Skip to content.


Combining a national presence and cross-practice approach across industries, the Cyber/Data Group offers a 360° view of data and cyber strategy to deliver legal and business solutions that mitigate risks and unlock value-generating potential.

Data and digital trust are the new currency in business. With data breaches costing organizations a global average of $3.92 million[i] per incident and its long-tail costs and lost revenue greatly impacting highly regulated sectors, such as healthcare, finance and energy, data and cyber preparedness have moved beyond privacy and IT to enterprise-wide risk.

With immense experience in privacy, data protection and cybersecurity and a track record in advising key sectors on critical issues in novel and complex areas of law, McCarthy Tétrault’s Cyber/Data Group can help you navigate the privacy and data landscape to leverage the value of data, develop responsible AI practices, protect your organization’s assets and cement customers’ and clients’ digital trust.

Our integrated multi-disciplinary team works seamlessly across borders, advising global organizations through some of the largest cybersecurity incidents and regulatory investigations in Canadian history and is changing the state of Canadian privacy, cybersecurity and data law like no other firm.

Why McCarthy Tétrault

  • Unparalleled Bench Strength – Our multi-disciplinary team includes top-tier commercial and regulatory lawyers, top-ranked litigators and legal innovators to give you comprehensive legal and business solutions across practices and sectors.

  • Integrated Team  Our Cyber/Data Group works collaboratively across practices, industries, regions and borders. For example, working with practice groups like the Competition Law Group to advise global companies in cutting edge competition law matters relating to data or in tandem with industry groups such as Technology and Retail & Consumer Markets on industry-specific matters.

  • Legal Thought Leaders – As cyber and data experts, members of the Cyber/Data Group are regularly asked to lead eminent associations, such as the iTech Law Association, contribute to publications, including Responsible AI: A Global Policy Framework, Technology Governance in a Time of Crisis and the Canadian chapter of the Global Privacy and Security Law, and speak at global privacy, data and cybersecurity conferences.

  • Unrivaled Capabilities – A unique offering from Canada’s most innovative law firm, recognized by Financial Times Most Innovative Lawyers, our Cyber/Data Group leverages people, processes and technology to work seamlessly with our market-leading MT>Divisions, including our e-Discovery and information governance division MT>3 and our legal translation division MT>Version.

  • Leading Litigators – Working with the Cyber/Data Group, McCarthy Tétrault’s Band 1 ranked Class Action Group is second to none in the country with experience and expertise in data breaches and alleged privacy violations.

Selected Services

  • Cyber breach response and cyber readiness including our Incident Response & Readiness Plan Review solution

  • Privacy and data protection compliance programs

  • Regulatory investigations and complaints (privacy commissioners in all jurisdictions across Canada, the Competition Bureau, and the CRTC)

  • Data trusts, data sharing and data licensing agreements

  • Identity management

  • Responsible AI

  • Information governance

  • Protection of data litigation (scraping, breach of confidence, copyright compilations)

  • Class action defense

  • Competition law

  • Cyber insurance advising

  • Cyber due diligence in context of transactions (impact of breach on valuations, risk factors etc.)

  • Anti-spam compliance

Selected Experience

  • Advising a leading Canadian financial services company on its response to the largest financial services sector data breach in Canadian history.

  • Assisting a leading Canadian health services provider, regarding its response to the largest data breach in Canadian history.

  • Acted for major Canadian retailers regularly advising on multi-jurisdictional privacy and data-related issues in relation to their operations throughout Canada.

  • Advising a participant in the $250 million SCALE.AI supercluster initiative to bring artificial intelligence enhanced solutions to help solve complex supply chain management challenges.

  • Advising a leading national retailer in relation to the development of a new, AI-enhanced, integrated e-commerce platform, warehousing (automated pick and pack) and logistics platform to serve third-party retailers.

  • Advising leading pharmaceutical company to develop and implement a responsible AI governance policy.

  • Assisting a leading public sector utility to develop and implement a data anonymization policy as part of a strategic lake project.

  • Acting for a leading Canadian insurance company on both data breach/cyber incident response and the subsequent investigations by privacy commissioners.

