Skip to main content
Privacy Horizon
Privacy & Security

Privacy & Security Services in Saskatoon

End-to-end privacy and security support for organizations in Saskatoon.

Saskatoon's economy spans a range of sectors — agriculture and agri-food processing, mining and natural resources, technology, professional services, and a significant healthcare presence anchored by the University of Saskatchewan and its affiliated health institutions. Each of those sectors touches personal information differently, and the privacy obligations that flow from commercial activity in Saskatchewan are governed by federal PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. The province does not have a general private-sector privacy law; PIPEDA applies directly to businesses engaged in commercial activity, setting out the fair information principles that govern collection, use, and disclosure. The Health Information Protection Act (HIPA) applies separately to trustees in Saskatchewan's health system, but does not extend to commercial activity outside that defined sector.

The practical challenge for Saskatoon organizations is not just knowing which law applies — it is translating those requirements into a program that works day-to-day. Privacy Horizon works with Saskatchewan businesses to do exactly that. We assess where your current practices stand against PIPEDA's principles, identify the gaps that create real exposure, and build compliance programs that your team can actually maintain. We are not here to hand over a policy binder and leave. We work alongside your organization to understand your data flows, your vendor relationships, and the operational constraints that shape what a realistic program looks like for you.

The services we bring to Saskatoon clients address the full privacy and security picture. Privacy Impact Assessments give you a structured view of risk before new initiatives go live. Gap analyses translate PIPEDA's requirements into a measurable gap between where you are and where you need to be. Guided compliance programs close that gap with documented policies, procedures, and accountable roles. Threat and risk assessments examine the security posture that sits beneath your privacy program. On-call senior advisory puts experienced practitioners at your team's disposal when specific questions or incidents arise. And custom training ensures that the people in your organization who handle personal information understand their responsibilities in plain, actionable terms.

Privacy & security regulation in Saskatoon

Regulator: Saskatchewan Information and Privacy Commissioner

Saskatoon businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in Saskatchewan is separately governed by The Health Information Protection Act (HIPA), with oversight by the Saskatchewan Information and Privacy Commissioner.

PIPEDAPersonal Information Protection and Electronic Documents Act

PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.

Read the legislation

HIPA (Saskatchewan)The Health Information Protection Act (Saskatchewan)

Saskatchewan's health-sector privacy law, proclaimed in force on September 1, 2003. It sets the rules trustees must follow when collecting, using and disclosing personal health information and protects individuals' access and privacy rights. Oversight is by the Saskatchewan Information and Privacy Commissioner. General private-sector activity in Saskatchewan is governed by federal PIPEDA, not HIPA.

Read the legislation

What Privacy & Security includes

From assessments to compliance programs and ongoing advisory, we provide the full range of privacy and security support organizations need under Canadian law.

Assessments

Privacy impact assessments, threat & risk assessments, and gap analysis.

Compliance Programs

Guided programs to reach and maintain compliance.

Advisory

On-call senior privacy and security guidance.

Training

Practical training for staff and leadership.

Privacy compliance for a diversified economy

Saskatoon businesses operate across sectors with very different data profiles — from agricultural cooperatives handling member records to technology companies managing user data to professional services firms holding client files. What they share is a common obligation under federal PIPEDA, which applies to all private-sector commercial activity in Saskatchewan. Privacy Horizon's approach starts from your specific data environment, not a generic checklist. We identify the obligations that apply to your business model, map your current practices against them, and design a compliance program that reflects how your organization actually operates — not how a hypothetical one might.

Security programs that protect what privacy programs require

PIPEDA's safeguards principle requires organizations to protect personal information with security measures appropriate to the sensitivity of the data. Meeting that requirement in practice means having a security program with real teeth — documented controls, access management, incident response, and vendor oversight. Privacy Horizon's threat and risk assessments identify where your current security controls fall short of what your data environment demands. We help organizations build security programs that are proportionate, documented, and defensible — not over-engineered, but genuinely sufficient for the risks you face.

What's Protecting Your Business from the Next Threat?

Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.