If there is a resource that is no longer available, please contact the office.

  • 8 Tips for Managing Emails

    This one-page tip sheet is based on the OIPC's Guidelines for Managing Emails. This guidance was issued to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Published in March 2019.

  • Advisory for Communicating with Patients Electronically

    This advisory outlines how electronic communications with patients can improve efficiency, what the risks of electronic communications are, what steps custodians can take to mitigate those risks, and the policy and privacy impact assessment requirements that must be considered when communicating with patients electronically. This advisory consolidates two previous documents that were published in August 2012. This advisory was published in June 2019.

  • Advisory for Phishing

    This advisory was developed to assist senior leaders and employees in all sectors who are regularly subject to phishing incidents, based on breach reports the OIPC receives. The advisory defines phishing, describes how phishing is executed, outlines what to watch for to prevent phishing incidents, gives examples of safeguards to help mitigate the risks of phishing, and provides an overview of what to do if and when a breach occurs. Published in May 2019.

  • Advisory for Ransomware

    This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.

  • Advisory for Web Buckets

    This advisory was published in response to an increase in reported breaches involving cloud storage containers, or "web buckets", that are unintentionally exposed publicly online, typically through misconfigured properties or settings. The advisory is for organizations in the public, health and private sectors, and outlines what web buckets are, how web buckets are exposed, and privacy and security considerations for protecting personal or health information stored in web buckets. Published in October 2020.

  • Advisory on Disclosing a Student's Participation in a School Club

    This advisory is meant to assist school boards, private schools and their employees in identifying their authority to disclose a student’s participation in a GSA or other voluntary student organization, if considering doing so. The advisory also discusses student privacy rights, especially for mature minors, and outlines how they can exercise their rights if they feel a school has improperly disclosed their personal information. Published in June 2019. Updated in September 2019 to reflect the coming into force of the Education Act, which replaced the School Act.

  • Causes of Breaches and Breach Prevention Recommendations

    This document helps organizations, custodians and public bodies in understanding some causes of breaches and recommendations to prevent breaches. Published in 2012.

  • Guidelines on Energy Disconnection Practices

    These guidelines are meant to assist organizations in fulfilling obligations under the Personal Information Protection Act when disconnecting energy services. Published in November 2011.

  • Guidelines on Facsimile Transmission

    The purpose of this was to set out guidelines to follow when developing systems and procedures to maintain the confidentiality and integrity of personal information received and transmitted by fax. Published in October 2002.

  • Helping Municipal Councillors Understand FOIP

    The OIPC published an overview of the FOIP Act for municipal councillors. The brief guidance for councillors provides the basics of the law for municipalities, describes differences between constituency and municipality records, summarizes how FOIP applies to in camera meetings, cautions the use of personal email accounts and texting for council business, and highlights the duty to protect personal information. Published in November 2021.

  • Health Information Act: Interpretation of the Word "Person"

    This practice note is meant help interpret the word "person" as used within section 34(2)(c) of the Health Information Act. Published in May 2005.

  • Managing Records When Transitioning from Work to Home

    The OIPC has received questions from organizations in all sectors about how to manage records or personal information when transitioning staff to work from home. To assist, the OIPC provided some points to consider. Published in April 2020.

  • Minor Sports Associations: Frequently Asked Questions

    The OIPC developed this document to respond to some of the most frequently asked questions received from minor sports associations. Updated in December 2015.

  • Motor Vehicle Dealership Test Drives: Collection, Use and Disclosure of Driver Licence Information

    These guidelines were prepared to provide practical guidance to motor vehicle dealership owners and employees regarding the collection, use, disclosure and retention of personal information related to test drives. Published in April 2015.

  • Notifying Affected Individuals

    This document is to help organizations understand their obligations when notifying individuals affected by a privacy breach. Updated in August 2018.

  • Pandemic FAQ: Customer Lists

    The OIPC has received several questions from organizations and individuals about keeping a customer list or contact log during the COVID-19 pandemic, particularly in retail locations and at restaurants. This advisory provides considerations to ensure that organizations comply with Alberta’s Personal Information Protection Act when making and keeping lists of customers and their contact information.

  • Pandemic FAQ: Proof of Vaccination

    As more individuals receive COVID-19 vaccinations, some organizations may be considering asking customers to provide proof of vaccination in order to receive discounts, access goods or services, or enter a store. This advisory provides guidance for organizations subject to PIPA that are considering asking for or requiring proof of vaccination from customers for these or similar purposes.

  • PIPA on a Page

    This fact sheet provides seven points for organizations to remember when handling personal information. Updated in January 2018.

  • Principles for Getting Information Sharing Right

    This document outlines six principles to consider when planning for an information sharing initiative. The principles are transparency, legal authority, privacy impact assessments, access and correction, accountability and oversight. It also provides links to related documents. Published in June 2017.

  • Privacy and Landlord: Tenant Matters FAQs

    The OIPC developed a frequently asked questions document based on issues between landlords and tenants under the Personal Information Protection Act. Published in March 2007.

  • Privacy in a Pandemic

    This guidance is meant to help public bodies, health custodians and private sector organizations know how personal or health information may be shared during a pandemic or emergency situation. Privacy laws are not a barrier to appropriate information sharing in these circumstances. Updated in March 2020.

  • Ten Steps to Implement PIPA

    This advisory provides ten steps for implementing PIPA, Alberta's private sector privacy law, in organizations. Updated in January 2018.