Eric Charleston is a Partner and National Co‑Leader of BLG’s Cybersecurity and Privacy group. He advises clients throughout the full cyber lifecycle, from readiness and regulatory compliance to rapid incident response.
His clients span Canada’s public, private and not‑for‑profit sectors, including financial services, insurance, healthcare, education, energy, technology, retail and professional services. Eric is a leading cyber incident and data breach lawyer, known for pragmatic, time‑sensitive strategies that focus teams on the right tasks, preserve legal privilege, and protect core constituencies. He translates the technical into the actionable, always ensuring the client understands the approach. He frequently leads complex, cross‑border incidents, coordinates national and international notification programs, and engages with federal, provincial and sectoral regulators and law enforcement in Canada and internationally.
Eric’s readiness work spans cybersecurity risk assessments (from scoping and methodology through reporting and remediation planning) and hands‑on support for cybersecurity compliance audits across verticals, aligning client programs to leading frameworks and regulatory expectations. He develops bespoke incident response plans, evaluates cyber hygiene, trains directors and executives on cyber risk management and governance, and conducts realistic table‑top and attack‑simulation exercises.
Eric is a leading expert on cyber insurance coverage. He advises carriers on coverage analysis, policy wording and endorsements, and claims strategy, often being called upon to oversee the largest cyber claims in Canada. Eric’s breadth of experience with complex Canadian cyber claims is second to none leading to practical, business‑oriented, and efficient claim resolutions.
Eric is an adjunct professor of cybersecurity law at the University of Toronto Faculty of Law and holds CIPP/C and CIPP/US certifications from the International Association of Privacy Professionals.
Experience
- Canadian engineering firm on complex ransomware attack, including notification to federal and provincial regulators and impacted individuals.
- North American retailer on complex data theft, including notification to Canadian, American and Mexican regulators and impacted individuals.
- Canadian university on complex ransomware attack, including notification to ministry and provincial regulators.
- Canadian investment dealer on business email compromise, including notification to regulators and individuals.
- Coverage counsel to numerous insurers on cyber insurance claims, including some of the largest in Canada's history.
- Canadian engineering firm on complex ransomware attack, including notification to federal and provincial regulators and impacted individuals.
- North American retailer on complex data theft, including notification to Canadian, American and Mexican regulators and impacted individuals.
- Canadian university on complex ransomware attack, including notification to ministry and provincial regulators.
- Canadian investment dealer on business email compromise, including notification to regulators and individuals.
- Coverage counsel to numerous insurers on cyber insurance claims, including some of the largest in Canada's history.
