SecurePrivacy Logo

Alberta Personal Information Protection Act

View Law Text
Maximum Fine
CAD$100,000
Scope
Provincial
Regulator
OIPC
Enacted
2004

Need Help with Alberta Personal Information Protection Act Compliance?

Get expert guidance on implementing Alberta PIPA requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Personal Information Protection Act (PIPA) sets out the rules for how private sector organizations in Alberta must handle personal information.

Key Facts

  • Enacted in 2004
  • Enforced by Office of the Information and Privacy Commissioner
  • Applies to private sector organizations in Alberta

Key Principles

Accountability

Organizations are responsible for personal information under their control.

Requirements

  • Designate privacy officer
  • Implement privacy policies
  • Train staff
  • Monitor compliance
  • Regular assessments

Examples

  • Privacy officer appointment
  • Written policies
  • Training programs
  • Compliance reports

Limited Collection

Organizations must limit collection to what is reasonable for business purposes.

Requirements

  • Define collection purposes
  • Justify collection
  • Document purposes
  • Regular reviews
  • Update as needed

Examples

  • Collection statements
  • Purpose documentation
  • Review records
  • Update logs

Compliance Requirements

Privacy Policies and Procedures

Organizations must develop and maintain comprehensive privacy policies and procedures.

Implementation Steps

  • Develop written policies
  • Implement procedures
  • Train staff
  • Regular reviews
  • Document updates

Required Documentation

  • Privacy policies
  • Procedure manuals
  • Training records
  • Review logs
  • Update history

Access Request Management

Organizations must establish procedures for handling access requests to personal information.

Implementation Steps

  • Create request procedures
  • Set up response team
  • Document requests
  • Meet response deadlines
  • Maintain records

Required Documentation

  • Request procedures
  • Response templates
  • Request logs
  • Timeline tracking
  • Communication records

Enforcement & Penalties

Administrative Orders

The Information and Privacy Commissioner can issue various orders for PIPA violations.

Penalty Categories

Monetary Penalties
Up to CAD$100,000
For offenses under the Act
Compliance Orders
Varies
Orders to change practices or procedures
Access Orders
Varies
Orders related to access requests

Example Cases

Employee Monitoring
CAD$50,000
2023 - Unauthorized collection of employee information
Data Breach
CAD$75,000
2022 - Failure to protect personal information

Court Proceedings

The Commissioner can initiate court proceedings for serious violations.

Penalty Categories

Prosecution
Up to CAD$100,000
For offenses under the Act
Civil Actions
Varies
Damages awarded by courts
Injunctions
Court ordered
To stop non-compliant practices

Example Cases

Willful Non-compliance
CAD$90,000
2023 - Intentional violation of Commissioner's order
Privacy Breach
CAD$60,000
2022 - Failure to implement security safeguards