Data Privacy Law: Risks, Regulations and Compliance
The threats have never been greater, and the risks have never been higher. Data privacy and cybersecurity are paramount concerns for every organization, regardless of industry or whether they operate in the private or public sector. How can organizations best manage data according to the law, optimize processes to best manage risks, and ensure they are working to the letter of the law in the context of shifting, multinational legal frameworks? The Queen’s Law Data Privacy Law: Risks, Regulations and Compliance Intensive is essential for lawyers and non-legal professionals alike, running from October 27-29, 2025. Cost: $2,500 (see below for information on discounts and bursaries). Registration closes October 22, 2025.
REGISTER NOW!
Law Society of Ontario CPD Accreditation:
- This program contains (pending hours) of Professionalism Content
- This program contains 6 hour(s) and 0 minutes of Substantive Content
Develop your knowledge across a spectrum of issues
Over two and a half days, this program covers a wide range of legislative and practical topics, ensuring participants are abreast of the latest in legislative and technological developments in data privacy:
- Foundational principles and terms, and the legislative landscape of privacy and cybersecurity in Canada and internationally.
- Growing complexity of data breaches and their impact on organizations: legal and regulatory developments and legislative trends.
- Healthcare data privacy as a bellwether and source of best practices in broader data privacy and legislative frameworks
- Practical examples and insights that illustrate growing challenges and opportunities
- The impact of critical infrastructure on data privacy planning, and national and international legislative gaps
- The practical application of norms and “soft law” in the absence of regulatory frameworks or to strengthen governance when there are regulatory gaps
- How to integrate and embed privacy in best practices for risk management; operationalizing legal requirements in compliance frameworks
Got questions about the Data Privacy Law: Risks, Regulations and Compliance Intensive ? Contact us lawprofessionalcertificates@queensu.ca
Intensive at a glance
Who should attend
All learners are welcome to two full days of e-learning sessions, with no prior legal experience required.
This course is for both non-lawyer professionals and practicing lawyers. Diverse professional backgrounds are represented among our subject-matter experts – and encouraged among our students.
Fees
The fee for the Data Privacy Law: Risks, Regulations and Compliance Intensive is $2,500 and is payable upon acceptance of an offer of admission.
Are you part of a larger organization? Discounts are available for registrations of three or greater. Contact lawprofessionalcertificates@queensu.ca for details.
Members of non-profits, NGOs and education organizations are also encouraged to contact lawprofessionalcertificates@queensu.ca regarding discounts for community members.
Topics
- Introduction to Privacy and Cybersecurity, and the Role of the Regulators – This session will provide students with a high-level outline of privacy and cybersecurity topics. Students will consider ethics and the privacy trade-offs we make every day. This session will review the concept and principles of privacy law, including consent and personal information, and the recognition of privacy as a human right (and the evolution of privacy legislation in Canada. They will learn about the regulatory landscape (Canada and International) and understand the regulators’ perspective and their role. Key terms and topics in cybersecurity will also be covered. The second part of this session will provide a deeper dive into Canadian laws, highlight the main elements and gaps, and set the stage for debates about modernizing privacy legislation. Students will then walk through an overview of the international landscape including the European Union (“Brussels Effect”), China and the United States.
- Data Breaches and Legislative Trends – As data breaches become increasingly prevalent, the legal landscape governing breach notifications is rapidly evolving, with more stringent requirements being implemented across both federal and provincial levels. Breach notification is increasingly becoming a requirement in both public and private sector contexts. Further, the legal consequences of data breaches are changing. Next-generation data protection laws will give privacy commissioners greater powers to impose potentially significant administrative monetary penalties in some circumstances. A growing body of law is also emerging from a flood of class action lawsuits relating to data breaches. This session will explore the changing nature of data breaches as well as the evolving legal landscape in this area.
- Health Data – Health data is one of the most sensitive types of personal data and is needed to provide quality health care and for other purposes like research and quality control. This session will examine the role of healthcare institutions and the web of Canadian federal laws that exist to protect privacy in the healthcare context, discuss the role of the federal and provincial privacy watchdogs and will examine key cases from recent years.
