Caroline Deschênes

• Personal Information and Data Protection
• Litigation and Dispute Resolution
• Internal and Regulatory Investigations, Compliance and White Collar Defence
• Civil and Commercial Litigation
• Class Actions

• Technology
• Financial Institutions and Services
• Governments, Public Services and Organizations
• Health and Life Sciences

Class actions

Defended an international company in a class action arising from a data breach following a security incident.

Cybersecurity

Advises businesses and public bodies on all aspects of confidentiality incidents, including putting in place an action plan, assessing the risk of harm and disclosure to regulators and the individuals concerned.

Protection of personal information

Advises public bodies and businesses of all sizes on putting in place and implementing a compliance program regarding the protection of personal information.

Access to information

Represents businesses and public bodies regarding all aspects of access to information (including responses to access requests, applications for review, and defending third parties whose confidential information is targeted by an access request).

• Canadian Legal Lexpert Directory – Data Protection and Privacy, 2022-2025
• Best Lawyers in Canada – Privacy and Data Security Law, 2022-2025
• John Williamson Frederick Peacock Memorial Scholarship, awarded to a McGill student with a good academic record in order to pursue graduate studies abroad, 2005
• Dean’s Honour List, McGill University's Faculty of Law, 2001-2004
• Allan Neil Assh Memorial Award, awarded to the student with the highest standing in the Business Associations course, 2004
• Hans Hermann Oppenheimer Scholarship, awarded to a student who has shown particular promise in the field of public international law, 2003
• Harry Batshaw Prize, awarded to the student with the highest standing in the Foundations of Canadian Law course, 2001

• Canadian Bar Association:
  • Member, since 2007
  • Member of the Executive Committee of the Privacy and Access Law Section, since 2018
  • Chair of the Executive Committee of the Privacy and Access Law Section, 2022-2023
• International Association of Privacy Professionals (IAPP), Member, since 2016
• Advisory Committee on the revision of the Act Respecting the Protection of Personal Information in the Private Sector, Participant, 2017-2019
• École primaire Saint-Laurent, Member of the Governing Board, since 2023

• Co-author: “Use of biometric data: Québec’s Privacy Commissioner keeps the bar high”, January 28, 2025.
• Co-author: “Information security incident management: A new regulatory framework for financial institutions and credit assessment agents”, October 28, 2024.
• Co-author: “AI back in the regulatory spotlight: California passes new legislation”, October 25, 2024.
• Co-author: “The right to portability: new obligations for businesses and public bodies – Update”, September 23, 2024.
• Collaborator: “Québec - Data Protection Overview | Guidance Note”, DataGuidance, May 2023.
• Author: “Personal information protection: a busy summer”, July 22, 2022.
• Co-author: “Le premier jugement au fond au Canada en matière d’action collective portant sur la protection des renseignements personnels est maintenu par la Cour d’appel” [The Appeal Court confirms the first decision rendered in Canada on the merits of a privacy class action], June 10, 2022.
• Author: “Protection of personal information: Public bodies must also be prepared to meet new requirements”, October 22, 2021.
• Author: “Protection of personal information: Three-year phased implementation after Bill 64 receives assent”, September 21, 2021.
• Collaborator: “Quebec: Quebec’s privacy legislation is growing teeth – What businesses need to know before they get bitten”, DataGuidance, September 2021.
• Author: “White paper on modernizing privacy protection in Ontario”, July 27, 2021.
• Co-author: “A step towards the right to be forgotten: a developing story”, July 22, 2021.
• Author: “The mobility, use and protection of government digital data”, July 21, 2021.
• Author: “Protection of personal information: main takeaways one year later”, July 7, 2021.
• Co-author: “Privacy rights at the frontier of the burden of proof of injury”, June 15, 2021.
• Co-author: “Digital Charter Implementation Act, 2020 (Bill C-11) – Overview of changes to the applicable regime”, November 27, 2020.
• Co-author: “Privacy protection in Quebec: an overview of amendments to the law governing the private sector”, June 26, 2020.
• Author: “2020: the year of modifications to the Canadian and Quebec laws on protection of personal information”, January 21, 2020.
• Co-author: “Being the Victim of an IT Security Breach Is Not Enough to Claim Damages”, October 15, 2019.
• Co-author: “Le RGPD et le régime canadien de protection des renseignements personnels : quelles sont les différences?” [Differences between the GDPR and the Canadian privacy framework], newsletter, Soulier Avocats, March 2019.
• Co-author: “Cyber-risques : la gestion d’un incident de sécurité” [Cyber-risks: managing security incidents], Développements récents en enquêtes internes et réglementaires, Québec Bar, Éditions Yvon Blais, Vol. 457, 2019.
• Author: “Five steps to minimize privacy class action”, Canadian Lawyer, November 5, 2018.
• Co-author: “The New Mandatory Data Breach Reporting Regimes: Four Key Elements”, October 29, 2018.
• Author: “The GDPR: 5 Myths Dispelled”, July 16, 2018.
• Author: “Ce que les entreprises canadiennes devraient savoir au sujet du RGPD” [What Canadian companies should know about the GDPR], 2018.
• Author: "Mandatory privacy breach reporting requirements coming into force in Canada November 1st”, 2017.
• Author: “The CRTC determines that Canada’s Anti-Spam Legislation is constitutional and reduces the first penalty handed out under the legislation to $200,000”, 2017.
• Author: “Draft mandatory data breach reporting regulations released for comment”, 2017.

