OIPC Logo

A to Z

If there is a resource that is no longer available, please contact the office.

Page: of 1
  • 8 Tips for Managing Emails

    This one-page tip sheet is based on the OIPC's Guidelines for Managing Emails. This guidance was issued to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Published in March 2019.

  • ABTraceTogether Privacy Impact Assessment Review Report

    The OIPC released a report on its review of the ABTraceTogether contact-tracing application privacy impact assessment (PIA), given the global attention focused on contact-tracing apps during the COVID-19 pandemic. The PIA was submitted by Alberta Health, and endorsed by Alberta Health Services. The OIPC accepted the PIA, with recommendations.

  • Access Impact Assessment Guidelines for Proactive Disclosure

    This document provides guidance on how to prepare an Access Impact Assessment for proactive disclosure of information. Published in September 2016.

  • Access to Information Laws in Alberta (Online Version)

    This brochure summarizes Alberta's access to information laws. The online version is for viewing on screens. Updated in March 2021.

  • Access to Information Laws in Alberta (Print Version)

    This brochure summarizes Alberta's access to information laws. Feel free to print for various meetings or events, or contact our office and we will provide you with printed copies. Updated in March 2021.

  • Addendum to the Submission to the Select Special Health Information Act Review Committee

    On August 24, 2004, the Commissioner provided an addendum to the submission that was sent on August 5, 2004.

  • Advance Rulings under the Personal Information Protection Act

    The OIPC developed these guidelines for an advance ruling under section 36(3) of PIPA. Updated in September 2017.

  • Advisory for Communicating with Patients Electronically

    This advisory outlines how electronic communications with patients can improve efficiency, what the risks of electronic communications are, what steps custodians can take to mitigate those risks, and the policy and privacy impact assessment requirements that must be considered when communicating with patients electronically. This advisory consolidates two previous documents that were published in August 2012. This advisory was published in June 2019.

  • Advisory for Phishing

    This advisory was developed to assist senior leaders and employees in all sectors who are regularly subject to phishing incidents, based on breach reports the OIPC receives. The advisory defines phishing, describes how phishing is executed, outlines what to watch for to prevent phishing incidents, gives examples of safeguards to help mitigate the risks of phishing, and provides an overview of what to do if and when a breach occurs. Published in May 2019.

  • Advisory for Ransomware

    This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.

  • Advisory for Web Buckets

    This advisory was published in response to an increase in reported breaches involving cloud storage containers, or "web buckets", that are unintentionally exposed publicly online, typically through misconfigured properties or settings. The advisory is for organizations in the public, health and private sectors, and outlines what web buckets are, how web buckets are exposed, and privacy and security considerations for protecting personal or health information stored in web buckets. Published in October 2020.

  • Advisory on Disclosing a Student's Participation in a School Club

    This advisory is meant to assist school boards, private schools and their employees in identifying their authority to disclose a student’s participation in a GSA or other voluntary student organization, if considering doing so. The advisory also discusses student privacy rights, especially for mature minors, and outlines how they can exercise their rights if they feel a school has improperly disclosed their personal information. Published in June 2019. Updated in September 2019 to reflect the coming into force of the Education Act, which replaced the School Act.

  • Alberta Netcare: Know Your Rights Guide

    This guide outlines the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

  • Alberta Netcare: Know Your Rights Postcard

    This postcard summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

  • Alberta Netcare: Know Your Rights Poster

    This poster summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

  • Amendments to Alberta's Personal Information Protection Act

    As a result of the Government of Alberta's decision to prorogue the legislative session in September 2014, the Commissioner wrote a letter concerned that PIPA may lapse due to a Supreme Court of Canada (SCC) decision that found PIPA unconstitutional in November 2013. The SCC provided the Alberta legislature 12 months to bring PIPA in line with the Canadian Charter of Rights and Freedoms.

  • Authorization to Disregard Requests

    The Commissioner has the power to authorize a public body, custodian or organization to disregard certain access requests or correction requests made to the public body, custodian or organization. The criteria for authorizing a public body, custodian or organization to disregard a request or requests are set out in section 55(1) of the Freedom of Information and Protection of Privacy Act (FOIP Act), section 87(1) of the Health Information Act (HIA), and section 37 of the Personal Information Protection Act (PIPA). Published in June 2017.

  • Becoming a Leader in Access and Privacy

    On September 25, 2013, the Commissioner made a speech at the Sunshine Summit asking the question, "Who's defending your right to know?"

  • Bill 28: Public Health Amendment Act, 2016

    On November 9, 2016, the Commissioner wrote to the Minister of Health seeking clarification on certain provisions of Bill 28 - the Public Health Amendment Act, 2016.

  • Bill C-51: The Anti-Terrorism Act, 2015

    On March 4, 2015, the Commissioner, in partnership with Ontario and British Columbia's Information and Privacy Commissioners, provided recommendations to the Standing Committee on Public Safety and National Security for Bill C-51, The Anti-Terrorism Act, 2015.

