overview
Lyndsay is the Co-Chair of McMillan’s Privacy & Data Protection Group and its Cybersecurity Group. She is a Certified Information Privacy Professional/Canada, and regularly advises and assists clients on a broad range of privacy and cybersecurity issues, including advising on access requests, legal requirements related to data security, workplace privacy issues (e.g. background checks, computer/video/phone monitoring, GPS tracking, drug and alcohol testing), handling personal health information, CASL compliance, and transferring personal information across borders, as well as helping organizations to develop privacy compliance programs, privacy and social media policies, data sharing agreements and consent forms.
Lyndsay has extensive experience advising and representing clients in connection with privacy and data breaches involving different types of information including payment card information, patient data, employee personal information, and sensitive identity information. She has assisted clients in a number of industries with risk assessment, breach response strategy, complying with notification obligations, communication with regulators and coordinating forensic investigations.
Lyndsay also advises and assists management with respect to all areas of employment, labour, pension and benefits laws, including advising on hiring, performance management, employment standards, human rights laws and employment terminations, as well as drafting or reviewing employment contracts, compensation plans and employment policies. Lyndsay advocates for clients in wrongful dismissal actions, human rights applications, workers' compensation claims, complaints to the Ministry of Labour, and matters before the Ontario Labour Relations Board and the Canada Industrial Relations Board.
In addition, Lyndsay regularly provides advice and assistance to vendors and purchasers with respect to the privacy and employment aspects of corporate transactions, including negotiating the terms of purchase agreements, evaluating issues in the transactions, and drafting offer letters and other contracts for transferring employees.
Lyndsay regularly writes and speaks on privacy and employment-related topics, and is the co-author of Privacy in the Workplace, 4th ed. and the Privacy chapter in the Ultimate Corporate Counsel Guide (CCH).
Representative Matters
Corporate Transactions
- Acted for Roseburg Forest Products, in connection with its first international acquisition of Pembroke MDF, an Ontario MDF and molding facility.
Cases
- Harper v Ludlow Technical Products Canada Ltd, 2011 CanLII 73172 (ON LRB)
- Critical Path Couriers Ltd., 2011 CIRB 604 (CanLII)
Presentations
Data Breaches & Cybersecurity Incidents: The Legal Guide to Preparedness and Response
Privacy Best Practices
Global Privacy Compliance Seminar
General Data Protection Regulation (GDPR), Product Liability, and Recalls
Privacy Laws & Enforcement
Investing in the Canadian AI Ecosystem
The Evolving Landscape of Cybersecurity Law in Canada: new breach notification obligations and guidance from the regulators
IAPP Canada Privacy Symposium 2018
FinTech Regulation and Privacy
Privacy Law Update
Legal Implications of Cybersecurity
Privacy Law Update
Current Issues in Privacy Law and CASL
Cybersecurity Landscape in 2015 – Recent Trends and Developments
Drafting Employment Contracts
Privacy in the Workplace
Workplace Privacy - Social Media Checks
Social Media Background Checks in Canada - Do the Risks Outweigh the Rewards?
Preventing and Responding to Privacy Breaches in the Workplace
Privacy 102: Identifying and Developing Role-Specific Privacy Education
Employee Privacy
Summary Judgment and Mini Trials in Employment Law Cases
Summary Judgement and Mini Trials in Employment Law Cases
Publications
International Comparative Legal Guide (ICLG) - Cybersecurity Canada 2021
Another Leap Forward for Canadian Privacy Laws
Reporting and Recording Breaches of Security Safeguards – The OPC releases new resources for businesses
Privacy Penalties – Canadian Competition Bureau Wades Into Privacy Enforcement
How Should AI be Regulated in Canada? Speak now, or forever hold your peace!
IIROC Introduces Mandatory Reporting of Cybersecurity Incidents for Dealers
OPC Maintains Status Quo on Transborder Data Flows...At Least for Now!
