Privacy & Security Consulting in Manitoba
Practical privacy and security guidance for organizations in Manitoba — turning requirements into processes and risk into action.
Manitoba private-sector businesses are governed by Canada's federal privacy law, PIPEDA, with oversight from the Office of the Privacy Commissioner of Canada. PIPEDA's ten fair information principles set the standard for how organizations collect, use, and disclose personal information in commercial activity — and they place real obligations on businesses that have not formalized their practices. Breach notification is among the most operationally demanding: when a security incident creates a real risk of significant harm, organizations must report to the Privacy Commissioner and notify affected individuals, and must maintain records of all breaches regardless of whether notification was required. For Manitoba's health sector, The Personal Health Information Act (PHIA) adds a separate layer, governing how trustees — hospitals, physicians, pharmacies, and health agencies — handle personal health information, with oversight from the Manitoba Ombudsman.
Privacy Horizon works with Manitoba organizations to translate those requirements into programs that function in practice. Most businesses we work with are not starting from zero — they have some policies in place, some informal practices around data handling, and a general awareness that privacy matters. What they typically lack is the documented accountability framework, the vendor management process, the incident response procedure, and the internal training that turn awareness into a defensible program. Our advisors close that gap methodically, without creating more complexity than the organization needs.
The services we provide in Manitoba reflect the full range of what organizations here actually require. Privacy and security coaching builds internal capability in teams fielding data questions without dedicated expertise. Policy development produces a documented framework that demonstrates accountability to regulators and to enterprise customers conducting vendor assessments. Virtual Privacy Officer and Virtual CISO arrangements provide ongoing senior guidance without the overhead of a permanent hire. When acquisitions are on the table, our M&A due diligence work ensures that privacy risk is part of the commercial conversation before a transaction closes. Custom training ensures that the people handling personal information understand their obligations clearly — and know what to do when something goes wrong.
Privacy & security regulation in Manitoba
Regulator: Manitoba Ombudsman
In Manitoba, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by trustees such as hospitals, clinics and pharmacies is separately governed by The Personal Health Information Act (PHIA), with oversight by the Manitoba Ombudsman.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIA (Manitoba)The Personal Health Information Act (Manitoba)
Manitoba's health-sector privacy law, in force since December 11, 1997. It governs how trustees collect, use, disclose, retain and safeguard personal health information, gives individuals access and correction rights, and requires trustees to notify the Manitoba Ombudsman of privacy breaches in defined circumstances. Oversight is by the Manitoba Ombudsman. It does not govern general commercial activity, which falls under federal PIPEDA.
What Privacy Consulting includes
Privacy and security shouldn't slow your business down. Our consulting team helps you convert obligations into repeatable processes and risks into prioritized action plans, with senior guidance you can call on as needed.
Privacy & Security Coaching
Hands-on guidance to build a risk-based roadmap and prioritize what matters.
Policy Development
Practical, compliance-ready policies your team will actually use.
Virtual Privacy Officer (VPO)
Privacy program leadership without a full-time hire.
Virtual CISO (vCISO)
Strategic security leadership, posture reviews, and incident readiness.
M&A Privacy Due Diligence
De-risk transactions with a fast review of data practices and red flags.
Custom Training
Role-relevant privacy and security training for your teams.
PIPEDA in practice: more than a policy document
PIPEDA compliance is not satisfied by posting a privacy policy on your website. The law requires that organizations have a functioning accountability structure, limit collection to what is genuinely necessary, manage vendors who handle personal information on their behalf, and respond to breaches with documented assessments and timely notifications. Most Manitoba businesses have addressed some of those requirements informally. Privacy Horizon helps you identify the gaps between your current practices and what a regulator or an enterprise customer would expect to find — and build the processes that close them.
Health sector obligations under PHIA
Manitoba's PHIA governs how health information trustees handle personal health information — a separate and more prescriptive set of obligations than those PIPEDA imposes on general commercial activity. Trustees include hospitals, clinics, physicians, pharmacies, and health agencies, and their obligations cover collection, use, disclosure, retention, and safeguarding of personal health information. The Manitoba Ombudsman oversees compliance and receives breach notifications. Privacy Horizon works with Manitoba health sector organizations to build privacy programs that satisfy both PHIA's specific requirements and, where applicable, the parallel federal framework.
Other services in Manitoba
Privacy Consulting elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.