Privacy Compliance Services in Saint John
Build privacy governance that supports risk management, partner trust, and repeatable oversight.
Saint John's economy is anchored in energy, manufacturing, and port logistics — industries that generate significant volumes of commercial and operational data, including the personal information of employees, contractors, and customers. That activity falls under federal PIPEDA, enforced by the Office of the Privacy Commissioner of Canada. For health-sector custodians in New Brunswick — hospitals, clinics, pharmacies — personal health information is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.
Industrial and energy-sector businesses in Saint John often encounter privacy compliance requirements from a direction that surprises them: their own enterprise customers and joint-venture partners. Increasingly, large energy companies and multinational manufacturers require vendors and contractors to demonstrate documented privacy controls as part of supply chain risk management. ISO 27001 and SOC 2 are common benchmarks in these conversations, and organizations that arrive at those discussions without a foundational Privacy Management Program are starting from a significant disadvantage. A port logistics operator that handles cargo data, shipping manifests, and contractor records for international partners may find that a new counterparty's vendor onboarding process includes a detailed privacy and security questionnaire — and that the answers need to be backed by documented policies, not verbal assurances.
Privacy Horizon helps Saint John organizations build privacy programs that are proportionate to the sectors they operate in. We establish the Minimum Viable Privacy baseline — the governance structures, policies, and documented controls that satisfy PIPEDA and provide a foundation for deeper work — then scope additional investment based on where your actual risk lies. For clients with enterprise or industrial supply chain requirements, we offer ISO 27001 and SOC 2 preparation and ongoing compliance monitoring. The energy sector in particular is seeing increased scrutiny of how vendors handle operational and personnel data, and having a documented program in place before that scrutiny arrives is materially less costly than building one in response to it.
Privacy & security regulation in Saint John
Regulator: Office of the Ombud for New Brunswick
Saint John businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in New Brunswick is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)
New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.
What Privacy Compliance includes
We help you establish a credible privacy baseline quickly, then deepen controls where risk is highest — built to satisfy regulators, partners, and enterprise buyers.
Minimum Viable Privacy (MVP)
A credible compliance baseline, fast — then deepen where risk is highest.
Policy & Governance
The policies, roles, and oversight that make compliance repeatable.
ISO 27001 & SOC 2 Preparation
Readiness for the certifications partners and customers expect.
Ongoing Compliance Monitoring
Keep pace with changing obligations and evidence requirements.
Supply chain privacy requirements in industrial sectors
Energy, manufacturing, and logistics companies based in Saint John increasingly face privacy and information security requirements embedded in their supply chain contracts — requirements that go beyond PIPEDA's baseline and often reference international standards. Privacy Horizon helps you understand the gap between where your program stands today and what those contracts actually require, then build a structured path to close it. That means a documented Privacy Management Program, clear breach response procedures, and — where needed — a formal ISO 27001 or SOC 2 readiness program.
Other services in Saint John
Privacy Compliance elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.