  • Calgary Police Service's Use of Body-Worn Cameras

    On October 2, 2014, the Commissioner wrote a letter to the Calgary Police Service's Chief of Police to raise a number of privacy and access to information issues about its plan to pilot the use of body-worn cameras by its officers.

  • Captured on Camera: Street Level Imaging Technology, the Internet and You

    Street-level imaging technology may offer benefits, but these should not come at the cost of privacy. This fact sheet provides awareness on the use of such technology. Published in August 2010.

  • Causes of Breaches and Breach Prevention Recommendations

    This document helps organizations, custodians and public bodies in understanding some causes of breaches and recommendations to prevent breaches. Published in 2012.

  • Cloud Computing for Small- and Medium-Sized Enterprises

    This guidance document, prepared jointly by the federal Office of the Privacy Commissioner and the Offices of the Information and Privacy Commissioner of Alberta and British Columbia is specifically intended to help small- and medium-sized enterprises understand what their privacy responsibilities are and to offer some suggestions to address privacy considerations in the cloud. Published in June 2012.

  • Collection of Driver's Licence Numbers Under Private Sector Privacy Legislation: A Guide for Retailers

    This guide is intended to help retailers navigate the privacy issues and risks related to driver’s licences and to encourage them to carefully consider whether they need any information from customer driver’s licences at all. Published in March 2007.

  • Commissioner Highlights Privacy Education Initiatives in Alberta

    Following up on a letter to the Council of Ministers of Education, Canada from all federal, provincial and territorial privacy protection authorities, the Commissioner wrote to Alberta's Minister of Education to highlight some ongoing initiatives in Alberta to enhance privacy education. The letter was sent to the Minister of Education on November 8, 2017 during Media Literacy Week.

  • Commissioner's Letter on Proposed Health Information Act Amendments in Bill 46

    After Bill 46, Health Statutes Amendment Act, 2020 (No. 2) was tabled in the legislature on November 5, 2020, the Commissioner committed to reviewing the proposed amendments and making comments public. This letter issued on November 13, 2020 outlines the Commissioner's views on key proposed amendments, including expanded access to Netcare, expanded use of health information made available via Netcare, and the removal of a PIA requirement for Alberta Health, Alberta Health Services and the Health Quality Council of Alberta for certain information sharing activities.

  • Commissioner's Provides List of Recommended Improvements for the FOIP Act and PIPA

    In the Annual Report 2019-20, the Commissioner committed to writing to the Minister of Service Alberta to ask that updates be considered for the FOIP Act and PIPA. The recommendations put forward were selected with a view to adapting the legislation to reflect accelerated digitization in all sectors in light of the COVID-19 pandemic and enhanced societal expectations relating to access to information and privacy rights. The letter was sent on November 30, 2020.

  • Commissioner's Response to Street Checks and Policing Public Consultation

    The Commissioner wrote a letter in response to the Government of Alberta's public consultation on the practice of police street checks. The consultation's purpose was to help in the development of provincial guidelines for the practice of police street checks. Published in October 2017.

  • Consultation on Canada's National Security Framework

    In December 2016, Canada's privacy commissioners and ombudspersons submitted a letter to the Government of Canada on its national security framework consultation.

  • Council of Ministers of Education, Canada Called on to Prioritize Privacy Education

    Federal, provincial and territorial privacy protection authorities called on Ministers of Education to clearly and concretely include privacy education as a component in digital literacy curricula across the country. The letter was sent to the Council of Ministers of Education, Canada on November 3, 2017.

  • Cyberbullying Bill

    On June 2, 2014, the Commissioner, in partnership with Ontario and British Columbia's Information and Privacy Commissioners, wrote to the Standing Committee on Justice and Human Rights expressing concern about Bill C-13, the cyberbullying and "lawful access" bill.

  • Cybersecurity from a Privacy Regulator's Perspective

    On October 27, 2016, Commissioner Jill Clayton delivered a keynote presentation at Cybera's 2016 Cyber Summit, which focused on the Internet of Things, privacy breaches, privacy education, and privacy law from a European context.

  • Data Privacy Day Op-Ed: Learning About Privacy Needs to Be Out in the Open

    On January 28, 2020, the Commissioner submitted an op-ed to several Alberta media outlets for Data Privacy Day to reflect on privacy rights over the past decade and how to move privacy discussions forward over the next 10 years. The op-ed focused in particular on student privacy issues in the digital economy and the OIPC's support of The eQuality Project.

  • Data Privacy Day Op-Ed: Privacy Breaches

    On January 28, 2016, the Commissioner submitted an op-ed to the Edmonton Journal and Calgary Herald for Data Privacy Day to emphasize the importance of valuing and protecting personal information by raising awareness about privacy breaches.

  • Decrease in Crime Shows We Have Less to Fear

    This letter to the editor was sent in response to an article in the Edmonton Journal about crime in Edmonton. The Commissioner noted that misleading readers with headlines about crime statistics increases fears, which then leads to more calls for surveillance, when, in fact, crime rates had decreased in the city.

