PrivacyAlberta, CanadaIn force January 1, 2004

PIPA (Alberta)

Personal Information Protection Act (Alberta)

Alberta's private-sector privacy law — substantially similar to PIPEDA

Run PIPA (Alberta) assessment ← All frameworks

Overview

Alberta's PIPA governs how private-sector organizations in Alberta collect, use, and disclose personal information. It is substantially similar to PIPEDA, meaning organizations operating solely in Alberta are governed by PIPA rather than the federal law. The OIPC enforces PIPA and can order remediation and award damages to affected individuals.

Authority

Office of the Information and Privacy Commissioner of Alberta (OIPC)

Jurisdiction

Alberta, Canada

Effective date

January 1, 2004

Applicability

Who must comply with PIPA (Alberta)?

Private-sector organizations operating in Alberta that collect, use, or disclose personal information in the course of commercial activities. Organizations operating across provinces also need to comply with PIPEDA for inter-provincial activities.

Compliance scope

Your organization collects personal information

You operate in the applicable jurisdiction

Commercial activities are involved

You use or disclose personal data

Not sure if PIPA (Alberta) applies? Run a free assessment →

Requirements

Key obligations under PIPA (Alberta)

Consent-Based Collection

Collect personal information only with knowledge and consent of the individual, except where permitted by PIPA.

Purpose Limitation

Use personal information only for the purposes for which it was collected, or those a reasonable person would consider appropriate.

Accuracy

Personal information used to make a decision must be as accurate, complete, and up-to-date as necessary.

Safeguards

Protect personal information with security measures appropriate to its sensitivity against unauthorized access, disclosure, or disposal.

Access & Correction

Respond to access requests within 45 days. Individuals can request correction of inaccurate personal information.

Complaint Process

Have an accessible complaint process and investigate complaints. The OIPC can review unresolved complaints.

Enforcement

Penalties & enforcement

Maximum penalty

$100,000 CAD per offence

Enforced by: OIPC Alberta

Notable case

ServiceMaster Clean was fined after failing to notify individuals of a breach affecting employee data

How Canuckt keeps you penalty-free:

Alberta PIPA gap assessment tailored to OIPC guidance and enforcement priorities

Generates PIPA-compliant privacy policies and consent forms for Alberta-based businesses

Cross-province compliance view showing where PIPA and PIPEDA obligations overlap and diverge

Tracks breach notification obligations — Alberta requires notification for both PIPA and PIPEDA breaches

Frameworks that often overlap with PIPA (Alberta)

Privacy

PIPEDA

Canada's federal private-sector privacy law

Privacy

PIPA (BC)

BC's private-sector privacy law — recognized as substantially similar to PIPEDA

Healthcare

HIA (Alberta)

Alberta's health privacy law for custodians and affiliates

Run a free PIPA (Alberta) gap assessment

Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with PIPA (Alberta) — in under 3 hours. Free forever.

Start free assessment

No credit card

Results in hours

Canadian data residency