues on developing a similar framework for the uses of data in artificial intelligence applications.
Kirsten was an early supporter of blockchain, and has been engaged in a number of consultations and pilot projects involving the application of blockchain to identity and authentication issues (including sovereign identity), business licencing processes, and the tracking of goods/food/drugs through global distribution chains. She has worked with several organizations on “smart contract” projects, and is interested in the possibilities of blockchain for payment security and commercial data security.
She has worked extensively in the “Internet of Things” area and has advised two leading automakers on the consumer-facing agreements with respect to their connected and semi-autonomous vehicles, and several companies in respect of their autonomous aerial vehicles (aka “drones”) and wearable devices. A number of her projects have included the application and implementation of Privacy by Design (PbD) principles and the Data Protection by Design and by Default concepts in Article 25 of the GDPR, as well as other international best practices.
She advises clients on the increasingly significant informational elements of business transactions. She also assists clients navigating the legal and privacy requirements of new products and technologies, as well as provides compliance advice both within and across jurisdictions (PIPEDA, ePrivacy, GDPR, etc.). Additionally, she has advised both provincial and national employers on HR privacy issues and helps clients and boards in developing policies and practices around information retention, social media, surveillance, biometrics, marketing and telematics, including conducting privacy audits and information governance risk assessments.
She helps clients prepare for and manage information crises such as data breaches, investigations and class actions, and has advised financial institutions, insurers, health care providers and provides of critical infrastructure on cybersecurity preparedness and response planning. She has been lead Canadian counsel on some of the largest North American data breaches and has been selected as preferred cybersecurity counsel by a number of Canada’s leading financial institutions and insurance providers.
Prior to re-joining the firm, she was in-house counsel at a North American technology company where she was responsible for both the business and legal aspects of information management.
Kirsten regularly speaks and writes on substantive matters of law and procedure, as well as being a regular contributor to a variety of legal and popular magazines. Her publications have been cited by the Supreme Court of Canada and the Quebec Superior Court. She is Editor-in-Chief of the firm’s privacy, cybersecurity and data management blog, CyberLex. Recently, she co-authored From Chatbots to Self-Drivings Cars: The Legal Risks of Adopting Artificial Intelligence in Your Business, part of the firm's Transformative Technologies series of White Papers.
Since 2016, Kirsten has been ranked in Chambers Canada: Canada's Leading Lawyers for Business as a leading lawyer in the area of Privacy and Data Protection.
Prior to obtaining her law degrees, she obtained her B.Sc. from the University of Calgary and her B. Journalism (Hons.) from Carleton University. She also holds a specialized Certificate in E-Discovery from Osgoode Hall and is a Certified Information Systems Security Professional (CISSP) (pending).
She is a member of the Canadian Bar Association, the Advocates’ Society, International Association of Privacy Professionals, the Guild of Sommeliers, and is on the Board of IT.CAN and Women’s College Hospital. She is proficient in HTML, CSS, Ruby and Python, an assertion real developers find amusing.