- The World of Cyber Security and Privacy – Privacy and cybersecurity are often seen as separate domains, but in practice, they are deeply intertwined, especially as technological change accelerates. This session explores how privacy commissioners operate within their legislated mandates while navigating a complex, multilevel system shaped by international dynamics, national policy, and individual experience. From global tensions that pull cybersecurity and privacy apart, to individual realities where the distinction is blurred, the discussion will trace how design choices, business incentives, and regulatory frameworks influence this interplay.
- Regulatory Framework for Cybersecurity of Critical Infrastructure: Canadian and international Perspectives – Learn about cybersecurity threats to critical infrastructure i.e., attacks on vital societal functions that would impact major sectors. These sectors could include energy, financial institutions, communications, agriculture, healthcare, and supply chains. It will also provide perspectives on Bill C 26 and international legislation.
- The Role of Standards in Privacy and Cybersecurity – This session will explore the role of standards and standards development organizations in digital governance, i.e., privacy and cybersecurity, to manage ethical and effective use of technology across organizations and society.
- From Policy to Practice: Operationalizing Privacy for Risk Management – An overview of the intersections and interdependencies between privacy, security and data governance for the risk management of personal information, and what it takes to operationalize a privacy program. Students will participate in an interactive workshop to develop the elements of a privacy program and tips on how to leverage strategic partnerships (with security, business analysts, marketing, etc.) to make the most of limited resources.
Content experts
B. Courtney Doagoo
Senior Research Associate and Director of Strategy & Program Development, Centre for Law, Technology and Society, University of Ottawa
B. Courtney Doagoo is a legal scholar and consultant specializing in the intersection of law, technology, and society. She earned her PhD in Law from the University of Ottawa in 2017, where her interdisciplinary research used empirical methods to examine how intellectual property law and social norms operate within creative communities. Following her doctorate, she gained international experience as a legal intern at the World Intellectual Property Organization in New York, contributing to a joint UN initiative on gender and innovation. She later joined the Centre for International Governance Innovation as a postdoctoral fellow, conducting research on technology law with a focus on intellectual property, artificial intelligence (AI), and data governance. This strong academic foundation underpins Dr. Doagoo’s expertise in emerging technology policy and governance.
In her current role, Dr. Doagoo is a Senior Research Associate and the Director of Strategy and Program Development for the University Research Chair in Technology and Society and the AI + Society Initiative at the University of Ottawa’s Centre for Law, Technology and Society. In this capacity, she develops and leads research programs exploring the social, economic, and cultural implications of AI and other frontier technologies, with particular emphasis on the roles of law, norms, and public policycca-reports.. She works closely with multidisciplinary teams to shape innovative research projects and frameworks that address fast-moving technological challenges. Dr. Doagoo has also co-edited the book Intellectual Property for the 21st Century: Interdisciplinary Approaches (Irwin Law, 2014), a collaborative work examining modern IP issues across law, technology, and society. Beyond academia, she serves as an advisor to various initiatives – for example, she sits on the board of Dark Matter Labs (Canada) – reflecting her commitment to leveraging legal insight for ethical and inclusive technology development. Her dynamic leadership and cross-sector experience make her a sought-after expert at the forefront of technology law and society.
David Goodis
Partner, Privacy and Data Governance Practice, INQ Law
David Goodis is a seasoned legal expert with over thirty years of experience in privacy, data protection, and access-to-information law. He obtained his law degree from Western University and was called to the Ontario Bar in 1988. Mr. Goodis spent the bulk of his career with Ontario’s Information and Privacy Commissioner (IPC), where he held senior positions including Assistant Commissioner (Policy & Corporate Services), Director of Legal Services, and Manager of Adjudication. In these roles he was a leading regulator enforcing privacy and freedom-of-information laws, and he represented the IPC in high-profile proceedings at the Ontario Divisional Court, Court of Appeal, and even the Supreme Court of Canada. This extensive public service background endowed him with deep expertise in the application of privacy and access laws across government and public institutions.