"Gonna stand my ground; And I won't back down"¹ – The OPC charges forward with its controversial consultation on transborder dataflows/transfers for processing
Proposed Digital Charter Could Bring Sweeping Changes to Canadian Privacy Laws
Is Data Residency Coming to Canada? The OPC Signals a Major Change to its Policy Position on Transborder Dataflows
The Privacy Commissioner's Guide to Protecting Personal Information in Cannabis Transactions
A $250,000 Reminder that "CASL" is Not Just an Anti-Spam Law
PIPEDA – How to Obtain "Meaningful" Consent, and When Consent is Not Enough
PIPEDA's Breach Reporting Requirements Finalized, to Come Into Force November 1, 2018
Employee Privacy Guidance Note - Canada
Employee Monitoring (Canada), Practice Note Practical Law (Revised from May 11, 2017)
Prying Eyes: Risk of Employee ‘Snooping' and How to Reduce it
Cybersecurity – The Legal Landscape in Canada
Supreme Court of Canada Turns the Other Cheek: Facebook's "Terms and Conditions" – Forum Selection Clause Unenforceable
CASL Private Right of Action Delayed; Enforcement by CRTC Continues
Data protection in the field of employment in Canada
Privacy in the Workplace, 4rd Edition
Canada - Employee Privacy Guidance Note
Are You Ready for CASL's Private Right of Action?
Privacy Practice Note for LexisNexis Practice Advisor Canada
Ontario's Pooled Registered Pension Plans Act Takes Effect
McMillan Cybersecurity Article Series
Speak Now: Consultation on Solvency Funding for Defined Benefit (DB) Pension Plans
The GDPR – Key Points for Canadian Businesses
Privacy Alert: Proliferation of Access Requests as New Tools Automate Request Generation and Distribution
Cybersecurity and the Internet of Things
Privacy and Cybersecurity Issues in Canadian M&A Transactions
Introducing Safe Harbour 2.0: the EU-US Privacy Shield
Can you keep a secret? The courts recognize a new tort for public disclosure of private facts
Safe Harbour Not Safe Enough: Data Transfers From E.U. To U.S. Out To Sea
Ashley Madison – A new era in privacy class actions for Canada?
Access Requests
Cloud Computing
Flag on the Play?
Recent Disclosure of NFL Player's Medical Information Sparks Allegations of Privacy Violations
More Changes to Cyber Security Laws on the Horizon?
McMillan Privacy Basics Bulletin Series
Data Protection Agreements
Ought We Fear the Time Of Year? Summer Dismissals May Warrant Longer Notice Periods
Breach Response Plans
Cybersecurity
Privacy Training
PIPEDA Changes Finally Pass
Privacy Programs
Privacy Policies
Bell Gets a Bad Rap for its RAP (Relevant Advertising Program)
Monitoring the Mayor – B.C. Mayor alleges that computer monitoring violated his privacy
Off-Colour/Off-Duty – Termination of Hydro One Employee Garners Media Attention
Three New Leaves for Ontario Workers to Take Effect October 29, 2014
Privacy Chapter
Managing Your Privacy Risk, An In-House Guide
Age Discrimination in Benefit Plans - Talos v Grand Erie District School Board
Are Contractual Termination Provisions Reliable?
Top Five Workplace Privacy Questions
Privacy in the Workplace, 3rd Edition
Proposed amendments to the ESA – new leaves for Ontario employees?
Juries punish employers: two recent cases highlight the risk of treating employees poorly1
Social media background checks in Canada – Do the risks outweigh the rewards?1
Overtime class actions – leave to appeal denied
Cybersecurity & Data Protection – the Evolving Canadian Landscape
Ontario Court of Appeal recognises new tort for invasion of privacy
Employees have a reasonable expectation of privacy in workplace computers, says Supreme Court
On the hook: employer liability for traffic accidents caused by cell phone usage
Harassment in the workplace: limitations on an employer's responsibilities
Racism – is speculation enough?
Seclusion intrusion: A common law tort for invasion of privacy
Background Checks – Uncovering Ominous Pasts
Background Checks - Uncovering Ominous Pasts
Employee privacy rights finally recognized?
