Skip to main content
Privacy Horizon
Privacy Compliance

Privacy Compliance Services in Manitoba

Build privacy governance that supports risk management, partner trust, and repeatable oversight.

Manitoba businesses conducting commercial activity are governed by PIPEDA, Canada's federal private-sector privacy law overseen by the Office of the Privacy Commissioner of Canada. Unlike Alberta, British Columbia, and Québec, Manitoba has not enacted general private-sector privacy legislation of its own — meaning the federal framework sets the standard for how organizations here collect, use, and disclose personal information in the course of commercial activity. PIPEDA's ten fair information principles create real, documented accountability obligations: consent practices tied to specific purposes, data minimization, defined retention, individual access rights, and the operational ability to respond credibly to complaints — obligations that apply regardless of how large or informal your organization is.

For organizations in the health sector, a distinct and specific framework applies. The Personal Health Information Act — Manitoba's PHIA — has governed how trustees such as hospitals, physicians, pharmacies, and health agencies handle personal health information since December 1997. It requires trustees to protect that information, notify the Manitoba Ombudsman of breaches in defined circumstances, and give individuals meaningful access and correction rights. PHIA does not govern general commercial activity, which remains under PIPEDA — organizations operating in both commercial and health-sector roles therefore need compliance programs that address each framework correctly and without leaving gaps between them.

Privacy Horizon works with Manitoba organizations to build the compliance foundation that PIPEDA requires — and, where relevant, to align it with PHIA obligations in a coherent integrated program. Our starting point is the Minimum Viable Privacy baseline: the governance structure, policies, and controls that address the highest-risk gaps first, satisfy the OPC's accountability expectations, and give enterprise procurement teams something substantive to evaluate. From there, we help organizations build toward ISO 27001 or SOC 2 readiness as commercial demands grow and client requirements become more exacting.

Privacy & security regulation in Manitoba

Regulator: Manitoba Ombudsman

In Manitoba, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by trustees such as hospitals, clinics and pharmacies is separately governed by The Personal Health Information Act (PHIA), with oversight by the Manitoba Ombudsman.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

PHIA (Manitoba)The Personal Health Information Act (Manitoba)

Manitoba's health-sector privacy law, in force since December 11, 1997. It governs how trustees collect, use, disclose, retain and safeguard personal health information, gives individuals access and correction rights, and requires trustees to notify the Manitoba Ombudsman of privacy breaches in defined circumstances. Oversight is by the Manitoba Ombudsman. It does not govern general commercial activity, which falls under federal PIPEDA.

Read the legislation

What Privacy Compliance includes

We help you establish a credible privacy baseline quickly, then deepen controls where risk is highest — built to satisfy regulators, partners, and enterprise buyers.

Minimum Viable Privacy (MVP)

A credible compliance baseline, fast — then deepen where risk is highest.

Policy & Governance

The policies, roles, and oversight that make compliance repeatable.

ISO 27001 & SOC 2 Preparation

Readiness for the certifications partners and customers expect.

Ongoing Compliance Monitoring

Keep pace with changing obligations and evidence requirements.

PIPEDA accountability for Manitoba businesses

PIPEDA's accountability principle means the privacy burden rests with your organization, not your customers or vendors. You need a named privacy officer, documented policies that reflect how your business actually works, consent mechanisms that match your data practices, and a process for handling access requests and complaints. We help Manitoba businesses build that infrastructure in a form that's proportionate to their size and holds up under scrutiny.

Health-sector organizations and PHIA

Manitoba's PHIA places specific obligations on trustees — a defined category of health-sector organizations — that sit alongside, not instead of, the PIPEDA framework for any commercial activity those organizations also conduct. We help health-sector organizations in the province build compliance programs that address both regimes, with breach notification processes and access request handling that satisfy the Manitoba Ombudsman's expectations under PHIA.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.