  • Deputizing the Private Sector

    This paper, Deputizing the Private Sector: Requiring the Collection of Personal Information by Non-Government Entities for Law Enforcement or Other Purposes, looks into the collection of personal information by non-government entities (typically a private sector company) for disclosure to and use by government or law enforcement. The choice of who collects personal information has consequences for the privacy rights of individuals. Using examples of bylaws or legislation developed in Canada and elsewhere, the authors provide advice for assessing the collection decisions made by legislators and policymakers. Specifically, the authors identify aspects that matter to privacy (p. 19) and ideas for evaluation of personal information collection choices (p. 23). Published in May 2015.

  • Designing Freedom of Information Systems

    The OIPC commissioned research that examines the implications of different models that governments use to handle access to information requests. Specifically, it compares a decentralized system where the response mandate is held by individual government departments in contrast to a system where response is centralized in one government department. Published in June 2018.

  • Direct-to-Consumer Genetic Testing and Privacy

    Note: On December 21, 2018, the Quebec Court of Appeal found sections 1 to 7 of the federal Genetic Non-Discrimination Act to be unconstitutional on the basis that they are outside of the Parliament of Canada’s jurisdiction over criminal law. This document will be updated in due course. In the meantime, please note that the content is not currently up-to-date. Summary: As direct-to-consumer genetic tests become increasingly available, particularly over the Internet, it is important to understand their privacy risks. This document explains some of the key privacy risks associated with these tests, informs individuals of their rights and encourages them to ask themselves a series of questions before buying one online. (This document opens as an external link.) Updated in December 2017.

  • FOIP Act Review 2013: Becoming a Leader in Access and Privacy

    In response to the Government of Alberta's announced review and consultation process, the Commissioner submitted this report, which contains ideas, suggestions and recommendations for amending the FOIP Act such that Alberta’s access to information and protection of privacy legislation might become a leading example for other jurisdictions. Published in July 2013.

  • FOIP Act Review 2013: Making the FOIP Act Clear, User-Friendly and Practical

    In response to the Government of Alberta's announced review and consultation process, the Commissioner submitted this report, which contains recommendations for technical amendments to the FOIP Act. Published in July 2013.

  • GDPR Resources

    This webpage provides links to external resources about the European Union's General Data Protection Regulation (GDPR). The OIPC does not oversee the application of GDPR to Alberta organizations and cannot provide advice regarding compliance with GDPR. Alberta organizations may need to comply with GDPR if they have an establishment within the EU, or offer goods or services to individuals in the EU (regardless of payment) or monitor the behaviour of individuals in the EU.

  • General Population Survey 2017

    Albertans believe strongly that it is important to protect privacy and the right to access information in Alberta. The survey, conducted in October 2017, showed that 95% of respondents believe it is important to protect the privacy of personal information, but only 27% felt more secure about the privacy of their own personal information today than they did five years ago. More than 90% of respondents felt it is important to protect their right to access information, although only 39% were confident about their ability to exercise that right. Published in November 2017.

  • General Population Survey: Albertans' Awareness of and Views on Privacy Issues

    The OIPC commissioned a general population survey to assess Albertans' awareness of and views on privacy issues. Published in August 2000.

  • General Population Survey: Executive Summary

    This is an executive summary of the general population survey the OIPC had commissioned to assess Albertans' awareness of and views regarding privacy issues. Published in August 2000.

  • General Population Survey: Final Report

    The OIPC commissioned a public opinion survey to assess Albertans' awareness of access and privacy issues and laws. Published in April 2013.

  • Getting Accountability Right with a Privacy Management Program

    This guide outlines what is expected in a privacy management program in order to be accountable for the personal information in the custody or under the control of businesses and organizations. Published in April 2012.

  • Getting Accountability Right with a Privacy Management Program: At a Glance

    This document provides a snapshot of the full guide, "Getting Accountability Right with a Privacy Management Program". It briefly outlines what is expected in a privacy management program in order to be accountable for the personal information in the custody or under the control of businesses and organizations. Published in April 2012.

  • Google Glass

    On June 18, 2013, the Commissioner, in partnership with international privacy regulators, strongly urged Google to engage in dialogue with data protection authorities.

  • Government Information Sharing: Is Data Going Out of the Silos, Into the Mines?

    This paper analyzes various Canadian and international government sharing initiatives with a perspective on privacy. It provides a framework for analysis of these projects, identifies project risks and strategies to mitigate risks, and broadly examines actions taken to protect privacy in the context of multi-stakeholder citizen-centred information sharing projects. Published in January 2015.

  • Guidance for Electronic Health Record Systems (PDF)

    This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. Published in June 2016.

  • Guidance for Electronic Health Record Systems (Word)

    This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. This is an editable version of the guide. Published in June 2016.

