The OIPC is undertaking a review of its resources. If there is a resource from the previous website that is no longer available, please contact the office.
This advisory outlines how electronic communications with patients can improve efficiency, what the risks of electronic communications are, what steps custodians can take to mitigate those risks, and the policy and privacy impact assessment requirements that must be considered when communicating with patients electronically. This advisory consolidates two previous documents that were published in August 2012. This advisory was published in June 2019.
This advisory was developed to assist senior leaders and employees in all sectors who are regularly subject to phishing incidents, based on breach reports the OIPC receives. The advisory defines phishing, describes how phishing is executed, outlines what to watch for to prevent phishing incidents, gives examples of safeguards to help mitigate the risks of phishing, and provides an overview of what to do if and when a breach occurs. Published in May 2019.
This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.
This advisory is meant to assist school boards, private schools and their employees in identifying their authority to disclose a student’s participation in a GSA or other voluntary student organization, if considering doing so. The advisory also discusses student privacy rights, especially for mature minors, and outlines how they can exercise their rights if they feel a school has improperly disclosed their personal information. Published in June 2019.
This document helps organizations, custodians and public bodies in understanding some causes of breaches and recommendations to prevent breaches. Published in 2012.
These guidelines are meant to assist organizations in fulfilling obligations under the Personal Information Protection Act when disconnecting energy services. Published in November 2011.
The purpose of this was to set out guidelines to follow when developing systems and procedures to maintain the confidentiality and integrity of personal information received and transmitted by fax. Published in October 2002.
This practice note is meant help interpret the word "person" as used within section 34(2)(c) of the Health Information Act. Published in May 2005.
These guidelines were prepared to provide practical guidance to motor vehicle dealership owners and employees regarding the collection, use, disclosure and retention of personal information related to test drives. Published in April 2015.
This document is to help organizations understand their obligations when notifying individuals affected by a privacy breach. Updated in August 2018.
This document outlines six principles to consider when planning for an information sharing initiative. The principles are transparency, legal authority, privacy impact assessments, access and correction, accountability and oversight. It also provides links to related documents. Published in June 2017.
The OIPC provided this information to assist in understanding the rules to follow when taking photographs of students in schools. Published in December 2010.
This advisory provides ten steps for implementing PIPA, Alberta's private sector privacy law, in organizations. Updated in January 2018.
Copyright 2019 OIPC. All rights reserved.