Now a partner at INQ Law, Mr. Goodis continues to focus on privacy, data governance, and freedom-of-information matters in the private sectorinq.law. He is the author of the leading textbook on Ontario’s privacy and access legislation – the Annotated Ontario Freedom of Information and Protection of Privacy Acts (2020–2021 edition, Thomson Reuters) – which is the province’s only comprehensive guide to these laws. In addition to his practice, Mr. Goodis contributes to legal education as an adjunct professor, teaching administrative law and privacy law at Osgoode Hall Law School and the University of Toronto. He is widely recognized as a thought leader in his field, frequently quoted by major media outlets and invited to speak at industry conferences on privacy issues. Through his combined regulatory experience, scholarship, and teaching, Mr. Goodis has significantly shaped the development and understanding of privacy and information law in Canada.
Teresa Scassa
Canada Research Chair in Information Law and Policy; Professor of Law, University of Ottawa
Teresa Scassa is a leading academic in law and technology, holding the Canada Research Chair in Information Law and Policy at the University of Ottawa’s Faculty of Law. She earned her LLB. and BCL. degrees from McGill University and went on to complete an LLM. and a doctorate in law at the University of Michigan, establishing a strong foundation in both common law and interdisciplinary research. Dr. Scassa has written extensively on intellectual property, privacy, and digital technology law, and is esteemed for her ability to analyze legal issues arising from emerging technologies. She has authored or co-authored several influential books, including The Future of Open Data (University of Ottawa Press, 2022) and Artificial Intelligence and the Law in Canada (LexisNexis, 2021) as well as earlier works such as Canadian Trademark Law (2nd ed., 2015). Through these publications, Dr. Scassa has shaped policy discussions on topics ranging from data governance and open government to the legal implications of AI. Her scholarship bridges law and technology, often drawing on insights from other disciplines, and she has received recognition for her contributions – for example, she was awarded a 2024 national Privacy Leader award for her academic leadership in privacy law.
Dr. Scassa is equally distinguished by her active engagement in policy development and advisory roles. Her current research projects delve into the regulation of artificial intelligence, data governance, and the legal dimensions of data scraping and privacy in a data-driven world.. She is a member of Canada’s Advisory Council on Artificial Intelligence and has served on the Law Commission of Ontario’s panel for AI in the justice system, providing expert guidance on responsible AI deployment. In addition, she sits on working groups in Ontario focused on data policy and has been instrumental in national conversations around digital and open government. Dr. Scassa previously served on the External Advisory Committee to the Privacy Commissioner of Canada and the Canadian government’s Advisory Panel on Open Government, roles in which she helped shape transparency and privacy initiatives at the federal level. Through her research, publications, and public service, Dr. Scassa has become one of Canada’s preeminent voices on how law can adapt to and govern the rapidly evolving information society.
Amy Conroy
Associate Professor, Department of Medicine (Prevention Science), University of California, San Francisco
Amy Conroy is a behavioral scientist and public health researcher whose work centers on the intersection of relationships and health outcomes. She holds a PhD. in Health and Behavioral Sciences and an MPH. in Public Health from the University of Colorado Denver, following a BSE. in Biomedical Engineering from the University of Iowa. Dr. Conroy is currently an Associate Professor in the Division of Prevention Science at the University of California, San Francisco (UCSF). Broadly, her research seeks to understand and improve family and couple health in the context of HIV/AIDS and other health challenges. In particular, she investigates “dyadic” health behaviors – how the dynamics within couples influence outcomes such as HIV treatment adherence, alcohol use, and mental health. Her work employs theories from relationship science and utilizes mixed-methods and dyadic analysis techniques to capture how partners can jointly affect health behaviors and outcomes.
