Skip to main content
Privacy Horizon
Privacy Impact Assessment

Privacy Impact Assessment Services in Regina

Assess and document privacy risks in your programs and systems across Regina.

For organizations in Regina, a Privacy Impact Assessment is the structured process by which you identify what personal information a new initiative will involve, how it will flow through your systems and to third parties, what risks that creates, and what you will do about those risks before they materialize. PIPEDA governs most private-sector organizations in Saskatchewan, with oversight by the Office of the Privacy Commissioner of Canada. PIPEDA does not prescribe a mandatory PIA for every initiative, but conducting one — and retaining the documentation — is one of the clearest ways an organization can demonstrate the proactive accountability the law requires. When the OPC investigates a complaint or begins an audit, what they are looking for is evidence of genuine, structured privacy governance. A PIA provides that evidence.

Saskatchewan's health sector operates under The Health Information Protection Act, overseen by the Saskatchewan Information and Privacy Commissioner. HIPA is a sector-specific law governing trustees within the health system; it does not extend to general private-sector commercial activity. But for Regina-based organizations that supply software, analytics, or services to health-system trustees, a PIA is often a requirement that appears in the contract or procurement process before engagement can proceed. Understanding precisely which data flows engage HIPA obligations — and which remain governed by PIPEDA — is part of what a well-scoped PIA resolves.

Privacy Horizon conducts Privacy Impact Assessments for Regina organizations across sectors: technology companies launching new features, professional services firms onboarding new data-sharing arrangements, agricultural and energy sector businesses implementing new operational systems, and suppliers to the health system working through procurement requirements. Our process covers the full scope of a rigorous PIA — data flow mapping across your actual systems and vendor relationships, risk identification against your specific legal obligations, mitigation planning with concrete and actionable recommendations, and documentation structured for regulatory review. We work with your team to make the PIA useful as a governance tool, not just a compliance document.

Privacy & security regulation in Regina

Regulator: Saskatchewan Information and Privacy Commissioner

Regina businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in Saskatchewan is separately governed by The Health Information Protection Act (HIPA), with oversight by the Saskatchewan Information and Privacy Commissioner.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

HIPA (Saskatchewan)The Health Information Protection Act (Saskatchewan)

Saskatchewan's health-sector privacy law, proclaimed in force on September 1, 2003. It sets the rules trustees must follow when collecting, using and disclosing personal health information and protects individuals' access and privacy rights. Oversight is by the Saskatchewan Information and Privacy Commissioner. General private-sector activity in Saskatchewan is governed by federal PIPEDA, not HIPA.

Read the legislation

What Privacy Impact Assessment includes

A privacy impact assessment (PIA) identifies and mitigates privacy risks before they become problems — and produces the documentation regulators and partners expect.

Data Flow Mapping

Understand how personal information moves through your systems.

Risk Identification

Surface privacy risks early, before launch.

Mitigation Planning

Concrete steps to reduce identified risks.

Regulator-Ready Documentation

Defensible records of your privacy diligence.

Privacy accountability for Saskatchewan's commercial sector

The Office of the Privacy Commissioner of Canada expects PIPEDA accountability to be substantive — not a policy on a website, but a functioning program with documented processes and identifiable governance. For Regina businesses in agriculture technology, financial services, or professional services, a Privacy Impact Assessment conducted before a new initiative launches is the most direct way to build that substantive record. It identifies the gaps that matter and documents the steps taken to close them, in a format the OPC can review.

HIPA scoping and PIA support for health-sector suppliers

The Saskatchewan Information and Privacy Commissioner is clear that HIPA governs health-system trustees, not the general private sector. For technology and services organizations in Regina that supply the provincial health system, scoping exactly which of their activities engage HIPA — and what a PIA under that framework needs to cover — is essential before procurement processes advance. We help health-sector suppliers in Regina conduct well-scoped PIAs that satisfy health-system client requirements and produce documentation the Commissioner can evaluate.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.