• Panelist: L’anonymisation des renseignements personnels au Québec : piste de conformité technologiques et pratiques 101 pour juristes [Anonymisation of personal data in Québec: Technological and practical compliance 101 for lawyers], as part of the Développements récents en matière de protection des renseignements personnels et droit de l’intelligence artificielle, Barreau du Québec, Montréal, March 4, 2025.
• Moderator: Biometrics in use – how to stay on the right side, panel as part of the CBA Privacy and Access Law Conference, presented by the Canadian Bar Association Privacy and Access Law Section, Ottawa, November 7, 2024.
• Moderator: The Regulators’ Perspective, CBA Privacy and Access Law Symposium, Ottawa, November 10, 2023.
• Speaker: Navigating the Data Privacy World: Quebec Charts a New Journey for Businesses, IAPP Canada Privacy Symposium, Toronto, May 26, 2022.
• Speaker: Protection des renseignements personnels : se préparer à la Loi 25 [Privacy: Getting ready for Québec Law 25], presented in collaboration with the Québec Bar, webinar, March 24, 2022.
• Speaker: Loi 25 sur la protection des renseignements personnels : considérations techniques au-delà des enjeux juridiques [Technical considerations on Québec Law 25], Langlois Knowledge, webinar, March 23, 2022.
• Speaker: Canada Privacy – Updates on Laws and Regulatory Developments, presented in collaboration with OneTrust, webinar, September 16, 2021.
• Speaker: Quebec Privacy Law Reform – What Businesses Need to Know, Privacy Symposium Online organized by IAPP Canada, webinar, June 21, 2021.
• Speaker: Update on Canadian Privacy Landscape, presented in collaboration with the Canadian Bar Association, webinar, June 3, 2021.
• Co-speaker: Se préparer à la réforme des lois protégeant les renseignements personnels et la vie privée [Preparing for new privacy legislation in Québec], Langlois Knowledge, webinar, January 13, 2021.
• Co-speaker: Se préparer à la réforme de la loi encadrant la protection des renseignements personnels au Québec [Preparing for the reform of the law governing personal data protection in Québec], Langlois Knowledge, webinar, November 19, 2020.
• Speaker: Privacy in Québec, Access to Information and Privacy Law Annual Symposium organized by the Canadian Bar Association, Ottawa, October 19, 2019.
• Co-speaker: Cyber-risks: managing a security incident, Développements récents en droit des enquêtes internes et réglementaires, Québec Bar, April 12, 2019.
• Speaker: Deuxième symphonie d’affaires | RGPD : les 100 premiers jours [Second Symphony | GDPR: The First 100 Days], Symphonie d’affaires workshop series, Langlois Knowledge, Montréal, September 26, 2018.
• Co-speaker: Les cyber-risques [Cyber-Risks], Langlois Knowledge, Montréal, October 12, 2018.
• Co-speaker: Demystifying the GDPR for Quebec enterprises, eCommerce Québec, Montréal, October 5, 2018.
• Speaker: GDPR 101: What Canadian businesses need to know about the new European Regulation, Langlois Knowledge, 2018.
• Speaker: Cybersecurity: a legal kit to prepare for the inevitable, GoSec Conference, Montréal, 2017.
• Speaker: Big Data and The Internet of Things, Montréal, 2016.

LL.M., University of Cambridge, 2006

B.C.L./LL.B., with Great Distinction, McGill University, 2004