Privacy that holds up
under scrutiny.
Canadian privacy law is in a substantial reset. New federal legislation, expanding provincial regimes, and emerging AI rules are reshaping what businesses have to do with personal data. We help you keep up.
The practice, in brief.
Canadian privacy law is in a substantial reset. Federal reform, expanding provincial regimes, CASL enforcement, and emerging AI-governance frameworks have widened the gap between many organizations' current posture and what the law now expects.
VanWest Law advises Canadian businesses on the full lifecycle of personal information: what is collected, how it is used, with whom it is shared, what is communicated to the data subject, and what is required in the event of an incident. Advice is provided in writing, on a matter-specific basis, and calibrated to the regulatory regimes that actually apply.
The work, in detail.
Privacy policies & notices
Privacy policies, cookie notices, employee privacy notices, and consent flows that actually map to your business — not boilerplate that doesn't describe what you do.
PIPEDA & provincial compliance
Compliance reviews against PIPEDA, Quebec's Law 25, BC PIPA, Alberta PIPA, and the incoming federal reform. Gap analyses with prioritized remediation.
CASL & marketing rules
Express and implied consent frameworks, unsubscribe mechanics, record-keeping, and how to run marketing programs that don't generate enforcement risk.
Data-handling reviews
Where data lives, who touches it, how it leaves your perimeter. We help you map it, document it, and tighten the parts that need tightening.
Breach response & notification
If something happens, you need counsel quickly. We help with the regulator notification analysis, the affected-individual notice, and the lessons-learned writeup.
AI & emerging-tech governance
AI-acceptable-use policies, vendor diligence on AI tools, model-input data review, and preparation for incoming AI governance frameworks at the federal and provincial level.
The right fit.
The firm accepts engagements where it can deliver the highest standard of work. Matters outside this scope are referred or supported through trusted external counsel.
- Small and mid-sized Canadian businesses handling customer or employee personal information.
- SaaS, fintech, and AI-forward companies whose product is built on data handling.
- Healthcare-adjacent, education-adjacent, and HR-tech vendors with elevated sensitivity.
- Marketing and e-commerce operators running consent-based outbound at scale.
- Boards and leadership teams wanting written, defensible privacy posture documents.
From first call to final invoice.
Discovery
A working session to understand the business, the data flows, and the regulatory regimes that apply. We document what we find.
Gap analysis
Where you stand vs. PIPEDA, CASL, applicable provincial law, and best practice. Prioritized — not everything is equally urgent.
Remediation
Drafted policies, consent flows, employee training notes, vendor clauses, and breach playbooks. Plain English, with the legal precision where it matters.
Ongoing counsel
When a new product, vendor, or regulator question lands, we're a phone call away — not a rebuild from scratch every time.
What pairs well with this work.
Matters rarely sit in a single category. Files that cross practice areas are either handled directly by the firm or coordinated with trusted external counsel so nothing is missed.
Book a consultation