Law: The Personal Information Protection and Identity Theft Prevention Act, CCSM c P33.7 ('PIPITPA'). Please note that PIPITPA is not yet in force and has been awaiting promulgation since 2013. Private organisations are regulated at the federal level by the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').

Regulator: The Manitoba Ombudsman ('the Ombudsman')

Summary: Although Manitoba's Personal Health Information Act ('PHIA'), which became law in 1997, was the first provincial law directly concerning access and privacy rights of personal health information in Canada, Manitoba does not have a comprehensive private sector data protection law. PIPITPA, which has several similarities to legislation in Alberta and British Columbia, has been waiting to come into force since 2013 and it is unclear when, and if, it will become effective. Unlike other province or territories which utilise privacy commissioners, Manitoba operates an Ombudsman based regulatory system. The Ombudsman has conducted several investigations under the PHIA and released guidance on various privacy related topics.