Privacy & Security Consulting in Winnipeg
Practical privacy and security guidance for organizations in Winnipeg — turning requirements into processes and risk into action.
Winnipeg organizations operate in a privacy environment shaped primarily by federal law. PIPEDA — Canada's federal private-sector privacy law — governs how businesses here collect, use, and disclose personal information in the course of commercial activity, with oversight by the Office of the Privacy Commissioner of Canada. The OPC can investigate complaints, conduct audits, and refer persistent non-compliance to the Federal Court. PIPEDA's accountability principle doesn't simply ask whether a policy exists; it asks whether your organization can demonstrate that practices, training, and governance actually match that policy in day-to-day operations. That distinction matters when a complaint is filed, when a breach occurs, or when an enterprise buyer sends a vendor security questionnaire.
Organizations in Manitoba's health sector face a second, distinct framework. The Personal Health Information Act governs how trustees — hospitals, clinics, physicians, pharmacies, and health agencies — handle personal health information, with oversight by the Manitoba Ombudsman. PHIA operates independently of PIPEDA and carries its own consent requirements, access rights, and breach notification obligations. For health-adjacent technology companies providing software or services to the health system, determining precisely which obligations apply, and where, requires careful analysis rather than assumption.
Privacy Horizon works with Winnipeg-area organizations to build privacy and security programs that are genuinely operational — not documentation exercises. We start with your actual situation: the data you collect, the vendors you rely on, the regulatory requirements that apply to your specific business model. From that foundation, we help you put the governance structures, policies, and controls in place that satisfy regulators and open enterprise opportunities. Our senior advisors are available for coaching, policy development, Virtual Privacy Officer engagements, and custom staff training. Whether you need to close a specific compliance gap or build a program from the ground up, we work at the pace and depth your organization actually requires.
Privacy & security regulation in Winnipeg
Regulator: Manitoba Ombudsman
Winnipeg businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in Manitoba is separately governed by The Personal Health Information Act (PHIA), with oversight by the Manitoba Ombudsman.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIA (Manitoba)The Personal Health Information Act (Manitoba)
Manitoba's health-sector privacy law, in force since December 11, 1997. It governs how trustees collect, use, disclose, retain and safeguard personal health information, gives individuals access and correction rights, and requires trustees to notify the Manitoba Ombudsman of privacy breaches in defined circumstances. Oversight is by the Manitoba Ombudsman. It does not govern general commercial activity, which falls under federal PIPEDA.
What Privacy Consulting includes
Privacy and security shouldn't slow your business down. Our consulting team helps you convert obligations into repeatable processes and risks into prioritized action plans, with senior guidance you can call on as needed.
Privacy & Security Coaching
Hands-on guidance to build a risk-based roadmap and prioritize what matters.
Policy Development
Practical, compliance-ready policies your team will actually use.
Virtual Privacy Officer (VPO)
Privacy program leadership without a full-time hire.
Virtual CISO (vCISO)
Strategic security leadership, posture reviews, and incident readiness.
M&A Privacy Due Diligence
De-risk transactions with a fast review of data practices and red flags.
Custom Training
Role-relevant privacy and security training for your teams.
PIPEDA accountability built for Manitoba businesses
Demonstrating accountability under PIPEDA means more than pointing to a published privacy policy. It means a named privacy officer, documented processes for handling access requests and complaints, trained staff, and controls that genuinely govern how personal information moves through your organization. We help Winnipeg businesses build that infrastructure in a form that holds up under regulatory review — and works as a commercial asset when enterprise buyers ask about your privacy practices.
Health-sector organizations and PHIA
Manitoba's PHIA places specific obligations on health-system trustees that operate independently of the PIPEDA framework. For health technology companies and service providers working within the provincial health system, understanding those obligations precisely — and aligning them with broader commercial privacy requirements — is essential before a breach or audit forces the question. We help health-adjacent organizations in Winnipeg build programs that satisfy both frameworks coherently.
Other services in Winnipeg
Privacy Consulting elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.

