A to Z

This one-page tip sheet is based on the OIPC's Guidelines for Managing Emails. This guidance was issued to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Published in March 2019.

The OIPC released a report on its review of the ABTraceTogether contact-tracing application privacy impact assessment (PIA), given the global attention focused on contact-tracing apps during the COVID-19 pandemic. The PIA was submitted by Alberta Health, and endorsed by Alberta Health Services. The OIPC accepted the PIA, with recommendations.

This document provides guidance on how to prepare an Access Impact Assessment for proactive disclosure of information. Published in September 2016.

This brochure provides an overview of the functions of our office in regards to access to information laws in Alberta. Feel free to print for various meetings or events, or contact our office and we will provide you with printed copies. Published in June 2015.

On August 24, 2004, the Commissioner provided an addendum to the submission that was sent on August 5, 2004.

The OIPC developed these guidelines for an advance ruling under section 36(3) of PIPA. Updated in September 2017.

This advisory outlines how electronic communications with patients can improve efficiency, what the risks of electronic communications are, what steps custodians can take to mitigate those risks, and the policy and privacy impact assessment requirements that must be considered when communicating with patients electronically. This advisory consolidates two previous documents that were published in August 2012. This advisory was published in June 2019.

This advisory was developed to assist senior leaders and employees in all sectors who are regularly subject to phishing incidents, based on breach reports the OIPC receives. The advisory defines phishing, describes how phishing is executed, outlines what to watch for to prevent phishing incidents, gives examples of safeguards to help mitigate the risks of phishing, and provides an overview of what to do if and when a breach occurs. Published in May 2019.

This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.

This advisory is meant to assist school boards, private schools and their employees in identifying their authority to disclose a student’s participation in a GSA or other voluntary student organization, if considering doing so. The advisory also discusses student privacy rights, especially for mature minors, and outlines how they can exercise their rights if they feel a school has improperly disclosed their personal information. Published in June 2019. Updated in September 2019 to reflect the coming into force of the Education Act, which replaced the School Act.

This guide outlines the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

This postcard summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

This poster summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

As a result of the Government of Alberta's decision to prorogue the legislative session in September 2014, the Commissioner wrote a letter concerned that PIPA may lapse due to a Supreme Court of Canada (SCC) decision that found PIPA unconstitutional in November 2013. The SCC provided the Alberta legislature 12 months to bring PIPA in line with the Canadian Charter of Rights and Freedoms.

The Commissioner has the power to authorize a public body, custodian or organization to disregard certain access requests or correction requests made to the public body, custodian or organization. The criteria for authorizing a public body, custodian or organization to disregard a request or requests are set out in section 55(1) of the Freedom of Information and Protection of Privacy Act (FOIP Act), section 87(1) of the Health Information Act (HIA), and section 37 of the Personal Information Protection Act (PIPA). Published in June 2017.