Support Centre



Law: Personal Information Protection Act, SA 2003 c P-6.5 ('PIPA'). Inter-provincial private organisations are regulated at the federal level by the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').

Regulator: Office of the Information and Privacy Commissioner of Alberta ('OIPC')

Summary: PIPA is the primary act protecting personal data in the private sector in Alberta. PIPA principally affords consumers the right to access personal data held by an organisation and imposes certain obligations on organisations in relation to the collection, use, and disclosure of information. The OIPC enforces PIPA and reports to the Officer of the Legislature. The OIPC's powers include making decisions on, among other things, requests for reviews of responses to access to information requests, complaints regarding the collection, use, and disclosure of information, as well as commenting on implications of Privacy Impact Assessments sent to the OIPC.


Alberta, like many provinces and territories in Canada, has put in place legislation to govern and regulate access to and the collection, use, and disclosure of health information. This insight article will provide an overview of the key obligations under the Health Information Act of 2000 ('HIA') and its associated Health Information Regulation 70/2001 ('the Regulations'), outline the scope of the legislation, discuss the data subject rights provided, and detail its enforcement provisions.