3) Technical and professional questions (the ones that decide the offer)
This is where you separate yourself from candidates who “know law” but haven’t lived in-house reality. In Canada, expect commercial contracting, privacy, employment, governance, and regulatory awareness. Also expect tool fluency—because legal teams run on systems.
Q: Walk me through how you review a SaaS customer agreement under Canadian law. What are your top red flags?
Why they ask it: They want your contract instincts and prioritization.
Answer framework: “Clause Stack” (liability, indemnities, IP, privacy/security, termination, audit, dispute).
Example answer: “I start with the risk spine: limitation of liability, indemnities, and the scope of services. Then I check IP—especially customer data rights and any license-back. Next is privacy and security: data location, subprocessors, breach notification, and audit rights. I look at termination and transition assistance because that’s where operational pain hides. Finally, I sanity-check governing law, dispute process, and any auto-renew traps.”
Common mistake: Going clause-by-clause in the order of the document instead of by risk.
Q: How do you set a limitation of liability (LoL) position for different deal types?
Why they ask it: They’re testing whether you can calibrate risk, not just say “cap it.”
Answer framework: “Exposure math” (fees, harm scenarios, insurance, control) + tiered positions.
Example answer: “I tie LoL to economics and controllability. For low-fee, high-volume deals, I prefer a multiple of fees with carve-outs limited to what we can insure or truly control. For enterprise deals with higher exposure, I’ll consider a higher cap if we can narrow indemnities and define security obligations precisely. I also align with insurance coverage and internal risk appetite so we don’t negotiate in a vacuum.”
Common mistake: Using one cap for everything, regardless of product or customer profile.
Q: Explain how PIPEDA affects your day-to-day work as Legal Counsel.
Why they ask it: They want practical privacy competence, not a textbook definition.
Answer framework: “Lifecycle” (collection, use, disclosure, retention, safeguards, access requests, breach).
Example answer: “PIPEDA shows up in contracts, incident response, and product decisions. I focus on purpose limitation, consent where required, and ensuring we have appropriate safeguards and vendor terms. I also care about retention and access requests—because operational gaps there become complaints. When there’s an incident, I help assess real risk of significant harm and coordinate documentation and communications.”
Common mistake: Reciting principles without connecting them to contracts, vendors, and incidents.
Q: What’s your approach to a privacy breach response in Canada?
Why they ask it: They’re testing whether you can run a calm, defensible process.
Answer framework: “Incident Command for Legal” (contain, assess, notify, remediate, document).
Example answer: “First I ensure containment and evidence preservation with IT/security. Then we assess what data was involved, who is affected, and the likelihood of misuse. If it meets the threshold, we prepare notifications and regulator reporting as required, with messaging aligned across legal, comms, and customer teams. Finally, we remediate root causes and document decisions so we can defend the process later.”
Common mistake: Treating breach response as only a PR problem or only an IT problem.
Q: How do you handle employment law issues across provinces (e.g., Ontario vs. British Columbia)?
Why they ask it: Canadian employment obligations vary; they want jurisdiction awareness.
Answer framework: “Jurisdiction first” (where is the employee?) + “policy vs. contract vs. practice.”
Example answer: “I start by confirming the employee’s work location and which provincial regime applies. Then I separate what’s in the employment agreement from what policy says and what the company actually does in practice. For terminations, I’m careful about statutory minimums, common law risk, and documentation quality. If it’s outside my core province, I’ll validate with local counsel but keep the business advice consistent.”
Common mistake: Assuming one Canadian standard applies everywhere.
Q: Describe your process for running an internal investigation (harassment, fraud, or misconduct).
Why they ask it: They’re testing fairness, privilege awareness, and process discipline.
Answer framework: “Plan–Interview–Corroborate–Conclude” + privilege strategy.
Example answer: “I define the allegation, scope, and decision-maker, and I decide early whether the investigation should be under legal privilege. I create an interview plan and a document list, then interview in an order that preserves integrity—usually complainant, key witnesses, then respondent. I corroborate with records and keep notes consistent and factual. At the end, I deliver findings tied to evidence and recommend actions that are proportionate and defensible.”
Common mistake: Treating it like an informal HR chat without a documented plan.
Q: What corporate governance tasks have you handled (board materials, resolutions, minute books)?
Why they ask it: Many Corporate Counsel roles include governance “hygiene.”
Answer framework: “Scope + controls” (what you owned, how you ensured accuracy, how you handled deadlines).
Example answer: “I’ve prepared board and committee resolutions, maintained minute books, and coordinated signature processes for director approvals. I build checklists for recurring approvals and keep a clean audit trail of versions and executed documents. When timelines are tight, I confirm decision rights and quorum requirements early so we don’t scramble at the end.”
Common mistake: Saying “I helped with governance” without naming deliverables.
Q: Which contract lifecycle management (CLM) or e-sign tools have you used, and how did you improve the workflow?
Why they ask it: They want operational maturity, not just legal drafting.
Answer framework: “Tool + metric” (what system, what changed, what improved).
Example answer: “I’ve worked with DocuSign for execution and a CLM workflow that routed intake through a form and tracked turnaround time. I standardized fallback clauses and built a simple playbook so Sales and Procurement knew what was pre-approved. The result was fewer escalations and faster cycle time on low-risk agreements, while high-risk deals got more deliberate review.”
Common mistake: Listing tools without showing how you used them to reduce risk or time.
Q: How do you use legal research tools in practice—CanLII, Westlaw, LexisNexis—when time is limited?
Why they ask it: They want efficient research habits and Canadian-source literacy.
Answer framework: “Issue–Jurisdiction–Authority–Action” (find the rule, confirm it applies, translate into decision).
Example answer: “I start by narrowing the issue and jurisdiction, then I use CanLII for quick access to statutes and recent cases, and Westlaw/Lexis when I need deeper commentary or citators. I time-box research and aim to produce an answer in options: what we can do safely now, what needs more confirmation, and what we should document. The deliverable is usually a short note the business can act on.”
Common mistake: Over-researching and delivering a memo when the business needed a decision.
Q: What do you do if your CLM system or e-signature tool goes down during a critical signing?
Why they ask it: They’re testing contingency planning and risk control under pressure.
Answer framework: “Fallback execution plan” (authority, version control, secure transmission, audit trail).
Example answer: “I switch to a controlled manual process: confirm final versions with a locked PDF, circulate via secure channels, and use wet signatures or scanned signatures only if policy allows. I keep a version log and ensure signatories have proper authority and witness requirements where applicable. Once systems are back, I upload fully executed copies and document the exception so audit trails stay intact.”
Common mistake: Improvising execution without version control or authority checks.
Q: How do you manage regulatory risk when the business expands into Quebec or handles French-language consumer touchpoints?
Why they ask it: They’re testing Canada-specific awareness beyond “federal law.”
Answer framework: “Trigger mapping” (where we operate, who we sell to, what content changes) + escalation.
Example answer: “I flag Quebec early because language and consumer protection considerations can change templates, websites, and customer communications. I map which products and touchpoints are affected and prioritize high-visibility items like consumer terms and support flows. If the scope is significant, I bring in Quebec-qualified support, but I keep the project moving with a clear checklist and owners.”
Common mistake: Treating Quebec as a minor translation task.