Building digital trust and strategic advantage with privacy and cybersecurity

At a Canadian Chamber of Commerce in 2026, speakers said that unleashing value from AI "means building the data, tools and frameworks, including the measurement frameworks, that will turn technological change into economic progress." As businesses and public sector organizations across the country pilot and scale AI solutions, that surge creates a corresponding uptick in data to protect.

The World Economic Forum sees the already huge volume of data on the planet doubling every three to four years. Canada now ranks fifth among the countries with the most data centres on the planet.⁴ With that data comes changing expectations. Even as legislation and regulatory requirements continue to take shape, the customers, clients, and consumers sharing their data are looking for the private sector to be much more proactive in safeguarding information. That's not easy in a world where the risks we face are changing dramatically - both from a cyber perspective and a litigation standpoint.

On the one hand, the Government of Canada's National Cyber Threat Assessment for 2025 and 2026 reports a marked, sharp increase in the number and severity of cyber incidents.⁵

For example, in late 2025 we saw the Information and Privacy Commission of Ontario address a public sector breach at a local hospital. An AI-powered transcription tool inadvertently recorded hospital physicians attending a virtual rounds meeting. Patients' personal health information was discussed. Due to glitches in the meeting invite, commentary was automatically recorded, transcribed, and shared to meeting participants, including a physician who had left the hospital for another job elsewhere a year before.

The impact only grows when bad actors are involved: the world's largest, non-governmental threat research organization finds information stealers (malicious programs designed to collect various kinds of personal and financial information from an infected system), trojans (malware that mislead users of their true intent), and ransomware (malware that encrypts the files on a victim's computer or network, making them inaccessible, and demands a ransom payment to decrypt them) see average monthly blocks in the hundreds of millions every year.⁶

All of this generates litigation risk in Canada and beyond. Our Norton Rose Fulbright 2025 Annual Litigation Trends Survey indicates that cybersecurity and data privacy issues continue to be a challenge for organizations amid escalating cyberattacks, growing disclosure burdens, and uncertainty stemming from AI tools. In fact, 61% of respondents across all industries who anticipate more exposure to cybersecurity and data privacy disputes expect the increasing use of AI and corresponding data issues to be a contributor to these disputes going forward - a nine-percentage-point increase compared to last year and the most selected contributing factor.

Navigating patchwork data privacy regulations is also an overarching challenge. More than half (58%) of respondents to the same survey said compliance with evolving cybersecurity and data privacy regulations and requirements could heighten litigation exposure in the coming year. Just 43% said the same in 2024.

The question is: how do you protect data and privacy when the risks themselves keep changing and the threshold for what good looks like remain unclear?