Privacy & Security Consulting in Saint John
Practical privacy and security guidance for organizations in Saint John — turning requirements into processes and risk into action.
Saint John is New Brunswick's largest city by population and its industrial and port economy, with significant activity in energy, manufacturing, logistics, and financial services — sectors where data protection is both a regulatory requirement and an operational risk factor. PIPEDA governs most private-sector organizations here, with oversight by the Office of the Privacy Commissioner of Canada. PIPEDA's accountability framework sets real expectations: organizations must be able to demonstrate that they handle personal information responsibly, with governance structures, trained staff, and processes that actually function when a breach happens or a regulator asks questions. The OPC's complaint and audit powers mean that gaps in accountability programs carry concrete consequences.
New Brunswick's health sector operates under a parallel framework. The Personal Health Information Privacy and Access Act — PHIPAA — governs how health information custodians in the province handle personal health information, with oversight by the Office of the Ombud for New Brunswick. PHIPAA is deemed substantially similar to PIPEDA for custodians, but it carries its own specific requirements for consent, individual rights, and breach response. Organizations in Saint John that supply services or technology to the provincial health system need to determine, before those relationships are formalized, which obligations attach to their specific activities under PHIPAA — and where PIPEDA continues to govern.
Privacy Horizon helps Saint John organizations address privacy and security obligations in a way that fits the industrial and commercial reality of the city. We know that many organizations here operate in sectors where security and data protection are already embedded in risk management thinking — but where formal privacy programs often haven't kept pace with regulatory expectations. Our consulting engagements build on what's already in place, close the gaps that matter most, and deliver governance documentation and security controls that satisfy both regulators and the enterprise buyers, insurers, and government clients who ask increasingly specific questions about your practices. We provide Virtual Privacy Officer and Virtual CISO services, policy development, M&A privacy due diligence, coaching, and custom training for teams at every level.
Privacy & security regulation in Saint John
Regulator: Office of the Ombud for New Brunswick
Saint John businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in New Brunswick is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)
New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.
What Privacy Consulting includes
Privacy and security shouldn't slow your business down. Our consulting team helps you convert obligations into repeatable processes and risks into prioritized action plans, with senior guidance you can call on as needed.
Privacy & Security Coaching
Hands-on guidance to build a risk-based roadmap and prioritize what matters.
Policy Development
Practical, compliance-ready policies your team will actually use.
Virtual Privacy Officer (VPO)
Privacy program leadership without a full-time hire.
Virtual CISO (vCISO)
Strategic security leadership, posture reviews, and incident readiness.
M&A Privacy Due Diligence
De-risk transactions with a fast review of data practices and red flags.
Custom Training
Role-relevant privacy and security training for your teams.
Industrial and logistics organizations: privacy in operational environments
Saint John's port and industrial economy includes organizations that handle employee data, contractor information, supply chain records, and client data across complex operational environments. PIPEDA's accountability requirements apply equally in these settings, and gaps in compliance programs are often discovered through vendor assessments, insurance renewals, or enterprise procurement processes rather than regulatory inquiries. We help industrial and logistics organizations build practical programs that close those gaps before they become problems.
PHIPAA obligations for health-sector suppliers
The Office of the Ombud for New Brunswick takes PHIPAA compliance seriously, and organizations supplying technology or services to the provincial health system need to demonstrate their privacy program before contracts advance. We help Saint John-based health-sector suppliers scope their PHIPAA obligations, build appropriate policies and controls, and present a credible program to health-system clients.
Other services in Saint John
Privacy Consulting elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.