All servicesS.01 · Privacy Compliance

Privacy Compliance

PHIPA, PIPEDA & FIPPA/MFIPPA privacy programs that protect data and survive an audit.

Why you might need it

Customer and patient trust depends on how you handle their information — and “we have a policy somewhere” won’t survive a breach, a complaint, or an audit. If you handle personal or health data in Ontario, PHIPA, PIPEDA, and FIPPA/MFIPPA already apply to you, whether or not you’ve built for them.

  • You’re launching a clinic, app, or service that handles personal data
  • You have no Privacy Officer appointed in writing
  • Your policies don’t match how your team actually works
  • You’ve had a breach or complaint — or an audit is coming

What it is

We build privacy programs that function in the real world — not binders that sit on a shelf. Advisory across FIPPA, MFIPPA, PHIPA, and PIPEDA, with the documents, governance, and workflows to back them up.

Included
  • Compliance advisory (FIPPA / MFIPPA / PHIPA / PIPEDA)
  • Privacy policy drafting & review
  • Breach response support & reporting guidance
  • Governance setup (Privacy Officer, roles)
  • Access-request workflows
  • FOI / access-to-information request drafting & filing
Not included
  • Acting as your ongoing Privacy Officer (separate retainer)
  • Complex cybersecurity or IT audits
  • Representation in privacy litigation or judicial review

Packages & pricing

Privacy Policy Draft$450
Compliance Audit (small business)$2,000
Breach Response Consulting$1,000
Privacy Starter Program$2,500 – $5,000
FOI Request Drafting & Filing$400
FOI Refusal / Redaction AssessmentQuoted after review

Timeline: Policy drafting 1–2 weeks · compliance assessment 2–4 weeks · Starter Program 2–4 weeks.

How it works

  1. 1Consult — understand your business and obligations
  2. 2Gap assessment — review policies, practices, and risks
  3. 3Recommendations & drafting — tailored documents
  4. 4Implementation — training, checklists, templates
  5. 5Ongoing support — updates as risks change