  • Guidance for the Use of Body-Worn Cameras by Law Enforcement Authorities

    The guidance is meant to assist law enforcement agencies, other public bodies or private organizations develop policies and procedures governing the use of body-worn cameras. This document was developed in partnership with information and privacy authorities from across Canada. Published in February 2015.

  • Guide for Businesses and Organizations on the Personal Information Protection Act

    This guide was developed to help businesses and organizations understand roles and responsibilities under PIPA during the collection, use, disclosure and safeguarding of personal information of clients and employees. Published in November 2008.

  • Guidelines for Licensed Premises: Collecting, Using and Disclosing Personal Information of Patrons

    These guidelines were prepared to help licensees comply with PIPA and the Gaming and Liquor Act. The guidelines are an administrative tool intended to assist in understanding the legislation. Published in 2009.

  • Guidelines for Managing Emails

    The OIPC issued this high-level guidance document to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Although the guidance provided in this document is directed at managing emails, the general principles may assist in managing records in other formats. Published in March 2019.

  • Guidelines for Obtaining Meaningful Consent

    Building on previous publications examining the current state of consent, including challenges and potential solutions, this document sets out practical and actionable guidance regarding what organizations should do to ensure that they obtain meaningful consent. It was jointly issued by the OIPC, the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner for British Columbia. Published in May 2018.

  • Guidelines for Online Consent

    In partnership with the federal Office of the Privacy Commissioner and the Office of the Information and Privacy Commissioner of British Columbia, these guidelines were developed to address the issue of consent requirements under private sector privacy laws. Published in May 2014.

  • Guidelines for Overt Video Surveillance in the Private Sector

    To help organizations achieve compliance with private sector privacy legislation, the offices of the federal, B.C. and Alberta privacy commissioners developed these guidelines. In a question and answer format, this document sets out the principles for evaluating the use of video surveillance and for ensuring that its impact on privacy is minimized. Published in March 2008.

  • Guidelines for Social Media Background Checks

    When organizations search for information about an individual, the collection, use and disclosure of that personal information is subject to the privacy provisions of PIPA. This guide urges organizations to understand the legal implications of conducting a background check using social media. Published in December 2011.

  • Guidelines for Usage-Based Insurance

    This document provides practical guidance to the insurance industry regarding the collection, use, disclosure and retention of personal information related to usage-based insurance programs. See also Privacy Impact Assessment Guidelines for Insurers Looking to Implement Usage-Based Insurance Programs in Alberta. Published in March 2021.

  • Guidelines on Energy Disconnection Practices

    These guidelines are meant to assist organizations in fulfilling obligations under the Personal Information Protection Act when disconnecting energy services. Published in November 2011.

  • Guidelines on Facsimile Transmission

    The purpose of this was to set out guidelines to follow when developing systems and procedures to maintain the confidentiality and integrity of personal information received and transmitted by fax. Published in October 2002.

  • Health Information A Personal Matter: A Practical Guide to the Health Information Act

    This guide is intended to give custodians a basic understanding of HIA, including the areas custodians are most likely to encounter in the course of their practice or employment. It points out the major duties and powers created by the Act and the rules governing how those duties are to be fulfilled and how those powers are to be exercised. Published in August 2010.

  • Health Information Act Amendments

    On February 27, 2014, the Commissioner wrote to the Minister of Health recommending the inclusion of mandatory breach reporting and notification provisions in the Health Information Act.

  • Health Information Act: Interpretation of the Word "Person"

    This practice note is meant help interpret the word "person" as used within section 34(2)(c) of the Health Information Act. Published in May 2005.

  • Health Information Act: Use and Disclosure of Health Information for Research

    This guide explains the rules set out in HIA regarding the use and disclosure of health information for research purposes.

  • Inquiry Procedures

    This document outlines the procedures when a matter before the OIPC goes to inquiry. Published in May 2012, and updated in September 2020.

  • Inquiry: Preparing Records at Issue

    This document describes what respondents must do in preparing records at issue for an inquiry. Published in September 2020, and replaced "Adjudication Practice Note 1: Preparing Submissions, Records and Indexes for Inquiries".

  • Inquiry: Preparing Submissions

    This document outlines how to prepare submissions for an inquiry. There are also tips for providing evidence and arguments in a written submission. Published in September 2020, and replaced "Adjudication Practice Note 2: Evidence and Arguments for Inquiries".

  • Insecam Webcam Streaming

    On November 21, 2014, the Commissioner, in partnership with international privacy regulators, expressed concern to the operators of Insecam about its streaming of unsecured webcams.

  • International Privacy Competency Framework for School Students

    This framework is intended to help educators teach students about responsible and ethical use of new technologies in the digital age. It is of general application meant to be adapted for local educational purposes, laws and regulatory approaches. Published in October 2016.

  • Is a Bring Your Own Device (BYOD) Program the Right Choice for Your Organization? Privacy and Security Risks of a BYOD Program

    In partnership with the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner of British Columbia, these guidelines were published to address what organizations should consider when determining whether to implement BYOD. Published in August 2015.