Workplace Violence and Harassment: New Obligations Under the Occupational Health And Safety Act
More Restrictions on Restrictive Covenants: The SCC's Decision in Shafron v. KRG Insurance Brokers (Western)
Application of Privacy Laws to Employee Information in a Sale of Business
The Importance of an Anti-Discrimination Policy
Family Fun in February?
Uh Oh Overtime!
Dismissal Before Conviction: Can an Employee Charged with a Criminal Offence be Dismissed for Cause?
Book Review – International Labour Standards: Globalization, Trade and Public Policy
Pension Surplus Distribution on a Partial Wind Up: The Supreme Court of Canada's Decision in Monsanto Canada Inc.
Case comments published in the 'Employment and Labour Law Reporter' on the following cases:
News
Uber Hack: Wasser says Uber breach may put pressure on Government to expedite PIPEDA breach reporting requirements for Canadian Press
Lyndsay Wasser explains why privacy issues are gaining prominence in business transactions for Lexpert Magazine
Equifax Cyberbreach: Wasser tells Canadian Press Canada's privacy watchdog does not have the power to hand down fines
Lyndsay Wasser comments on the deferral of CASL's private right of action for Data Guidance.com
Lyndsay Wasser discussed the Genetic Non-Discrimination Act for DataGuidance.com
Lyndsay Wasser discusses liability and legal issues surrounding Pokémon GO app with BNN
Lyndsay Wasser discusses data breaches with Third Certainty
Lyndsay Wasser quoted in Lexpert article: "Cybersecurity comes to the Boardroom"
Lyndsay Wasser weighs the pros and cons of screening job candidates using social media in the Canadian HR Reporter
Watch video: Lyndsay Wasser talks about the do's and don'ts of social media screening
Lyndsay Wasser comments on the importance of balancing employee privacy with security in Canadian Lawyer
Lyndsay Wasser discusses employee monitoring policies in Financial Post
Éloïse Gratton and Lyndsay Wasser featured in National Magazine on privacy in the private sector workplace
Éloïse Gratton and Lyndsay Wasser publish Privacy in the Workplace, 3rd Edition
Education
- Osgoode Hall Law School, Certificate in Pension Law - 2016
- Osgoode Hall Law School, LLB - 2003
- York University, Specialized Honours Bachelors Degree in Psychology (summa cum laude) - 2000
Year Of Call
- Called to the Ontario bar - 2004
Practices
privacy and data protection
cybersecurity
CASL - spam and other electronic threats
employment and labour relations
confidential information
employment law
employment litigation
executive compensation
harassment and discrimination
labour relations
freedom of information and access to information
Industries
banking, finance and insurance
energy
life sciences
media, communications and entertainment
Directorships and Professional Associations
- International Association of Privacy Professionals
- Ontario Bar Association
- Canadian Bar Association
- Toronto Lawyers Association
- American Bar Association
Awards & Rankings
Lyndsay is the recipient of multiple Awards in Law, including the Bronze Medal and prizes for placing first in first year law at Osgoode Hall Law School. A complete list of her legal Awards is as follows:
- The Bronze Medal, Osgoode Hall Law School
- Carswell Prize – for placing first in first year law at Osgoode Hall Law School
- McCarthy Tetrault Prize – for placing first in first year law at Osgoode Hall Law School
- McMillan Prize in Contracts
- STEP Prize for Trusts and Estates
- Martin J. Rochwerg Prize in Tax, Estates & Trusts Law
- Shibley Righton LLP Prize in Taxation
Media Mentions
- "In home switch, companies risk exposing private data", Automotive News, August 2020

- "The Most Futuristic Developments We Can Expect in the Next 10 Years", Gizmodo, October 24, 2019
- "Anti-spam laws are overreaching, say lawyers", by Julius Melnitzer, Law Times, April 29, 2019
- "The battle over data localization", CBA National, April 15, 2019
