Skip to main content
Privacy Horizon
Privacy Compliance

Privacy Compliance Services in New Brunswick

Build privacy governance that supports risk management, partner trust, and repeatable oversight.

New Brunswick's private-sector commercial activity is governed by PIPEDA — Canada's federal privacy law, with the Office of the Privacy Commissioner of Canada as the applicable regulator. The province has not enacted general private-sector privacy legislation of its own, so PIPEDA's principles — accountability, consent, purpose limitation, access rights, and breach notification — define the compliance standard for how New Brunswick businesses handle personal information. For many small and mid-sized organizations in the province, meeting those obligations in a documented, practical, and sustainable way takes more deliberate effort than is commonly assumed; the obligations are national in origin but the work of implementing them, testing them, and demonstrating them to regulators and clients is entirely local.

Health information custodians operate under a distinct framework. The Personal Health Information Privacy and Access Act — PHIPAA — governs personal health information in New Brunswick's health sector, overseen by the Office of the Ombud for New Brunswick. PHIPAA gives individuals the right to access and request correction of their health information and sets out custodians' obligations to protect it. Recognized as substantially similar to PIPEDA for health information custodians, PHIPAA's scope is sector-specific: it does not replace PIPEDA for general commercial activity, which remains under the federal framework regardless of whether an organization also operates in the health sector.

Privacy Horizon helps New Brunswick organizations build compliance programs proportionate to their actual obligations and their risk exposure. Our Minimum Viable Privacy baseline addresses the accountability gaps that most commonly attract regulatory attention — policies, consent practices, breach notification readiness, and a working process for responding to access requests — and creates a foundation that scales credibly as your business grows, your client base expands, or enterprise procurement processes start asking harder questions about how you manage the personal information you handle.

Privacy & security regulation in New Brunswick

Regulator: Office of the Ombud for New Brunswick

In New Brunswick, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by custodians is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)

New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.

Read the legislation

What Privacy Compliance includes

We help you establish a credible privacy baseline quickly, then deepen controls where risk is highest — built to satisfy regulators, partners, and enterprise buyers.

Minimum Viable Privacy (MVP)

A credible compliance baseline, fast — then deepen where risk is highest.

Policy & Governance

The policies, roles, and oversight that make compliance repeatable.

ISO 27001 & SOC 2 Preparation

Readiness for the certifications partners and customers expect.

Ongoing Compliance Monitoring

Keep pace with changing obligations and evidence requirements.

Getting PIPEDA compliance right from the start

PIPEDA compliance isn't a one-time checkbox. It requires ongoing accountability: policies that stay current with how your business actually operates, staff who understand their responsibilities, and processes that function under pressure when a breach occurs or a complaint lands. We help New Brunswick businesses build that foundation systematically — starting with the gaps that create the most risk and building toward a program that holds up over time.

Health-sector compliance and PHIPAA

New Brunswick's PHIPAA creates obligations for health-sector custodians that sit alongside the broader PIPEDA framework applicable to any commercial activity those organizations also conduct. The Office of the Ombud for New Brunswick provides oversight, and organizations that conflate the two regimes can find themselves with gaps in one or the other. We build integrated compliance programs that address each framework correctly — so nothing falls through the seam between the health-sector and general commercial rules.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.