Legal departments in companies operating in Manitoba and Saskatchewan are dealing with demands to serve their global audiences.
Legal departments in companies operating in Manitoba and Saskatchewan are dealing with demands to serve their global audiences.
Like so many companies in Canada these days, business isn’t just local or even within provincial borders — it’s growing to serve North American and global markets. With that growth comes demands to satisfy international regulations and provide critical technological solutions.
Just two examples in Saskatchewan and Manitoba exemplify those realities. Viterra Inc. is a handler of grains, oilseeds and pulses that partners with growers in Canada and the United States to connect them to markets in more than 50 countries.
Headquartered in Regina, Sask., Viterra is part of Glencore Agriculture. Viterra’s core business is originating, handling, processing and marketing agricultural commodities through an extensive network of North American assets. With strong competition in the industry, Viterra has made it a priority in recent years to carefully invest in its asset network through strategic acquisitions, building new grain elevators in targeted areas and undertaking capital upgrades.
“These investments have required legal support for M & A activity, real property, procurement, commercial negotiations and agreements and regulatory matters at all levels of government. Our legal team is a valuable part of Viterra’s growth strategy ensuring we work closely and proactively with the business to understand the company’s vision and strategic priorities for the future,” says Evan Olson, corporate counsel with Viterra in Regina.
Consistent with trends across North America, Olson says, Viterra has placed an emphasis on managing costs and building a largely self-sufficient legal group that develops expertise in-house to deliver ongoing value to the business.
This model requires a focus on internal talent development and knowledge of the agribusiness sector, says Olson. Resource requirements both internally and externally are regularly reviewed to maintain a balance between cost efficiency and appropriate resourcing for business needs at any given time.
“When warranted, we do invest in external counsel to address resource capacity issues or when specialized legal advice is required, for example, on litigation matters and certain M & A activity. It’s an interesting time to be in-house, as we’re seeing all kinds of external legal support options developing beyond traditional full-service firms,” says Olson. “We’re watching closely as the innovation in legal service models develops and non-traditional options for resourcing become more mainstream.”
A key strategic focus for Viterra is the relationships with its farm customers. “Our future success depends on our ability to consistently provide our customers with solutions to help them achieve their goals,” he says.
A big part of this is working to provide technology solutions to farm customers who want online platforms for market information and grain marketing opportunities. “Development of these technology solutions such as myViterra, our online customer portal, has created very interesting legal work around proactive measures related to data protection, cybersecurity, cloud and cross-border storage, electronic funds transfers and e-signature contracting,” Olson says.
Changes in the way farm customers consume market information and engage in business with Viterra has created many opportunities and challenges for legal to provide support for the business internally.
Viterra maintains a legal group of three lawyers and one paralegal to serve the needs of the business. “In recent years, we have seen our role evolve to include time outside of traditional legal drafting and advising to include strategy and general advising to the business,” says Olson.
Dealing with global privacy demands
At InfoTech Inc., provider of Wellness Checkpoint in Winnipeg, a health and productivity risk management service that allows employers to make better decisions around what to offer their employees in terms of well-being services, Mike Hicks, chief operating officer and general counsel, is dealing with the demands of the company’s European customers around the pending EU General Data Protection Regulation.
Founded in 1984 and launched in 1990 in Winnipeg, Wellness Checkpoint is a Software as a Service online health risk assessment tool for employees of large companies. It provides client companies an idea of the health footprint of its workforce so they can better design the programs they make available to them.
“For example, you may find you have a lot of people in your company who smoke, but you may have more of an issue with stress and depression that is hurting the business and productivity of people in the company. At a population level, the tool helps look at what are the important issues and cost drivers you are experiencing now?” explains Hicks.
The company has some Canadian customers such as CIBC, CBC and Air Canada that have employees worldwide, but it also has many global companies in the EU.
“Winnipeg is an interesting place to do business because, even for a Winnipeg business, the minute you have business outside Winnipeg, it’s either west or east quite a distance or down in the U.S., so you’re almost national or international by definition when you’re in Winnipeg,” says Hicks. “And when you start to grow — there’s no such thing as a Manitoba-only business if you’re in the technology or service industry because you need to serve people outside Winnipeg because it’s not a big enough market here.”
When it was first launched, the company grew fairly quickly, including Dupont as a client, which wanted to use the service in its European operations.
“One of the key differentiators is we can go to a big company and say ‘We can serve your people wherever they may be’ and that’s what took us international,” says Hicks.
The GDPR will and is already influencing Canadian law, says Hicks. The Canadian privacy law is adapting to the new reality. “If you look at consumer expectations about how [a company] is going to treat my data — there is a lot of stuff creeping into business practice. You have to follow the current high water mark for the things you need to comply with. Canadian law is tracking that and there will need to be changes made to the Canadian law to maintain the adequacy requirement.”
In some respects, Hicks says, InfoTech is similar to other Winnipeg companies in that even people who live in Winnipeg haven’t heard of it — Wellness Checkpoint is the product name, but InfoTech is the company.
As Hicks is the solo legal professional in the organization, he uses external legal services locally and globally. “I get to do all the procurement work — our clients are primarily multinationals so the procurement work is interesting. I also do the privacy work. Information and privacy is a very big deal these days, particularly for Europeans, so GDPR is ‘huge’ for InfoTech.”
GDPR will come into force in May of this year, but the trickle-down effect isn’t just that companies like InfoTech need to comply with it because they have Europeans using their software tool. “Pretty much every one of our clients that is a multinational is impacted by it, so they aren’t just asking us ‘Are you going to be OK?’ they are testing and doing security reviews and sending people to look and confirm that we are ready.”
Hicks says much of what GDPR requires is coming from a privacy perspective, but how an organization delivers privacy is within the realm of information security. “It involves very detailed questionnaires and interviews about your infrastructure, how you keep things and so it’s an awful lot of work to satisfy people about what we’re doing.”
InfoTech was always subject to the European Directive, which is the predecessor to GDPR, and a lot of the things it required, GDPR requires, so Hicks says the company was well on its way to GDPR compliance, but there are some things that are new and some are functionality issues that have to be built into the tool and some are things that need to be stated in privacy notices.
“If someone says ‘Yes, I would like you to give me access to all of my data or I would like to have my data in a portable fashion so I can take it somewhere else,’ the task for me then is understanding what does GDPR require and how do you satisfy that?”
Hicks says there is still some ambiguity around the regulation. “I think we’re going to have to wait until a few things happen to know exactly where the guardrails are,” he says.
A further wrinkle is Brexit — if that does proceed and the United Kingdom is no longer part of the EU, it will need its own rules similar to GDPR.
“We’re doing a lot of work lately to satisfy our partners — most of them large companies — to say it’s OK to send your data here, just as it always has been.”
