Privacy & Security Services in Winnipeg
End-to-end privacy and security support for organizations in Winnipeg.
Manitoba's private-sector businesses operate under Canada's federal privacy law, PIPEDA, with oversight from the Office of the Privacy Commissioner of Canada. That federal framework sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. For organizations in the healthcare sector — hospitals, physicians, pharmacies, and other trustees — The Personal Health Information Act (PHIA) adds a separate layer, with oversight by the Manitoba Ombudsman. PHIA has been in force since December 1997 and carries its own rules around consent, access rights, and breach notification that apply specifically to personal health information. The two frameworks serve different populations and different data types: knowing where each applies is a practical prerequisite to building a program that holds up.
Privacy Horizon works with Winnipeg organizations across sectors — financial services, professional services, technology, and healthcare-adjacent businesses — to assess where their programs stand and close the gaps that carry real risk. We start from your actual operations: the data your organization collects, how it moves internally and to third parties, and the compliance obligations that flow from your specific business model. That grounding shapes every recommendation we make. We do not arrive with a fixed scope and a pre-written deliverable. We work alongside your team to understand the pressure points and build solutions that fit how your organization actually functions.
The services we bring to Manitoba clients reflect the full range of what organizations genuinely need at different stages. Privacy Impact Assessments identify risk before new systems or programs go live. Threat and risk assessments examine the security side of the picture. Gap analyses measure where your current practices sit relative to PIPEDA's ten principles and give you a clear sequence for closing the distance. Guided compliance programs turn that analysis into documented policies and procedures your team can follow. On-call senior advisory provides experienced guidance when a specific question or incident requires it. Training ensures the people handling personal information every day understand what that responsibility means in practical terms.
Privacy & security regulation in Winnipeg
Regulator: Manitoba Ombudsman
Winnipeg businesses are governed by Canada's federal private-sector privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information in Manitoba is separately governed by The Personal Health Information Act (PHIA), with oversight by the Manitoba Ombudsman.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIA (Manitoba)The Personal Health Information Act (Manitoba)
Manitoba's health-sector privacy law, in force since December 11, 1997. It governs how trustees collect, use, disclose, retain and safeguard personal health information, gives individuals access and correction rights, and requires trustees to notify the Manitoba Ombudsman of privacy breaches in defined circumstances. Oversight is by the Manitoba Ombudsman. It does not govern general commercial activity, which falls under federal PIPEDA.
What Privacy & Security includes
From assessments to compliance programs and ongoing advisory, we provide the full range of privacy and security support organizations need under Canadian law.
Assessments
Privacy impact assessments, threat & risk assessments, and gap analysis.
Compliance Programs
Guided programs to reach and maintain compliance.
Advisory
On-call senior privacy and security guidance.
Training
Practical training for staff and leadership.
PIPEDA in practice: what Manitoba businesses need to know
Manitoba has no general private-sector privacy law of its own — commercial activity is governed by federal PIPEDA, enforced by the Office of the Privacy Commissioner of Canada. That means the ten fair information principles around accountability, consent, limiting collection, accuracy, and safeguards apply directly to your organization. PIPEDA also governs personal information flowing across provincial or national borders, which matters for any Manitoba business with suppliers, customers, or partners in other provinces. Privacy Horizon advisors help you map those obligations to your actual data practices, identify where your program falls short, and build the policies and procedures that demonstrate accountability when a regulator or enterprise client comes asking.
Health-sector obligations under Manitoba's PHIA
For Winnipeg organizations that qualify as PHIA trustees — hospitals, clinics, physicians, pharmacies, and health agencies — there is a second compliance layer that operates independently of PIPEDA. The Manitoba Ombudsman oversees PHIA, and the obligations it creates around collection, use, disclosure, and breach notification are specific to personal health information. Privacy Horizon has experience helping health-sector organizations build programs that satisfy both PHIA and any applicable federal requirements, without duplicating effort or leaving gaps between the two frameworks.
Other services in Winnipeg
Privacy & Security elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.