Rachel St. John
Canada
  • PositionAssociate
  • FirmOsler Hoskin & Harcourt LLP
  • Age36
Abstract Shape Background
Rachel St. John

Rachel St. John

Canada
  • Position: Associate
  • Firm: Osler Hoskin & Harcourt LLP
  • Age: 36

Professional history

I completed the joint common and civil law degree programme at McGill University in Montreal. After law school, I had an opportunity to join the privacy and cybersecurity group at Hunton & Williams in New York. From there, I returned home to Canada and joined my current team at Osler Hoskin & Harcourt.

What do you do?

My practice focuses exclusively on privacy and data management. I provide advice on Canadian privacy and data-governance issues arising from the collection, use, disclosure and management of personal information. I also assist clients in responding to Canadian privacy regulatory investigations.

Influences and mentors?

There are a few people that have played a pivotal role in the development of my career path. George N Hood, a former vice principal of advancement at Queen’s University in Kingston, Ontario was a strong supporter of my legal education and taught me by example with his work in organisational turnaround to pursue my goals with tenacity. [Osler partner] Adam Kardash and [Hunton Andrews Kurth partner] Lisa Sotto, respected leaders in the privacy field, have also both been central to my development as a lawyer by setting high standards, asking tough questions, and providing meaningful feedback.

If you hadn’t been a lawyer...

Real estate development. I love urban design and the evolution of communities.

What’s everyone talking about?

An overarching theme in all of my discussions is the fast-paced nature of the digital economy and the increasing complexity of privacy and information security requirements that are so fundamental to an organisation’s ability to remain competitive. This is evidenced by the GDPR and new breach notification requirements under Canada’s federal data protection law, the Personal Information Protection and Electronic Documents Act (PIPEDA). When speaking with clients, the conversation inevitably turns to governance and strategically managing data in light of these myriad requirements.

Most significant current trend in your jurisdiction?

Canada has amended PIPEDA to include a mandatory security breach notification requirement, which takes effect in November. A key focus for many organsations, and a current trend for my practice, is the development of comprehensive breach readiness and response protocols to set out a process to comply with these new obligations.