|OVERVIEW||The Personal Information and Protection Act (PIPA) has been declared substantially similar to PIPEDA, which is the federal legislation that governs the collection, use or disclosure of personal informaiton by private sector organizations.|
|GENERAL PRIVACY LAWS||
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||The Personal Information and Protection Act (PIPA) of Alberta was enacted January 1, 2004 and declared substantially similar to the PIPEDA on October 12, 2004. This legislation aims to protect personal information in the private sector.|
|TYPE OF DATA PROTECTED||Personal Information, which means information about an identifiable individual.|
|WORKPLACE PRIVACY LAWS||Section 58 of PIPA pertains to privacy protections for employees.|
|TRANSBORDER TRANSFERS||An organization that transfers personal data outside of Canada must, before or at the time of collecting or transferring the information, notify the individual in writing or orally of
(a) The way in which the individual may obtain access to written information about the organization’s policies and practices with respect to service providers outside Canada, and
(b) The name or position name or title of a person who is able to answer on behalf of the organization the individual’s questions about the collection, use, disclosure or storage of personal information by service providers outside Canada for or on behalf of the organization.
|FINES AND SANCTIONS||
PIPA provides for monetary penalties. An individual who violates PIPA is subject to a fine of up to CA $ 10,000. An entity that violates PIPA is subject to a fine of up to CA $ 100,000. PIPA specifically prohibits pursuing criminal charges against an individual who violates the act.
Individuals who are damaged by violations of the act have a cause of action to recover damages.
|OTHER PRIVACY LAWS AND REGULATIONS||
Amendments to the Personal Information Protection Act (PIPA) were proclaimed in force on May 1, 2010, and added a new requirement for organizations to notify the Information and Privacy Commissioner of incidents “involving the loss of or unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual.” PIPA was also amended to give the Commissioner the power to require organizations to notify individuals to whom there is a real risk of significant harm as a result of such an incident.