Home — Our Team —

Ayse Gauthier

Litigation Counsel

Ayse Gauthier

Office
Montréal
Phone 514 470 1455
Fax 514 221 3706
[email protected]
vCard

Profile

Ayse is a senior lawyer with a focus on privacy, cybersecurity and artificial intelligence law. She has extensive experience in the field of cybersecurity, having acted as breach counsel, advised on cyber coverage matters and monitored the handling of hundreds of security/privacy incidents, including several privacy class actions, on behalf of leading cyber insurers. She also advises clients on their obligations under the Quebec and Canadian privacy legislation, assists with conducting privacy and risk impact assessments, drafting frameworks for the use of artificial intelligence as well as preparing for and responding to cybersecurity incidents.

Prior to joining WT Montreal, Member of the DWF Group, Ayse practiced for several years as a senior counsel within a global law firm where she gained extensive experience in the field of cybersecurity, acting as breach counsel in numerous incidents, advising on how to comply with legal notification and reporting obligations as well as managing the engagement of various service providers and technical experts as required. She has regularly advised clients on multijurisdictional data breaches regarding the application of Canadian and Quebec privacy legislation and coordinated regulatory reporting and notifications in multiple countries. Ayse also advised major cyber insurers, providing coverage advice and monitoring the handling of hundreds of security/privacy incidents, including in a number of privacy class actions.

Ayse was also a senior lawyer at the largest global multidisciplinary accounting and consulting firm as well as a renowned national firm, advising national and international clients on changes required to their privacy practices to comply with the recent amendments to Quebec’s privacy legislation, representing clients before privacy regulators with respect to filing obligations and complaints from individual and advising on risks relating to privacy, cybersecurity and artificial intelligence in a number of M&A transactions.

Ayse’s experience further includes several years in litigation, e-discovery, legal research with the Federal Court of Appeal, the Quebec Court of Appeal, at the Faculty of Law of the Université de Montréal and with several international intergovernmental organizations based in Montreal, Paris and New York.

A frequent writer and speaker on privacy, cybersecurity and artificial intelligence matters, Ayse is a co-chair of the Montreal Chapter of International Association of Privacy Professionals. Ayse is recognized in the Best Lawyers in Canada™ in the areas of Privacy and Data Security law as well as Technology Law.

Expertise

Cyber, Privacy and Data Protection
Breaches and Incident Responses
Data and Cyber Disputes
Data, Cyber Risk and Compliance
Insurance Law
Data Protection Risks
Professional Indemnity

Show more about Ayse

Education

Cert. (2025) MILA Quebec AI Institute – Trustworthy & Responsible AI Learning (TRAIL) Certificate for Professionals

LL.M. (2024) York University, Osgoode Hall – Masters of Law – Privacy and Cybersecurity Law

PGDip (2014) Queen Mary University of London – Postgraduate Diploma in International Commercial Arbitration (with merit)

J.D. (2010) University of Ottawa – National Program in Common Law, Cum Laude, Dean’s Honour List

LL.B. (2006) Université de Montréal – Civil Law

B.Com. (2000) McGill University – Faculty of Management (Marketing & International Business)

Professional Memberships & Affiliations

Quebec Bar, 2008

Law Society of Ontario, 2012

International Association of Privacy Professionals : Member, Certified Information Privacy Professional/Canada (CIPP/C) and CIPM; Montreal Chapter co-president.

Publications

“CAI Guide to Drafting Website Privacy Notices” Canadian Privacy Law Review, 2024 · Dec 20, 2023 (available online)

“Clocking In and Opting Out: Québec CAI Issues Warning About Biometric Time Clocks in the Workplace” Canadian Privacy Law Review, 2023 · May 18, 2023 (available online)

“Québec’s Draft Regulation on Confidentiality Incidents: a Comparative View with Federal Requirements” · Sep 21, 2022 (available online)

“Québec’s Privacy Law Reform in the Private Sector – Key Milestones to Consider for Businesses”, Sep 6, 2022 (available online)

“Protection of critical cyber systems: Canada introduces new legislation under Bill C-26”

Canadian Privacy Law Review, 2022 · Aug 31, 2022 (available online)

“The Court of Appeal of Québec upholds dismissal of class action on the merits for loss of personal information”, Jun 15, 2022 (available online)

OPC provides clarity on the interpretation of “sensitive information” under PIPEDA” · Jun 9, 2022 (available online)

“Cybersecurity: A Promising Restitution Order”, Mar 30, 2022 (available online on Lexology)

Recognition

Recognized in 2024, 2025 and 2026 in The Best Lawyers in Canada® in Privacy and Data Security Law and since 2026, in Technology Law.

Recognized in 2023 in The Best Lawyers: Ones to Watch in Privacy and Data Security Law.

Dean’s Honour List, University of Ottawa

Representative Cases

SNC-Lavalin inc. c. ArcelorMittal Exploitation minière Canada, 2022 QCCS 2918;
Advising numerous multinational companies on compliance matters arising from amendments to Quebec’s private sector privacy legislation;
Breach counsel for a smart building cybersecurity solution provider regarding an incident affecting a critical infrastructure sector entity;
Breach counsel for a federal government institution subject to the Privacy Act regarding a data theft incident.
Breach counsel for an Ontario-based health clinic facing a ransomware incident involving personal health information of over 500,000 individuals;
Breach counsel for an online networking and training platform facing the leak of information of over 2,000,000 members worldwide;
Breach counsel for a consultancy firm facing a business email compromise resulting in fraudulent payments by the affected individuals, coordinated the engagement of computer experts and local counsel in over a dozen jurisdictions, provided legal advice, carried out the notification campaign and regulatory response;
Breach counsel for an electronic data interchange solution provider for a number of Canadian banks and crown corporations facing a security incident with data exfiltration;
Advised a multinational insurance intermediary in responding to a ransomware attack involving several million individuals worldwide in collaboration with counsel in different jurisdictions, including representation before Canadian federal and provincial privacy and insurance regulators and before the Small Claims Court in Ontario;
Advised a US law firm dedicated exclusively to representing organizations facing data privacy events with respect to over 70 multijurisdictional data breaches regarding the application of Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy legislation; coordinated notification of affected Canadians, reported to relevant privacy commissioners;
Advised numerous international charities and universities affected by the breach of their cloud-based relationship management software provider;
Coverage counsel for a leading cyber insurer with respect to claims brought under cyber insurance policies in hundreds of matters arising from a wide range of incidents including ransomware, business email compromise, fraudulent instruction, cryptojacking, device theft, third-party claims and privacy class actions;
Advised the insurers of a Canadian point of sale device and restaurant delivery management service provider with respect to a putative class action under the Illinois Biometric Information Privacy Act (BIPA);
Advised the insurers of an information and telecommunications service provider in the air transport industry with respect to the reasonableness of a proposed settlement in a putative privacy class action arising out of a data breach involving over 200,000 Canadians;
Advised the insurers of a professional order in a putative privacy class action arising out of a data breach involving over 300,000 Canadians;
Advised the insurers of a food manufacturer with respect to potential employment-related claims arising out of the ransomware attack on their third-party workforce management service provider;
Advised a large reinsurance company on compliance with recent amendments to Quebec privacy legislation;
Represented consulting engineers subcontracted by the engineering, procurement, and construction management (EPCM) contractor in a large mining construction project in northern Quebec with respect to allegations of negligence and delay.