Clym Logo
CA flag

CA

Alberta Personal Information Protection Act (AB PIPA)

Regulation Summary

  • May 2003: PIPA received Royal Assent.
  • January 1, 2004: PIPA became effective.

  • Private sector organizations operating in Alberta.
  • Non-profits engaging in commercial activities.
  • Organizations managing personal information within Alberta, regardless of their location.

  • Public Bodies: Governed by Alberta’s Freedom of Information and Protection of Privacy Act (Freedom of Information and Protection of Privacy Act (FOIP)).
  • Personal Use: Personal data collected for personal or domestic purposes.
  • Employee Information: Exemptions for employee data directly related to employment.

  • Accountability: Designate a privacy officer to ensure compliance.
  • Consent: Obtain informed consent before collecting, using, or disclosing personal data.
  • Purpose Limitation: Use data only for specified purposes.
  • Transparency: Provide clear privacy policies to individuals.
  • Data Security: Protect personal information against unauthorized access or misuse.

  • Cookie Use: Notify users about cookies and obtain consent where required.
  • Privacy Policies: Display comprehensive privacy policies.
  • Access Requests: Respond to access and correction requests within 30 days.

  • Retention and Disposal: Retain personal data only as long as necessary and dispose of it securely.
  • Cross-Border Transfers: Ensure adequate protection for data transferred outside Canada.
  • Breach Notification: Notify affected individuals and Alberta’s Office of the Information and Privacy Commissioner (OIPC) in case of significant breaches.

  • Access: Request access to personal information.
  • Correction: Request correction of inaccuracies.
  • Withdrawal of Consent: Revoke consent for future data use.
  • Complaints: File complaints with the OIPC regarding data mishandling.

  • Overseen by the Office of the Information and Privacy Commissioner (OIPC).
  • Powers include investigations, audits, and enforcement orders.
  • Penalties: Fines of up to CAD $10,000 for individuals (approximately $7,400) and CAD $100,000 for organizations (approximately $74,000) for non-compliance.