  • Joint Resolution: Children's Online Privacy

    In a June 2008 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada agreed to work together to implement public education activities meant to increase awareness among children and young people of the privacy risks inherent to their online activities.

  • Joint Resolution: Effective Privacy and Access to Information Legislation in a Data Driven Society

    In an October 2019 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged their governments to modernize access to information and privacy laws.

  • Joint Resolution: Fundamental Privacy Protections and Cross-Border Transfer of Personal Information

    In an April 2012 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged the Government of Canada to ensure Canadian legal standards apply to the Canada-US "Perimeter Security and Economic Competitiveness Action Plan".

  • Joint Resolution: Modernizing Access and Privacy Laws for the 21st Century

    In an October 2013 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged their governments to modernize access to information and privacy laws.

  • Joint Resolution: Open Government

    In a September 2010 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada called on the federal and all provincial and territorial governments to declare the importance of open government.

  • Joint Resolution: Passenger Protect Program – Canada’s Aviation No-fly List

    In a June 2007 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada called on the Government of Canada and the Parliament of Canada to refer the "Passenger Protect Program" to a Parliamentary committee for comprehensive public scrutiny, debate and report to Parliament, as well as other actions.

  • Joint Resolution: Privacy Concerns About Enhanced Driver's Licences

    In a February 2008 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada expressed concerns and called on governments to initiate certain actions regarding enhanced driver's licences.

  • Joint Resolution: Protect and Promote Canadians’ Access and Privacy Rights in the Era of Digital Government

    In an October 2014 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged their respective governments to review and modernize their information management frameworks.

  • Joint Resolution: Protecting and Promoting Canadians’ Privacy and Access Rights in Information Sharing Initiatives

    In a January 2016 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada called on governments at all levels to respect and promote privacy and access to information rights and principles when embarking on information sharing initiatives.

  • Joint Resolution: Protecting Privacy for Canadians in the 21st Century

    In a September 2009 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged Parliament to ensure that the proposed legislation to create an expanded surveillance regime strikes the right balance between individual privacy and the legitimate needs of the authorities.

  • Joint Resolution: Safeguarding Independent Review of Solicitor-Client Privilege Claims

    In an October 2017 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged their governments to safeguard independent review of solicitor-client privilege claims.

  • Joint Resolution: Securing Trust and Privacy in Canada's Electoral Process

    In a September 2018 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged their governments to require political parties to comply with globally recognized privacy principles.

  • Joint Resolution: Statement of the Information and Privacy Commissioners of Canada on the Duty to Document

    In a January 2016 statement, Information and Privacy Ombudspersons and Commissioners from across Canada called on their respective governments to create a legislated duty requiring all public entities to document matters related to their deliberations, actions and decisions.

  • Joint Resolution: The Promise of Personal Health Records

    In a September 2009 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada called on Ministries of Health to keep Commissioners and the public informed of their progress toward developing and implementing personal health records.

  • Joint Resolutions and Memorandum of Understanding

    The following page includes joint resolutions agreed upon by federal, provincial and territorial Information and Privacy Commissioners and Ombudspersons across Canada. The information is linked to the Office of the Privacy Commissioner of Canada's website. The page also includes a Memorandum of Understanding on privacy in the private sector between the Privacy Commissioner of Canada, and Information and Privacy Commissioners of Alberta and British Columbia.

  • Key Steps in Responding to Privacy Breaches

    This document outlines the four key steps in responding to privacy breaches for use by organizations, custodians or public bodies. The purpose is to provide guidance on how to manage a privacy breach. Updated in August 2018.

  • Lesson Plan: Connect the Dots

    This activity sheet has kids complete the picture of a family with a checklist of rules they can use at home to practice good online privacy. Published in August 2019.

  • Lesson Plan: Getting Toothpaste Back in the Tube - A Lesson on Online Information

    A lesson plan for teachers and students where students watch a short video that compares getting rid of personal information online to getting toothpaste back in a tube. After a short discussion of visual analogies like this work, students discuss the meaning of the video - that information online is permanent - through a series of short scenarios. Finally, students create a simple animation that illustrates these principles. Published in January 2019.

  • Lesson Plan: Kids' Privacy Sweep

    Information for teachers and students in the form of a lesson plan to learn about personal information, privacy and privacy laws. Published in September 2015.

  • Lesson Plan: Know the Deal - The Value of Privacy

    A lesson plan for teachers and students to introduce students to the idea that privacy is a fundamental human rights and that their personal information is valuable. The lesson focuses on the "economics" of personal information and that most "free" apps and online services make some or all of their revenue by collecting, and in some cases reselling, users' personal information. Students will watch a video that illustrates the idea that they they may be paying with their privacy and then discuss some of the ramifications of this. They will learn about tools and techniques for minimizing the personal information they should share and create a public service announcement that helps them and their peers "know the deal" about the value of privacy. Published in January 2019.

