On November 27, 2024, the Office of the Information and Privacy Commissioner of Alberta (OIPC) published its 2023-2024 annual report.

Amendments to PIPA

The report highlights that the OIPC, throughout 2023-2024, developed a comprehensive submission to the committee, with a number of key recommendations to update and strengthen the Personal Information Protection Act (PIPA). This is critical to the advancement of the province's interests in the information and digital economy.

Amongst other things, the OIPC's key recommendations are that PIPA should include:

• recognition of the protection of personal information as a fundamental human right;
• application to political parties and not-for-profit organizations;
• the right of Albertans to access their own personal information;
• the 'right to be forgotten;'
• the right to data portability and mobility;
• rules about automated decision-making, including that individuals be granted the right to contest automated decision-making;
• specific protection for children's personal information;
• specific requirements for privacy management programs and Privacy Impact Assessments (PIAs), and modifications regarding mandatory breach notification;
• requirements for compliance by service providers and downstream service providers;
• enhanced requirements for organizations to use security safeguards to protect personal information commensurate with its sensitivity;
• requirements for communication in plain language;
• requirements for de-identification and anonymization of personal information;
• provisions for the creation and use of a regulatory sandbox operated by the OIPC; and
• enhanced provisions for enforcement of PIPA.

Breach

The report highlights that in 2023-2024, 45 complaints were made to the OIPC and 380 cases were opened due to self-reported breaches.

You can read the press release here and the report here.