• Contact Us
  • Site Map
  • Privacy Policy


The OIPC is undertaking a review of its resources. If there is a resource from the previous website that is no longer available, please contact the office.

  • Advisory for Ransomware

    This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.

  • Causes of Breaches and Breach Prevention Recommendations

    This document helps organizations, custodians and public bodies in understanding some causes of breaches and recommendations to prevent breaches. Published in 2012.

  • Guidelines on Energy Disconnection Practices

    These guidelines are meant to assist organizations in fulfilling obligations under the Personal Information Protection Act when disconnecting energy services. Published in November 2011.

  • Guidelines on Facsimile Transmission

    The purpose of this was to set out guidelines to follow when developing systems and procedures to maintain the confidentiality and integrity of personal information received and transmitted by fax. Published in October 2002.

  • Health Information: Communicating with Patients via Email

    This practice note recognizes how emailing patients can be used to improve efficiency but mentions the risks to consider when emailing patients and tips to help mitigate those risks. Published in August 2012.

  • Health Information Act: Interpretation of the Word "Person"

    This practice note is meant help interpret the word "person" as used within section 34(2)(c) of the Health Information Act. Published in May 2005.

  • Motor Vehicle Dealership Test Drives: Collection, Use and Disclosure of Driver Licence Information

    These guidelines were prepared to provide practical guidance to motor vehicle dealership owners and employees regarding the collection, use, disclosure and retention of personal information related to test drives. Published in April 2015.

  • Notifying Affected Individuals

    This document is to help organizations understand their obligations when notifying individuals affected by a privacy breach. Updated in August 2018.

  • Principles for Getting Information Sharing Right

    This document outlines six principles to consider when planning for an information sharing initiative. The principles are transparency, legal authority, privacy impact assessments, access and correction, accountability and oversight. It also provides links to related documents. Published in June 2017.

  • Taking Photographs of Students at Schools

    The OIPC provided this information to assist in understanding the rules to follow when taking photographs of students in schools. Published in December 2010.

  • Ten Steps to Implement PIPA

    This advisory provides ten steps for implementing PIPA, Alberta's private sector privacy law, in organizations. Updated in January 2018.