Privacy Impact Assessment Services in Saint John
Assess and document privacy risks in your programs and systems across Saint John.
Saint John's economy is built on energy, manufacturing, logistics, and port operations — sectors where personal information volumes are significant but formal privacy governance has not always kept pace. A Privacy Impact Assessment addresses that gap: it maps how personal information moves through your systems and to vendors and contractors, identifies where that creates legal risk under applicable frameworks, develops a concrete plan to reduce those risks, and produces documentation that demonstrates accountable governance. For most Saint John businesses, PIPEDA is the governing law, with oversight by the Office of the Privacy Commissioner of Canada. The ability to show that privacy risks were assessed before a new system went live is among the most direct forms of compliance evidence an organization can produce.
New Brunswick's health sector is governed separately under PHIPAA — the Personal Health Information Privacy and Access Act — with oversight by the Office of the Ombud for New Brunswick. PHIPAA applies to health information custodians; it does not extend to the broader commercial sector, which remains under PIPEDA. For Saint John organizations supplying services or technology to provincial health custodians, the intersection of those frameworks creates a scoping question a well-executed PIA resolves before procurement begins. Health-system clients in New Brunswick increasingly require vendor PIAs as a condition of engagement, and documentation that is correctly scoped — not a generic template — is what moves a procurement forward.
Privacy Horizon conducts Privacy Impact Assessments for Saint John organizations with an understanding of the industrial and port-economy context that distinguishes the city. Many organizations here bring sophisticated operational risk management — but formal privacy risk assessment is a newer requirement driven by enterprise clients, insurers, and procurement processes. Our PIAs build on your existing risk culture, map the specific data flows relevant to your operations, identify risks against PIPEDA and PHIPAA as applicable, and produce documentation your organization can stand behind.
Privacy & security regulation in Saint John
Regulator: Office of the Ombud for New Brunswick
Saint John businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in New Brunswick is separately governed by the Personal Health Information Privacy and Access Act (PHIPAA), with oversight by the Office of the Ombud for New Brunswick.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIPAA (New Brunswick)Personal Health Information Privacy and Access Act (New Brunswick)
New Brunswick's health-sector privacy law (SNB 2009, c. P-7.05), which gives individuals the right to access and request correction of their personal health information and sets out custodians' privacy obligations. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Ombud for New Brunswick. General private-sector commercial activity is governed by federal PIPEDA.
What Privacy Impact Assessment includes
A privacy impact assessment (PIA) identifies and mitigates privacy risks before they become problems — and produces the documentation regulators and partners expect.
Data Flow Mapping
Understand how personal information moves through your systems.
Risk Identification
Surface privacy risks early, before launch.
Mitigation Planning
Concrete steps to reduce identified risks.
Regulator-Ready Documentation
Defensible records of your privacy diligence.
Industrial and energy organizations: PIA at the point of system deployment
Saint John's energy and manufacturing organizations regularly deploy new operational systems — ERP integrations, contractor management platforms, operational technology systems — that touch personal information. Conducting a Privacy Impact Assessment before those systems go live identifies the risks that need to be addressed and creates the documentation that satisfies PIPEDA accountability when a regulator, insurer, or enterprise client asks how you governed the initiative. We help industrial organizations in Saint John make PIA a standard step in their system and vendor onboarding processes.
PHIPAA-scoped PIAs for health-sector suppliers
Organizations supplying technology or services to New Brunswick's health system encounter PHIPAA obligations in the procurement and contracting process. The Office of the Ombud for New Brunswick oversees custodian compliance, and health-system procurement teams scrutinize vendor PIAs during qualification. We help Saint John-based organizations conduct PIAs that address PHIPAA's specific requirements, correctly account for the PIPEDA layer, and produce documentation that health-system clients can assess with confidence.
Other services in Saint John
Privacy Impact Assessment elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.