What We Do

As part of its legislated mandate, the OIPC:

  • Provides independent review and resolution of decisions made by public bodies, health custodians and organizations in response to access to information requests under Alberta's three access and privacy laws - Freedom of Information and Protection of Privacy Act (FOIP Act), Health Information Act (HIA) and Personal Information Protection Act (PIPA).
  • Investigates privacy complaints regarding the collection, use or disclosure of personal or health information by public bodies, health custodians and organizations.
  • Investigates any matter relating to the application of the Acts, whether or not a review is requested.
  • Conducts inquiries to decide issues of fact and law, and issues binding orders.
  • Reviews privacy breach reports to require notification under PIPA, or to recommend notification under the FOIP Act or HIA, when the breach results in a real risk of significant harm to individuals. If the Commissioner determines that notification is required under PIPA, the decision is posted on the Breach Notifcation Decisions page.
  • Provides comments and recommendations on legislative schemes or programs that have implications for access and privacy rights.
  • Provides education about Alberta's access and privacy laws, and access and privacy issues, in general.
  • Comments on the access and privacy implications of Privacy Impact Assessments submitted to the Commissioner.
  • Comments on the privacy and security implications of using or disclosing personal and health information for record linkages or for performing data matching.
  • Provides advice and recommendations of general application respecting the rights or obligations of stakeholders under the Acts.
  • Provides evidence for prosecution under the Acts, but cannot lay charges.
  • Reviews decisions of the Registrar of Motor Vehicle Services to grant or deny access to personal driving and motor vehicle information under the Access to Motor Vehicle Information Regulation.

What We Do Not Do


  • Does not act as an advocate on behalf of a person, group or party.
  • Cannot regulate the actions of individuals as private citizens.
  • Does not release records on behalf of public bodies, health custodians or organizations.
  • Does not store records for the Government of Alberta or any other entity.
  • Does not impose fines or award damages.
  • Does not have authority over the constituency offices of Members of the Legislative Assembly, but does regulate access and privacy actions of cabinet members and ministries.
  • Has no authority to discipline, terminate or reinstate employees as a result of an investigation or inquiry.
  • Is not an appeal body with respect to claims, benefits or decisions made by a public body or organization that does not fall under Alberta's access and privacy laws.
  • Does not have authority to draft legislation.