Privacy & Security Services in St. John's
End-to-end privacy and security support for organizations in St. John's.
Newfoundland and Labrador's private-sector businesses are governed by federal PIPEDA, with the Office of the Privacy Commissioner of Canada overseeing compliance. The province has not enacted a general private-sector privacy law, so PIPEDA's ten fair information principles apply directly to commercial activity — setting out how organizations must collect, use, disclose, and protect personal information. The province does have sector-specific health legislation: the Personal Health Information Act (PHIA) governs how custodians — hospitals, physicians, pharmacies, and other defined health-sector participants — handle personal health information, with oversight by the Office of the Information and Privacy Commissioner for Newfoundland and Labrador. PHIA is deemed substantially similar to PIPEDA for health custodians, but does not extend to general commercial activity.
St. John's economy is anchored by the offshore oil and gas sector, professional services, government, and a growing technology and innovation cluster. Each of these industries handles personal information, and each faces the compliance obligations that flow from PIPEDA's requirements. For energy sector organizations with complex contractor and vendor networks, those obligations include meaningful accountability for how personal information flows through the supply chain. For professional services firms, they include robust safeguards for client records. For technology companies, they shape how user data must be collected, used, and protected. Privacy Horizon works with Newfoundland and Labrador organizations to translate those obligations into programs built for their specific operational reality.
The services we bring to St. John's clients address both the privacy and security dimensions of compliance. Privacy Impact Assessments examine new systems or vendor arrangements before they create exposure. Gap analyses give organizations a clear picture of where current practices stand against PIPEDA's requirements and identify the highest-priority areas to address. Guided compliance programs translate that analysis into policies, procedures, and accountable roles that hold up to scrutiny. Threat and risk assessments examine the security controls that protect personal information. On-call advisory provides senior expertise when questions or incidents require it. Custom training delivers practical understanding to the people who handle personal information day-to-day.
Privacy & security regulation in St. John's
Regulator: Office of the Information and Privacy Commissioner for Newfoundland and Labrador
Businesses in St. John's are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in Newfoundland and Labrador is separately governed by the Personal Health Information Act (PHIA), with oversight by the Office of the Information and Privacy Commissioner for Newfoundland and Labrador.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIA (Newfoundland and Labrador)Personal Health Information Act (Newfoundland and Labrador)
Newfoundland and Labrador's health-sector privacy law, establishing rules for how custodians handle personal health information and protecting individuals' access and privacy rights. It is deemed substantially similar to PIPEDA for health information custodians. Oversight is by the Office of the Information and Privacy Commissioner for Newfoundland and Labrador. General commercial activity outside the health sector is governed by federal PIPEDA.
What Privacy & Security includes
From assessments to compliance programs and ongoing advisory, we provide the full range of privacy and security support organizations need under Canadian law.
Assessments
Privacy impact assessments, threat & risk assessments, and gap analysis.
Compliance Programs
Guided programs to reach and maintain compliance.
Advisory
On-call senior privacy and security guidance.
Training
Practical training for staff and leadership.
Privacy governance in the energy and resource sector
Newfoundland and Labrador's offshore oil and gas industry involves complex webs of operators, contractors, and service providers — all of whom may collect, share, or process personal information in the course of operations. PIPEDA's accountability principle means that organizations remain responsible for personal information they share with contractors and vendors, and that responsibility requires more than a standard confidentiality clause. Privacy Horizon helps energy sector organizations in St. John's map their data flows, assess accountability gaps, and put the governance structures in place to satisfy PIPEDA's requirements across their full operational network.
PHIA obligations for Newfoundland health custodians
Health information custodians operating in Newfoundland and Labrador — hospitals, physicians, pharmacies, and other PHIA-defined participants — face compliance obligations under provincial PHIA in addition to any applicable federal requirements. The Office of the Information and Privacy Commissioner for Newfoundland and Labrador oversees PHIA, and the Act establishes specific rules for consent, individual access, breach notification, and data retention for personal health information. Privacy Horizon works with health-sector organizations in the St. John's region to build programs that meet those obligations precisely, without treating PHIA and PIPEDA as interchangeable frameworks.
Other services in St. John's
Privacy & Security elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.