  • Lesson Plan: Learning About Passwords / Colour the Tablet

    This activity sheet challenges kids to create their own strong, eight-character password by filling in the blanks. It also asks them to draw a lock on a tablet, representing how password protects an electronic device. Published in August 2019.

  • Lesson Plan: Privacy Rights of Children and Teens

    A lesson plan developed for teachers and students to introduce students to the privacy principles that inform private sector privacy laws in Canada relating to personal information collection online. They learn ways to find out what personal information may or has been collected by platforms that they use, how to limit data collection about themselves, and the various forms of recourse that are available to them if they feel an organization is not respecting their rights. Published in January 2019.

  • Lesson Plan: Privacy Snakes and Ladders

    This activity sheet is a twist on the classic children’s game that helps players learn how to make smart privacy choices by climbing up a ladder when they make a good decision or sliding down a snake because they have shared a password with a friend, for example. Published in August 2019.

  • Lesson Plan: Word Search

    This activity sheet introduces children to privacy vocabulary by having them comb through a puzzle to find words such as “post,” “click” and “footprint.” Published in August 2019.

  • Literature Review on Issues of Privacy and Surveillance Affecting Social Behaviour

    This independent research literature review was meant to highlight materials realted to privacy and surveillance as they affect social behaviour. Published in August 2003.

  • Managing Records When Transitioning from Work to Home

    The OIPC has received questions from organizations in all sectors about how to manage records or personal information when transitioning staff to work from home. To assist, the OIPC provided some points to consider. Published in April 2020.

  • Minor Sports Associations: Frequently Asked Questions

    The OIPC developed this document to respond to some of the most frequently asked questions received from minor sports associations. Updated in December 2015.

  • Motor Vehicle Dealership Test Drives: Collection, Use and Disclosure of Driver Licence Information

    These guidelines were prepared to provide practical guidance to motor vehicle dealership owners and employees regarding the collection, use, disclosure and retention of personal information related to test drives. Published in April 2015.

  • Municipal Government Act Review

    On June 11, 2014, the Commissioner submitted comments and recommendations regarding the Government of Alberta's Municipal Government Act review where it intersected with access and privacy laws.

  • National Identification Card

    On February 19, 2003, the Commissioner submitted concerns to the Standing Committee on Citizenship and Immigration about a proposed national identity card.

  • Netcare Expedited PIA Process

    This document outlines the process the OIPC adopted on August 1, 2014 for accepting Privacy Impact Assessments for Alberta Netcare, the province's electronic health record. This followed the release of a new guide issued by Alberta Health in January 2014. Published in August 2014, contact information within the document was updated in July 2016.

  • Notifying Affected Individuals

    This document is to help organizations understand their obligations when notifying individuals affected by a privacy breach. Updated in August 2018.

  • OIPC Process for Determining Whether to Require Notification

    Under PIPA, the Commissioner is required to establish an expedited process for determining whether to require an organization to notify individuals affected by a privacy breach when a real risk of significant harm to an individual is obvious and immediate. This document sets out that process. Updated in August 2018.

  • Our Right to Know What Governments Know About Us Op-Ed

    On September 28, 2016, the Commissioner submitted an op-ed to the Edmonton Journal and Calgary Herald for Right to Know Day, or the International Day for Universal Access to Information, to speak to importance of the right of access to personal information. "So, as we celebrate access to information this year, let’s remind ourselves that it’s not just about exposing secrets or advancing private interests. We are recognizing our right to know what governments know about us."

  • Pandemic FAQ: Customer Lists

    The OIPC has received several questions from organizations and individuals about keeping a customer list or contact log during the COVID-19 pandemic, particularly in retail locations and at restaurants. This advisory provides considerations to ensure that organizations comply with Alberta’s Personal Information Protection Act when making and keeping lists of customers and their contact information.

  • Photo Identification Guidance

    Verifying identity to prevent credit card fraud in the retail sector is a practice that has been endorsed not only by credit card companies and payment card processors, but also privacy commissioners. This fact sheet provides perspective on balancing privacy rights with the collection of personal information by organizations. Published in September 2007.

  • PIPA Amendment

    On September 22, 2014, the Commissioner wrote to the Ministers of Service Alberta and Justice and Solicitor General expressing concern about the time in which the government had to amend PIPA to ensure its validity following the Supreme Court of Canada's ruling that PIPA was unconstitutional.

  • PIPA and UFCW

    On December 20, 2013, the Commissioner wrote the Ministers of Service Alberta and Justice and Solicitor General regarding the Supreme Court of Canada's (SCC) ruling that PIPA was unconstitutional. The SCC provided 12 months for the Legislative Assembly of Alberta to bring PIPA in line with the Canadian Charter of Rights and Freedoms.

  • PIPA on a Page

    This fact sheet provides seven points for organizations to remember when handling personal information. Updated in January 2018.