Dr. Conroy leads several notable research projects aimed at designing interventions for couples. Much of her research takes place in sub-Saharan Africa, where she has developed and tested couple-based approaches to reduce heavy alcohol use and to enhance engagement in HIV care in countries like South Africa and Malawi. She is also conducting an observational cohort study of couples living with both HIV and cardiometabolic conditions in Malawi, to inform integrated care models. In another project, she is piloting a couple-focused intervention for perinatal depression, reflecting her commitment to addressing mental health in the context of family. Dr. Conroy’s program of research has been continuously funded by the U.S. National Institutes of Health – including the NIMH, NIAAA, NHLBI, and NIAID – underscoring the significance of her work. She has published over 50 peer-reviewed papers in top scientific journals to date, advancing knowledge on how partner dynamics affect health. In recognition of her contributions, she received the Early-Career Excellence Award in Socio-Behavioral Research from UCSF’s Center for AIDS Research in 2021. Through her innovative interventions and prolific scholarship, Dr. Conroy is helping to reshape health strategies by harnessing the power of couple relationships in promoting better health outcomes.
Aaron Shull
Managing Director and General Counsel, Centre for International Governance Innovation
Aaron Shull is the Managing Director and General Counsel of the Centre for International Governance Innovation (CIGI), where he provides strategic leadership on law and policy issues at the intersection of technology and international affairs. He is a senior legal executive recognized for expertise in complex matters involving public policy, emerging technologies, cybersecurity, privacy, and data protectioncigionline.org. Mr. Shull’s academic background spans law and international affairs: he earned an LLB. (JD) from the University of Ottawa, graduating with first-class honours, and an LLM. from Columbia Law School as a Harlan Fiske Stone Scholar. He also holds a Master’s in International Affairs from Carleton University’s Norman Paterson School (with distinction) and a BA (Honours) in history and political science from the University of Waterloo, where he graduated top of his class. Before joining CIGI, Mr. Shull practiced law in various settings, focusing on international, regulatory, environmental law. He additionally taught courses at the University of Ottawa’s Faculty of Law and at Carleton University.
At CIGI, Mr. Shull plays a pivotal role in bridging research and policy. He has extensive experience building global networks of experts from government, academia, industry, and civil society to inform governance solutions. Notably, he recently spearheaded a high-profile research initiative called “Reimagining a Canadian National Security Strategy,” which convened over 250 multidisciplinary experts across Canada. This unprecedented project produced a series of key policy recommendations to help the Government of Canada address evolving security threats in the digital age. The effort has been well received by senior officials and has spurred national conversations on modernizing security and intelligence practices. As Managing Director, Mr. Shull continues to oversee a portfolio of programs on topics such as global platform governance, digital economy, and cybersecurity. He frequently advises policymakers and contributes to public dialogue on governance in an era of rapid technological change. Through his leadership at CIGI and his cross-cutting expertise, Mr. Shull is helping to shape innovative approaches to international governance challenges in Canada and beyond.
Matt Malone
Assistant Professor of Law, University of Ottawa; Director, CIPPIC
Matt Malone is an Assistant Professor at the University of Ottawa’s Faculty of Law and serves as Director of the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC). An expert in information law, Professor Malone’s research centers on how the law protects and regulates secret information in its many forms – including trade secrets, confidential business information, government access to information, privacy, and cybersecurity. He brings a diverse perspective to this field, having been called to the bar in British Columbia, California, and New York. Professor Malone completed a Bachelor in Arts at the University of Toronto, an MA at the Hebrew University of Jerusalem, and dual common law/civil law degrees (LLB/BCL) at McGill University. After law school, he practiced technology and corporate law in the United States with firms such as Morrison & Foerster in Californiauottawa.. He began his academic career as an Assistant Professor at Thompson Rivers University Faculty of Law before returning to Ottawa to join the faculty, contributing both practical and scholarly expertise to his teaching and research.
In addition to his academic roles, Professor Malone is an advocate for transparency and open government. He is the founder of “Open by Default,” an initiative aimed at promoting transparency and access to information in Canada’s public institutions. Under his leadership at CIPPIC, he engages in public interest research and advocacy on digital rights, including privacy and cybersecurity issues. Professor Malone has quickly built a substantial body of work; in 2023, he published two books that showcase the breadth of his interests. The first, We Have Received a Complaint: The Fraught World of Workplace Justice (Sutherland House, 2023), examines the legal and ethical dimensions of workplace investigations. The second, The Law of Trade Secrets and Confidential Information in Canada (LexisNexis, 2023), provides a comprehensive analysis of how Canadian law protects confidential business information. He has also written numerous journal articles and policy papers on data governance, cybersecurity, and information law. Through these efforts, Professor Malone is shaping discourse on how to balance transparency, innovation, and security in the digital era, while training the next generation of tech-savvy lawyers.
