
CA
Alberta Personal Information Protection Act (AB PIPA)
Regulation Summary
- May 2003: PIPA received Royal Assent.
- January 1, 2004: PIPA became effective.
- Private sector organizations operating in Alberta.
- Non-profits engaging in commercial activities.
- Organizations managing personal information within Alberta, regardless of their location.
- Public Bodies: Governed by Alberta’s Freedom of Information and Protection of Privacy Act (Freedom of Information and Protection of Privacy Act (FOIP)).
- Personal Use: Personal data collected for personal or domestic purposes.
- Employee Information: Exemptions for employee data directly related to employment.
- Accountability: Designate a privacy officer to ensure compliance.
- Consent: Obtain informed consent before collecting, using, or disclosing personal data.
- Purpose Limitation: Use data only for specified purposes.
- Transparency: Provide clear privacy policies to individuals.
- Data Security: Protect personal information against unauthorized access or misuse.
- Cookie Use: Notify users about cookies and obtain consent where required.
- Privacy Policies: Display comprehensive privacy policies.
- Access Requests: Respond to access and correction requests within 30 days.
- Retention and Disposal: Retain personal data only as long as necessary and dispose of it securely.
- Cross-Border Transfers: Ensure adequate protection for data transferred outside Canada.
- Breach Notification: Notify affected individuals and Alberta’s Office of the Information and Privacy Commissioner (OIPC) in case of significant breaches.
- Access: Request access to personal information.
- Correction: Request correction of inaccuracies.
- Withdrawal of Consent: Revoke consent for future data use.
- Complaints: File complaints with the OIPC regarding data mishandling.
- Overseen by the Office of the Information and Privacy Commissioner (OIPC).
- Powers include investigations, audits, and enforcement orders.
- Penalties: Fines of up to CAD $10,000 for individuals (approximately $7,400) and CAD $100,000 for organizations (approximately $74,000) for non-compliance.