  • Policy Statement on the Collection, Use and Disclosure of Genetic Test Results

    Note: On December 21, 2018, the Quebec Court of Appeal found sections 1 to 7 of the federal Genetic Non-Discrimination Act to be unconstitutional on the basis that they are outside of the Parliament of Canada’s jurisdiction over criminal law. This document will be updated in due course. In the meantime, please note that the content is not currently up-to-date. Summary: On May 4, 2017 Bill S-201, the federal Genetic Non-Discrimination Act, received Royal Assent. This is an important piece of legislation that both Houses of Parliament have agreed is necessary to protect Canadians from the adverse impacts of genetic discrimination. With the passage of the Genetic Non-Discrimination Act, Canadian law now prohibits any person from requiring an individual to undergo a genetic test as a condition of providing goods or services or entering into a contract. At the time of writing, the Federal Minister of Justice has announced her intention to refer the constitutionality of certain aspects of the Genetic Non-Discrimination Act to the Supreme Court of Canada. Until the Courts rule on this issue, the Genetic Non-Discrimination Act remains in effect. The Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioners for British Columbia, Alberta and Quebec will continue to ensure compliance with applicable privacy legislation and protect Canadians’ privacy rights in a manner consistent with the laws in effect. Issued in December 2017.

  • Principles for Getting Information Sharing Right

    This document outlines six principles to consider when planning for an information sharing initiative. The principles are transparency, legal authority, privacy impact assessments, access and correction, accountability and oversight. It also provides links to related documents. Published in June 2017.

  • Privacy and Landlord: Tenant Matters FAQs

    The OIPC developed a frequently asked questions document based on issues between landlords and tenants under the Personal Information Protection Act. Published in March 2007.

  • Privacy Breach Response and Reporting under HIA

    This PowerPoint presentation is to be used by health custodians or their regulatory colleges and associations to train staff or memberships on the breach reporting obligations under HIA and to provide general guidance on managing a privacy breach. Published in August 2018.

  • Privacy Impact Assessment Guidelines for Insurers Looking to Implement Usage-Based Insurance Programs in Alberta

    This document was prepared by the OIPC to provide privacy impact assessment (PIA) drafting guidance to insurers who may decide to prepare and submit a PIA to the OIPC ahead of offering usage-based insurance (UBI) in the province of Alberta. Published in January 2016.

  • Privacy Impact Assessment Requirements

    This guide is meant to assist public bodies, health custodians and organizations in drafting PIAs for projects that hat have privacy risks. Please note that all mention of legislation in this guide refers to the Health Information Act as there is a legislated duty to prepare privacy impact assessments (section 64 of HIA). Published in 2010.

  • Privacy in a Pandemic

    This guidance is meant to help public bodies, health custodians and private sector organizations know how personal or health information may be shared during a pandemic or emergency situation. Privacy laws are not a barrier to appropriate information sharing in these circumstances. Updated in March 2020.

  • Privacy Laws in Alberta (Online Version)

    This brochure summarizes Alberta's privacy laws. Updated in March 2021.

  • Privacy Laws in Alberta (Print Version)

    This brochure summarizes Alberta's privacy laws. Feel free to print for various meetings or events, or contact our office and we will provide you with printed copies. Updated in March 2021.

  • Privacy Proofing Your Retail Business: Tips for Protecting Customers' Personal Information

    The OIPC, jointly with the OIPC of B.C., the Retail Council of Canada and the Access and Privacy Branch of Service Alberta developed this document to address the specific threats and challenges to privacy compliance in the Canadian retail industry. Published in March 2007.

  • Privilege Practice Note

    This practice note was developed for the OIPC's reviews and inquiries in which a respondent (public body, organization or custodian) to an access request has claimed solicitor-client privilege or litigation privilege. Published in December 2016.

  • Producing Records to the Commissioner: Restoring Independent and Effective Oversight under the FOIP Act

    This Special Report was submitted to the Legislative Assembly. It requests that the FOIP Act be amended to give the Commissioner the power to require public bodies to produce records over which solicitor-client privilege and other similar privileges are claimed, when necessary. This amendment is proposed to ensure there is an accessible, affordable and timely way for Albertans to seek review of government and other public bodies’ responses to access requests. The requested amendment will also enhance Albertans’ participation in the democratic process to hold their government to account through an effective access to information regime.

  • Proposed Health Charter and Health Advocate Regulation

    On March 3, 2014, the Commissioner provided comments the proposed Health Charter and Health Advocate Regulation.

  • Public Sector Outsourcing and Risks to Privacy

    The report looked at public sector outsourcing in Alberta with a focus on the risks it presents and how these risks can be mitigated. Published in February 2006.

  • Report on the Use of "Paramount" Clauses in Acts and Regulations to Override the FOIP Act

    A paramountcy provision states that a provision in law this is paramount trumps the other law when there are two provisions that are in conflict or are inconsistent with each other. This report outlines how a paramountcy provision works, when it should be used, and provides examples of appropriate and inappropriate paramountcy provisions relative to the FOIP Act. Published in November 2011.

  • Report to the Minister of Municipal Affairs: Alberta Registries Privacy Audit

    At the request of the Deputy Minister of Municipal Affairs, the Office of the Information and Privacy Commissioner and the Office of the Auditor General conducted an audit of Alberta Registries. Published in April 1998.

