Note: The Quercus program will be used for this course. 

This course aims to provide students with an understanding of cybersecurity and data protection requirements in an increasingly digital world. Given the borderless nature of data, this course will focus on what specific measures organizations should have in place before and after a cybersecurity incident or data breach occurs. Through practical exercise and industry speaker presentations, the course will provide an overview of the legal landscape, along with best practices that organizations should implement to avoid a cybersecurity incident or data breach.

Topics covered will include but not be limited to:

  • Overview of the Canadian cybersecurity landscape
  • Cloud computing
  • Supply chain cybersecurity
  • Cybersecurity considerations for business transactions
  • Oversight obligations of the board of directors and management
  • Incident management
  • Reporting and notification requirements under privacy laws
  • Reporting and notification requirements under other regulatory authorities
  • Public sector cybersecurity
  • Cross border considerations for managing a cybersecurity incident
  • Reporting to and working with law enforcement
  • Legal privilege during breach response
  • Litigation exposure
  • Cyber and privacy insurance
Class participation 15% (5% attendance and 10% contributions to discussion); cyber simulation (15%); and a final assignment of 6,000 words (70%). The Cyber Simulation would see the class divided into two groups with each dealing with a “live” cyber-attack. It would require limited group preparation and the simulation would be in front of the class (a form of oral presentation). No written submission/document would be required.
Academic year
2022 - 2023

At a Glance

First Term



18 JD


W: 6:10 - 8:00 pm