- "UK secures post-Brexit data flow deals with nine countries", by Laura Linkomies, Privacy Laws & Business International Report, April 2019
- "Are you testing for drugs, or for alcohol?", by John Dujay, Canadian HR Reporter, April 1, 2019
- "Into the Breach", by Julius Melnitzer, Lexpert Business of Law, November 13, 2018
- "Rules tighten for reporting data breaches: If ‘real risk of significant harm,’ intrusions must be reported", by Melissa Campeau, Canadian HR Reporter, November 5, 2018
- "CIBC class action could ‘send a signal’ on data privacy", by Megan O’Toole, University of Kings College, July 27, 2018
- "Will in-cab cameras survive privacy challenges?", by Jim Park, Today's Trucking, July 17, 2018
- "Smile? On-board cameras can offer in-cab insights", by Jim Park, Today's Trucking, July 17, 2018
- "Uber hack raises disclosure concerns, calls for stronger data protection", by Ian Bickis, The Canadian Press, November 23, 2017
- Erased from Posterity. Europe’s General Data Protection Regulation will soon come into force, requiring major Canadian companies to carry new costs associated with a higher standard of data privacy", by Brian Burton, Lexpert Magazine, November/December 2017
- "Privacy protection in the data room", by Sandra Rubin, Lexpert Business of Law, November 13, 2017
- "Former Equifax CEO before Congress: human, technical errors led to data breach”, The Business of Law - BNN, October 3, 2017
- "European court decision highlights issues around workplace privacy. Monitoring email among challenges for employers”, by John Dujay, Canadian HR Reporter, October 2017
- "Equifax to update Canadians this week, still mum on number impacted by hack", by Armina Ligaya, The Canadian Press, September 18, 2017
- "Equifax to reveal Canadian impact of data breach this week as executives face insider trading probe", by Armina Ligaya, The Canadian Press, September 2017
- "Equifax says it will update Canadians this week about cyberbreach", The Canadian Press, September 2017
- "Equifax hack: No numbers released yet as company promises Canadian update", by Armina Ligaya, The Canadian Press, September 2017
- "TerraLex Beacon Alert – A Global Perspective on Lessons from Equifax” by Andrea Arteaga, TerraLex News, October 2017
- "Canada: Suspension of CASL private right of action prevents “speculative class action litigation", by Kaveh Lahooti, Data Guidance, June 2017
- "Canada: Genetic Non-Discrimination Act “limits an employer’s ability” to use genetic information", by Kaveh Lahooti, Data Guidance, May 2017
- "Beware of ransomware", The Business of Law - BNN, February 3, 2017
- "When good parties go bad: Employer liability for the office Christmas party" Business Day PM - BNN, December 13, 2016
- "Popular Pokémon GO app attracts criticism on cybersecurity", The Business of Law - BNN, July 15, 2016
- "Is your data safe?" by Ann Macaulay, CBA National, May 2, 2016
- "Why your iPhone security may soon be at risk", The Business of Law - BNN, February 19, 2016
- Featured in LexisNexis "Faces Campaign", December 2016
- "Cybersecurity Liability Come to the Boardroom", by Sandra Rubin, Lexpert, October 5, 2015
- "Disclosure inconsistent as Canada data breaches multiply", by Gary Stoller, Third Certainty, October 1, 2015
- "Are companies doing enough to avoid data breaches?", The Business of Law - BNN, August 7, 2015
- "Risks and rewards of social media employment screening" by Liz Foster, Canadian HR Reporter TV, July 2015
- "School's out for the summer...but teacher strikes loom", The Business of Law - BNN, July 17, 2015
- "Vital to balance employee privacy with security" by Jennifer Brown, Canadian Lawyer, May 25, 2015
- "Managing your privacy risk" by Pablo Fuchs, National Magazine, April 2014
- "Beware! Big Brother culture will have adverse effect on creativity, productivity" by Dan Ovsey, Financial Post, February 26, 2014
- "Privacy in the private sector workplace" by Christine Sopora, National Magazine, February 14, 2014