Skip to main content
AlbertaUpdated April 2026

Privacy Rights in Alberta

Alberta has its own private-sector privacy law (PIPA), a freedom-of-information law (FOIP), and a dedicated health privacy law (HIA). The OIPC Alberta oversees all three.

TL;DR

Alberta PIPA applies to private-sector organizations instead of PIPEDA. FOIP covers provincial and municipal public bodies. HIA covers health information. Complaints go to the OIPC Alberta, which has extensive order-making powers.

Three statutes that apply in Alberta

Alberta has divided its privacy law into three focused statutes:

  • PIPA (Personal Information Protection Act) for private-sector organizations.
  • FOIP (Freedom of Information and Protection of Privacy Act) for provincial and municipal public bodies.
  • HIA (Health Information Act) for custodians who handle personal health information, such as Alberta Health Services, physicians, and pharmacies.

Breach notification in Alberta

Alberta was the first Canadian jurisdiction to require mandatory breach notification (since 2010). Organizations must report to the OIPC any incident involving a real risk of significant harm.

The OIPC can require the organization to notify affected individuals and, if the organization fails to do so, compel notification.

Order-making powers

The OIPC Alberta has broad order-making powers under PIPA, FOIP, and HIA, including ordering organizations to stop a practice, disclose records, or destroy records.

Appeals from OIPC orders go to the Court of King's Bench.

Related topics

Ask AI