  • Reporting a Breach to the Commissioner

    This document is designed to assist organizations and custodians in meeting legislated requirements when reporting a privacy breach to the Commissioner. Public bodies are encouraged to use this document when reporting a breach to the Commissioner. Published in August 2018.

  • Request for Time Extension Under Section 14

    This document is intended to help public bodies understand when to consider a time extension request under sections 14(1) and (2) of the Freedom of Information and Protection of Privacy Act (FOIP Act) and how to complete the Request for Time Extension Under Section 14 Form (RFTE) for submission to the OIPC. Published in September 2016.

  • Residential School Survivors Must Decide the Fate of Their Testimony

    On July 26, 2014, an op-ed written by the Commissioners of Alberta and British Columbia was published in The Globe and Mail regarding the complex legal and jurisdictional issues surrounding certain residential school records.

  • Response to the Final Report of the Select Special Health Information Act Review Committee

    In October 2004, the Commissioner provided a response to the final report by the Select Special Health Information Act Review Committee.

  • Review and Investigation Procedures

    The purpose of this document is to provide parties with a summary of the procedures under which reviews and investigations are conducted by the OIPC and the anticipated date for completion of the reviews and investigations.

  • Review of the Government of Alberta's Public Disclosure of Travel and Expenses Policy

    This report presents the findings and recommendations from a review of the Government of Alberta’s “Public Disclosure of Travel and Expenses Policy” which mandated proactive online disclosure of travel, meal and hospitality expenses claimed by ministers, associate ministers, ministerial political staff, senior officials, deputy ministers and executive managers. Published in June 2015.

  • Review of the Personal Information Protection Act

    This report was submitted to the Standing Committee on Alberta's Economic Future which was tasked with a review of the Personal Information Protection Act in 2015-16. The submission included 10 recommendations. Published in February 2016.

  • Review of the Personal Information Protection Act: Albertans Should Be Proud of PIPA

    On October 15, 2015, the Commissioner presented to the Standing Committee on Alberta's Economic Future which was tasked with a review of the Personal Information Protection Act.

  • Review of the Personal Information Protection Act: Global Considerations for PIPA Review

    On September 7, 2016, the Commissioner provided context on how PIPA was developed in consideration of European Union data protection laws and PIPA's "substantially similar" designation federally. The presentation was made to the Standing Committee on Alberta's Economic Future which was tasked with a review of the Act.

  • Securing Personal Information: A Self-Assessment Tool for Public Bodies and Organizations

    Public bodies and organizations are required under law to take reasonable steps to safeguard the personal information in their custody or control from such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. This tool is designed to help public bodies and organizations determine how well they are protecting personal information. Updated in October 2020.

  • Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps

    This guidance was developed jointly by the Office of the Privacy Commissioner of Canada and the Offices of the Information and Privacy Commissioner of Alberta and British Columbia to draw attention to key privacy considerations when designing and developing mobile apps. Published in October 2012.

  • Smart Cities Challenge

    On April 24, 2018, federal, provincial, and territorial privacy protection authorities wrote to the federal Minister of Infrastructure and Communities urging Infrastructure Canada to proactively take steps to ensure that privacy and security of personal information are specifically considered in the selection, design, and implementation of the winning proposals in Infrastructure Canada’s Smart Cities Challenge, which was launched under the Government of Canada’s Impact Canada Initiative.

  • Stakeholder Survey: Highlights Report

    The OIPC commissioned a survey to assess Albertans' awareness and understanding of privacy issues in general, and the Health Information Act in particular. Published in March 2003.

  • Stakeholder Survey: Report

    The OIPC commissioned a stakeholder survey to assess implementation of access and privacy programs, and access and privacy issues in general, of public bodies, health custodians and private sector organizations. Published in November 2012.

  • Submission to the Select Special Health Information Act Review Committee

    On August 5, 2004, the Commissioner submitted a review and recommendations regarding a review of the Health Information Act.

  • Teaching Students About Privacy Rights in the Information Economy

    On May 12, 2017, the Commissioner presented to the Alberta Education Curriculum Review Working Groups about embedding the teaching of privacy within Alberta's curriculum.

  • Ten Steps to Implement PIPA

    This advisory provides ten steps for implementing PIPA, Alberta's private sector privacy law, in organizations. Updated in January 2018.

  • Two Years of Mandatory Breach Reporting: A Snapshot

    Following two years of the mandatory breach reporting and notification provisions under the Personal Information Protection Act, the OIPC released a report on what it has experienced since the provisions were enacted. Published in 2012.

  • Use of Social Insurance Numbers by Private Sector Organizations

    This document was jointly developed by the Offices of the Information and Privacy Commissioner of Alberta and British Columbia to draw awareness to the privacy risks associated with the use of social insurance numbers by businesses and organizations. Published in April 2005.

Page: of 1
Loading... Please Wait