ARTICLE
24 April 2024

Alberta Revises Reporting Process For Privacy Breaches In The Private Sector

GW
Gowling WLG
Contributor
Gowling WLG logo
Gowling WLG is an international law firm built on the belief that the best way to serve clients is to be in tune with their world, aligned with their opportunity and ambitious for their success. Our 1,400+ legal professionals and support teams apply in-depth sector expertise to understand and support our clients’ businesses.
Explore
Lexpert Firm Profile
The Office of the Information and Privacy Commissioner of Alberta ("OIPC") has updated its procedure for processing privacy breach notifications under the Personal Information Protection Act (Alberta)...
Canada Privacy
Photo of Arielle Sie-Mah
Photo of Antoine Guilmain
Photo of Hunter Fox
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

The Office of the Information and Privacy Commissioner of Alberta ("OIPC") has updated its procedure for processing privacy breach notifications under the Personal Information Protection Act (Alberta) ("PIPA") and associated Personal Information Protection Act Regulation ("PIPA Regulation"). The new process took effect on April 1, 2024 and applies to all open files relating to a PIPA breach.

Key changes to the OIPC's breach notification process include the following:

  • The OIPC will follow an expedited process to prioritize processing of PIPA breach files involving a real risk of significant harm (RROSH), but where the organization has not notified affected individuals or when notice to affected individuals does not meet the requirements of the PIPA Regulation.
  • The OIPC will now issue breach notification decisions only for PIPA breaches involving a RROSH, if the organization has not notified affected individuals or when the notice does not meet the requirements of the PIPA Regulation.
  • Organizations who reported a PIPA breach to the OIPC and proactively notified individuals in accordance with the PIPA Regulation will receive a closing letter rather than a breach notification decision.
  • The OIPC will no longer publish all breach notification decisions involving a RROSH. Breach notification decisions, in whole or in part, may be published at the Commissioner's discretion. Previously, the OIPC issued all PIPA breaches involving a RROSH, which will remain available on the OIPC website.
  • The OIPC has released a new form for use in notifying the OIPC of PIPA breaches under. The form assists organizations to notify the OIPC in accordance with the requirements under the PIPA Regulation. Breaches under Health Information Act and Freedom of Information and Protection of Privacy Act are reported under a separate form.

The revised process follows the OIPC's report issued July 2022 and intends to facilitate timely resolution of PIPA breach files, to reduce backlogs in processing PIPA breach files and to enable the OIPC to prioritize breach files requiring additional attention.

Read the original article on GowlingWLG.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Arielle Sie-Mah
Arielle Sie-Mah
Photo of Antoine Guilmain
Antoine Guilmain
Photo of Hunter Fox
Hunter Fox
Your Author LinkedIn Connections
ARTICLE
24 April 2024

Alberta Revises Reporting Process For Privacy Breaches In The Private Sector

Canada Privacy
Contributor
Gowling WLG logo
Gowling WLG is an international law firm built on the belief that the best way to serve clients is to be in tune with their world, aligned with their opportunity and ambitious for their success. Our 1,400+ legal professionals and support teams apply in-depth sector expertise to understand and support our clients’ businesses.
Explore
Lexpert Firm Profile
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More