Law: Personal Information Protection Act, SA 2003 c P-6.5 (PIPA). Inter-provincial private organisations are regulated at the federal level by the Personal Information Protection and Electronic Documents Act 2000 (PIPEDA).

Regulator: Office of the Information and Privacy Commissioner of Alberta (OIPC)

Summary: The Personal Information Protection Act, SA 2003, c P-6.5 (PIPA) came into force on January 1, 2024. PIPA is the primary act protecting personal data in the private sector in Alberta. PIPA governs the collection, use, and disclosure of personal information by organizations in a manner that recognizes both the right of an individual to have their personal information protected and the need of organizations to collect, use, or disclose personal information for purposes that are reasonable. PIPA provides consumers the right to access personal data held by an organization and imposes certain obligations on organizations in relation to the collection, use, and disclosure of information.

The Office of the Information and Privacy Commissioner of Alberta (OIPC) enforces PIPA and reports to the Officer of the Legislature. The OIPC's powers include making decisions on requests for reviews of responses to access to information requests, complaints regarding the collection, use, and disclosure of information, and commenting on implications of Privacy Impact Assessments sent to the OIPC.