Skip to main content
Privacy Horizon
Privacy & Security

Privacy & Security Services in Saskatchewan

End-to-end privacy and security support for organizations in Saskatchewan.

Saskatchewan's private sector operates under Canada's federal Personal Information Protection and Electronic Documents Act, PIPEDA, with oversight from the Office of the Privacy Commissioner of Canada. The province has not enacted a general private-sector privacy law of its own, so for the broad range of commercial activity — retail, professional services, technology, financial services, and others — PIPEDA sets the standard. Organizations collect, use, and disclose personal information under the ten fair information principles the Act establishes, and individuals who believe their privacy rights have been violated can bring complaints to the federal commissioner.

Saskatchewan does have its own health-sector privacy law. The Health Information Protection Act, HIPA, proclaimed in force on September 1, 2003, governs how trustees in the provincial health system handle personal health information. The Saskatchewan Information and Privacy Commissioner provides oversight. HIPA's scope is limited to that defined trustee category within the health system; it does not govern general commercial activity in the province. A private business that happens to handle health-related data but is not a HIPA trustee is governed by PIPEDA, not by HIPA — a distinction that matters when organizations are determining which rules apply to a given data set or activity.

Privacy Horizon works with Saskatchewan organizations to build privacy and security programs that reflect this regulatory reality accurately. Our starting point is always the applicable law — PIPEDA for the private sector, HIPA for health-system trustees — rather than a generalized framework that assumes all Canadian privacy obligations look the same. We conduct privacy impact assessments and gap analyses grounded in the specific requirements your organization faces, build compliance programs scaled to your operations and risk profile, and provide on-call senior advisory when decisions require judgment rather than just a policy reference. For organizations that need to develop or refresh their staff and leadership training, we deliver programs grounded in the Saskatchewan regulatory context, covering what PIPEDA actually requires in practice and how the Office of the Privacy Commissioner approaches complaints and investigations.

Privacy & security regulation in Saskatchewan

Regulator: Saskatchewan Information and Privacy Commissioner

In Saskatchewan, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by trustees in the health system is separately governed by The Health Information Protection Act (HIPA), with oversight by the Saskatchewan Information and Privacy Commissioner.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

HIPA (Saskatchewan)The Health Information Protection Act (Saskatchewan)

Saskatchewan's health-sector privacy law, proclaimed in force on September 1, 2003. It sets the rules trustees must follow when collecting, using and disclosing personal health information and protects individuals' access and privacy rights. Oversight is by the Saskatchewan Information and Privacy Commissioner. General private-sector activity in Saskatchewan is governed by federal PIPEDA, not HIPA.

Read the legislation

What Privacy & Security includes

From assessments to compliance programs and ongoing advisory, we provide the full range of privacy and security support organizations need under Canadian law.

Assessments

Privacy impact assessments, threat & risk assessments, and gap analysis.

Compliance Programs

Guided programs to reach and maintain compliance.

Advisory

On-call senior privacy and security guidance.

Training

Practical training for staff and leadership.

Understanding the PIPEDA-HIPA boundary

One of the most common sources of confusion for Saskatchewan organizations — particularly those in or adjacent to the health sector — is understanding which law applies to which data. HIPA governs personal health information held by trustees in the health system; PIPEDA governs commercial activity everywhere else. A private clinic that is a HIPA trustee faces different obligations than a health technology company that is not — even if both organizations are handling sensitive health-related information. Privacy Horizon helps Saskatchewan organizations map that boundary clearly and build their compliance programs against the law that actually governs their activities.

Building PIPEDA accountability structures that hold

PIPEDA compliance is not a one-time exercise. Accountability requires ongoing attention to how personal information is collected, who has access to it, how long it is retained, and how individuals can exercise their rights. Privacy Horizon designs Saskatchewan organizations' compliance programs to create durable accountability: clear ownership, documented processes, vendor management frameworks, and training that keeps staff grounded in what the law requires as roles and operations change over time.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.