Privacy Impact Assessment Services in New Brunswick
Assess and document privacy risks in your programs and systems across New Brunswick.
New Brunswick's private-sector businesses are governed by Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA), administered by the Office of the Privacy Commissioner of Canada. For health information custodians in the province — those who hold personal health information in the context of providing health services — the Personal Health Information Privacy and Access Act (PHIPAA) provides a distinct and more specific set of obligations, with oversight from the Office of the Ombud for New Brunswick. PHIPAA is deemed substantially similar to PIPEDA for custodians it governs.
A Privacy Impact Assessment is not a statutory requirement under PIPEDA or PHIPAA in the general sense, but it is the accountability mechanism that both regimes recognize as evidence of responsible data governance. PIPEDA's accountability principle requires organizations to be able to demonstrate that they have appropriate safeguards in place and that those safeguards were considered and implemented deliberately — not assembled after a complaint arrives. Conducting a PIA before a system launches, a new data use begins, or a third-party relationship is formalized is the clearest way to create that record.
Privacy Horizon works with New Brunswick organizations to conduct PIAs that are methodologically rigorous and practically focused. We begin by building a complete data flow map — tracing personal information from collection through processing, storage, third-party disclosure, and eventual deletion or return. That mapping exercise is not about documentation for its own sake; it is about ensuring that the risk identification phase that follows is working from an accurate picture of how data actually moves, rather than how it was designed to move. The gap between those two pictures is often where the most significant risks sit.
Our mitigation planning translates risk findings into actionable steps, with clear prioritization and timelines. The final deliverable satisfies the accountability standard under PIPEDA, addresses PHIPAA obligations where applicable, and gives your leadership team a clear record of what was assessed, what was found, and what was done about it.
Privacy & security regulation in New Brunswick
Regulator: Office of the Ombud for New Brunswick
In New Brunswick, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by custodians is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)
New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.
What Privacy Impact Assessment includes
A privacy impact assessment (PIA) identifies and mitigates privacy risks before they become problems — and produces the documentation regulators and partners expect.
Data Flow Mapping
Understand how personal information moves through your systems.
Risk Identification
Surface privacy risks early, before launch.
Mitigation Planning
Concrete steps to reduce identified risks.
Regulator-Ready Documentation
Defensible records of your privacy diligence.
PHIPAA and the Ombud's Oversight Role
New Brunswick's PHIPAA establishes clear obligations for health information custodians around consent, access, disclosure, and breach notification. The Office of the Ombud for New Brunswick has broad authority to investigate complaints, conduct reviews, and make recommendations. For health-sector organizations and technology providers serving custodians, a PIA that addresses PHIPAA obligations directly — mapping the health information flows, identifying where consent and disclosure rules apply, and documenting the safeguards in place — is both a compliance requirement and a risk management tool. Privacy Horizon's health-sector experience means your assessment reflects what the Ombud's office actually looks for.
Smaller Organizations, Serious Compliance
New Brunswick's economy includes a significant number of mid-sized and smaller businesses that handle personal information as part of core commercial operations — professional services firms, financial advisors, retailers, and technology companies — without the in-house legal or privacy staff that larger organizations maintain. For those organizations, the PIA process can feel like an enterprise-scale burden. Privacy Horizon builds assessments that are appropriately scoped for the organization's size and risk profile. A smaller business does not need a hundred-page assessment — it needs a thorough, credible one that addresses what is actually material, documents it clearly, and gives leadership the confidence to demonstrate accountability when it matters.
Other services in New Brunswick
Privacy Impact Assessment elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.