  • Acted for Home Depot on both the regulatory and the multi-jurisdictional class action proceedings in Canada with respect to the data breach affecting 54 million North Americans. We were successful in convincing the federal privacy commissioner that the retailer had not violated Canadian privacy laws, and in settling the class action at minimal cost ($250,000 settlement).

[i] Ponemon Institute, 2019 Cost of a Data Breach Report.


Artificial Intelligence, Law Over Borders Comparative Guide 2022

Artificial Intelligence, Law Over Borders Comparative Guide 2022

Giving clarity to the shifting AI regulatory landscape, McCarthy Tétrault has written a chapter in the first edition of Artificial Intelligence, Law Over Borders Comparative Guide 2022. This publication is one of the first to provide a multijurisdictional perspective on the most recent developments concerning the implementation of nascent AI regulatory frameworks.

Download the publication here

iTechLaw AI Green Paper – The EU AIA

iTechLaw AI Green Paper – The EU AIA

Charles Morgan, alongside an extraordinary group of ITechLaw Association thought leaders, published Responsible AI: The EU AIA: Green Paper Policy Analysis A Global Policy Framework, a commentary on the forthcoming EU European Commission Artificial Intelligence Act (AIA). A product of work from 34 lawyers in 32 law firms across 14 international jurisdictions, the report is intended as a companion guide to ITechLaw’s Responsible AI Framework and is a formal benchmarking of the EU's AIA against ITechLaw's own Responsible AI Principles.

Download the report here

Data Altruism: Data Serving the General Interest

Data Altruism: Data Serving the General Interest

*Currently available in French only*

As board member of the Institute of Technology for Humanity - Montreal , Charles Morgan participated in a working group that drafted the report “Data Altruism: Data Serving the General Interest” published by Human Technology Foundation (HTF) and Sopra Steria Next. The detailed report explores the various “success factors” that will help leverage and amplify the societal benefits of the nascent “digital altruism” regime under the EU Data Governance Act.

Download the Report

2021/2022 Cyber/Data Outlook: Getting Ahead of the Curve on Privacy, Data, and Cybersecurity

2021/2022 Cyber/Data Outlook: Getting Ahead of the Curve on Privacy, Data, and Cybersecurity

Download 2021/2022 Cyber/Data Outlook: Getting Ahead of the Curve on Privacy, Data, and Cybersecurity

Global Privacy & Security Law (Canada Chapter)

Global Privacy & Security Law (Canada Chapter)

Global Privacy and Security Law provides a thorough and practical explanation of the different aspects of information privacy and security, the major drivers that shape the development of modern data protection laws, and clear analyses of the specific regulations of key countries around the world.

Canada Chapter authored by Cyber/Data Co-Lead, Daniel Glover.

Learn more

Responsible AI: A Global Policy Framework

Responsible AI: A Global Policy Framework

An in-depth review of the eight policy principles related to ethical guideposts that encourage the responsible development, deployment, and use of artificial intelligence.

Book edited and co-authored by Cyber/Data Co-Lead, Charles Morgan.

Learn more

Cybersecurity Risk Management: A Practical Guide for Businesses

Cybersecurity Risk Management: A Practical Guide for Businesses

Where there is data, there is the potential for data loss. How an organization prepares for and manages a data incident will have a measurable impact on the outcome. A data incident that could potentially cost millions of dollars and shatter an organization’s reputation can, if handled effectively, be brought under control and have a significantly reduced impact.

Request a copy now

Anti-Spam Toolkit

Anti-Spam Toolkit

Designed to help you understand the law and adapt your business where necessary, as well as helpful tools to use in compliance programs to assist your legal team with compliance efforts.

Learn more


" McCarthy Tétrault’s depth as a firm allows it to call on the right experts to deal with the most challenging of data, security, privacy issues – legal and business – without delay. It has the resources to ensure we are protected. "
Client which has enlisted the firm on data licensing matters
" McCarthy Tétrault is meticulous, responsive and deeply strategic. When enterprise-threatening incidents occur, it knows what to do in the moment and sees ahead. "
Client who has worked with the firm on regulatory investigations and litigation following a major cyber breach
" It understands our strategic concerns is creative in formulating solutions to difficult problems. It does very good work and is effective in coordinating globally with other firms working on similar issues. "
Social media company