Skip to main content
Privacy Horizon
Privacy & Security

Privacy & Security Services in Manitoba

End-to-end privacy and security support for organizations in Manitoba.

Manitoba businesses operating in the private sector are governed by Canada's federal Personal Information Protection and Electronic Documents Act, PIPEDA, with oversight from the Office of the Privacy Commissioner of Canada. The province does not have its own general private-sector privacy law, which means PIPEDA's ten fair information principles set the rules for how organizations across industries collect, use, and disclose personal information in the course of commercial activity. That federal jurisdiction covers everything from customer data practices to employee privacy in the private sector, and complaints from individuals go to the federal commissioner rather than to a provincial body.

The picture is different for Manitoba's health sector. The Personal Health Information Act, PHIA, has been in force since December 1997 and governs how trustees — hospitals, physicians, pharmacies, and other defined health-sector entities — collect, use, disclose, retain, and safeguard personal health information. PHIA oversight sits with the Manitoba Ombudsman, and the law gives individuals access and correction rights. Importantly, PHIA's scope is limited to that defined category of trustees. General commercial activity in the province, including the operations of private businesses that handle health-related data but are not health-sector trustees, falls under PIPEDA rather than PHIA.

Privacy Horizon works with Manitoba organizations to build compliance programs that are accurate to this dual-framework reality. For most Manitoba businesses, the work centres on PIPEDA — assessing current data practices, identifying gaps against the ten principles, building the accountability structures and documentation the Office of the Privacy Commissioner expects, and developing the policies and training that translate legal obligations into day-to-day operations. For health-sector organizations operating under PHIA, we bring familiarity with the trustee framework and the Ombudsman's oversight approach. And for organizations that touch both regimes — a private business providing services to health-sector trustees, for example — we map the boundary clearly and build a compliance posture that addresses both without confusion about which law governs which activity.

Privacy & security regulation in Manitoba

Regulator: Manitoba Ombudsman

In Manitoba, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by trustees such as hospitals, clinics and pharmacies is separately governed by The Personal Health Information Act (PHIA), with oversight by the Manitoba Ombudsman.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

PHIA (Manitoba)The Personal Health Information Act (Manitoba)

Manitoba's health-sector privacy law, in force since December 11, 1997. It governs how trustees collect, use, disclose, retain and safeguard personal health information, gives individuals access and correction rights, and requires trustees to notify the Manitoba Ombudsman of privacy breaches in defined circumstances. Oversight is by the Manitoba Ombudsman. It does not govern general commercial activity, which falls under federal PIPEDA.

Read the legislation

What Privacy & Security includes

From assessments to compliance programs and ongoing advisory, we provide the full range of privacy and security support organizations need under Canadian law.

Assessments

Privacy impact assessments, threat & risk assessments, and gap analysis.

Compliance Programs

Guided programs to reach and maintain compliance.

Advisory

On-call senior privacy and security guidance.

Training

Practical training for staff and leadership.

PIPEDA compliance for Manitoba's private sector

Most Manitoba businesses are PIPEDA organizations — and PIPEDA compliance means more than a privacy policy posted on a website. It means having an accountable individual responsible for compliance, limiting collection to what is genuinely necessary, obtaining meaningful consent, maintaining reasonable safeguards, and being prepared to respond to individual access requests and complaints. Privacy Horizon helps Manitoba organizations build those structures properly, with gap analyses that reveal where current practices fall short and compliance programs that close the gaps in a way that fits your operations and your scale.

Health-sector privacy under PHIA

Manitoba's PHIA creates a distinct set of obligations for health-sector trustees — obligations that differ in structure and detail from the PIPEDA framework that governs the rest of the private sector. Trustees need privacy impact assessments when implementing new systems, must have clear policies for access, use, and disclosure of personal health information, and need incident response processes aligned to the Ombudsman's oversight expectations. Privacy Horizon supports Manitoba health-sector organizations through assessments, policy development, and advisory work grounded in the PHIA framework and how it has been applied in practice.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.