If there is a resource that is no longer available, please contact the office.
The OIPC released a report on its review of the ABTraceTogether contact-tracing application privacy impact assessment (PIA), given the global attention focused on contact-tracing apps during the COVID-19 pandemic. The PIA was submitted by Alberta Health, and endorsed by Alberta Health Services. The OIPC accepted the PIA, with recommendations.
This document provides guidance on how to prepare an Access Impact Assessment for proactive disclosure of information. Published in September 2016.
This brochure summarizes Alberta's access to information laws. The online version is for viewing on screens. Updated in March 2021.
This brochure summarizes Alberta's access to information laws. Feel free to print for various meetings or events, or contact our office and we will provide you with printed copies. Updated in March 2021.
The OIPC developed these guidelines for an advance ruling under section 36(3) of PIPA. Updated in September 2017.
This advisory outlines how electronic communications with patients can improve efficiency, what the risks of electronic communications are, what steps custodians can take to mitigate those risks, and the policy and privacy impact assessment requirements that must be considered when communicating with patients electronically. This advisory consolidates two previous documents that were published in August 2012. This advisory was published in June 2019.
This advisory was developed to assist senior leaders and employees in all sectors who are regularly subject to phishing incidents, based on breach reports the OIPC receives. The advisory defines phishing, describes how phishing is executed, outlines what to watch for to prevent phishing incidents, gives examples of safeguards to help mitigate the risks of phishing, and provides an overview of what to do if and when a breach occurs. Published in May 2019.
This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.
This advisory was published in response to an increase in reported breaches involving cloud storage containers, or "web buckets", that are unintentionally exposed publicly online, typically through misconfigured properties or settings. The advisory is for organizations in the public, health and private sectors, and outlines what web buckets are, how web buckets are exposed, and privacy and security considerations for protecting personal or health information stored in web buckets. Published in October 2020.
This advisory is meant to assist school boards, private schools and their employees in identifying their authority to disclose a student’s participation in a GSA or other voluntary student organization, if considering doing so. The advisory also discusses student privacy rights, especially for mature minors, and outlines how they can exercise their rights if they feel a school has improperly disclosed their personal information. Published in June 2019. Updated in September 2019 to reflect the coming into force of the Education Act, which replaced the School Act.
This guide outlines the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.
This postcard summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.
This poster summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.
The Commissioner has the power to authorize a public body, custodian or organization to disregard certain access requests or correction requests made to the public body, custodian or organization. The criteria for authorizing a public body, custodian or organization to disregard a request or requests are set out in section 55(1) of the Freedom of Information and Protection of Privacy Act (FOIP Act), section 87(1) of the Health Information Act (HIA), and section 37 of the Personal Information Protection Act (PIPA). Published in June 2017.
Copyright 2022 OIPC. All rights reserved.