Keith Jansa
Chief Executive Officer, Digital Governance Council
Keith Jansa is the Chief Executive Officer of the Digital Governance Council (DGC), where he leads national efforts to advance digital governance and standardization in Canada. With over 15 years of experience spanning the public, private, and non-profit sectors, Mr. Jansa is a specialist in the creation and strategic application of standards for emerging technologies. As CEO, he works closely with senior leaders across industries and government to address the challenges of rapid digital transformation. His mandate is to safeguard Canadians participating in the digital economy and to strengthen Canada’s position in an increasingly digital world. Mr. Jansa is known for his innovative, collaborative approach to developing governance frameworks that keep pace with technological change. Under his leadership, the DGC (formerly the CIO Strategy Council) has gained recognition as a preeminent technology leadership organization, in part due to its ability to devise forward-thinking standards that fill gaps faster than traditional lawmaking processes.
Beyond his role at the Council, Mr. Jansa actively contributes his expertise to government policy initiatives. He is a provincially appointed member of the Ontario Health Data Council and chairs that body’s working group on Data Governance and Data Stewardship, helping to shape strategies for the use of health data. He also serves on the Information and Privacy Commissioner of Ontario’s Strategic Advisory Council, advising the provincial regulator on privacy and data protection issuestheincmagazine.com. In addition, Mr. Jansa is a member of Ontario’s Trustworthy AI Framework Working Group, reflecting his engagement with ethical AI deployment. As a respected expert, he has been called to testify before parliamentary committees and senate hearings on topics of digital policy, providing insights that inform Canadian legislative developments. Mr. Jansa’s academic background includes a degree in Health Sciences from the University of Ottawa, which complements his understanding of data issues in sectors like healthcaretheincmagazine.com. Through initiatives such as leading the development of nationally accredited standards for digital technologies, he has directly influenced how Canadian organizations implement secure and responsible digital practices. Keith Jansa’s work is at the forefront of creating a secure, interoperable, and innovative digital ecosystem, making him a key figure in Canada’s digital governance landscape.
Sophia Muller
Founder and Principal Consultant, Nomos Consulting Inc.
Sophia Muller is the founder of Nomos Consulting Inc., where she specializes in privacy, data protection, and data ethics advisory services. She holds a PhD. in law from the University of Ottawa, which gives her a deep understanding of legal frameworks governing information and technology. Dr. Muller has over a decade of experience as a privacy professional, both as an in-house practitioner and an external consultant, guiding organizations through complex regulatory landscapes. Her background combines academic rigor with practical expertise: during her doctoral research she explored the intersection of law, technology, and societal values, and she has since applied that knowledge to help businesses and public institutions navigate evolving privacy requirements. Dr. Muller is a Certified Information Privacy Professional and was designated a Fellow of Information Privacy (FIP), reflecting her recognized credentials in the field.
In her consulting practice, Dr. Muller works with clients across various industries to build robust privacy and data governance programs. She is a strong proponent of “Privacy by Design,” ensuring that data protection principles are embedded from the outset in new projects and system. Her firm assists organizations with a range of services, including privacy risk assessments and Privacy Impact Assessments (PIAs), personal data inventory and mapping exercises, and the development of policies and procedures to comply with laws like Canada’s federal privacy statutes and anti-spam legislation (CASL). Dr. Muller’s hands-on approach often involves leading cross-functional teams – from IT to legal to business units – to implement practical solutions for data consent management and to automate processes such as Data Subject Access Request. By aligning legal requirements with organizational objectives, she helps clients not only achieve compliance but also build trust with stakeholders. In addition to her client work, Dr. Muller contributes to the broader privacy community: she speaks frequently at cybersecurity and privacy conferences and stays engaged with policy discussions on data ethics. Her combination of advanced legal knowledge and real-world implementation experience makes Dr. Muller a trusted advisor for organizations striving to manage data responsibly and ethically in an era of big data and AI.