In December, we informed you about pending amendments to
Alberta's Personal Information Protection Act (PIPA).
Effective May 1, 2010, the amendments are now in force.
The new and notable requirements applicable to organizations are
Notification respecting service providers outside of
Organizations that use service providers outside of Canada to
collect personal information about individuals or that transfer
personal information to service providers outside of Canada must
notify individuals of:
the ways in which they may obtain access to written information
about the organization's policies and practices with respect to
service providers outside of Canada; and
the person who is able to answer questions on behalf of the
organization about the collection, use, disclosure or storage of
personal information by service providers outside Canada.
Such notification must be provided before personal information is
collected by, or transferred to, the service provider.
Additionally, organizations that use service providers outside of
Canada, must develop and follow policies and practices that
the countries outside of Canada in which collection, use,
disclosure or storage of personal information is occurring or may
the purposes for which service providers have been authorized
to collect, use or disclose personal information for or on behalf
of the organization.
Expanded definitions of "employee" and "personal
The definition of "employee" now includes individuals
who perform a service for organizations as partners, directors or
officers. This amendment allows organizations to collect, use and
disclose personal information about their partners, directors and
officers under PIPA's special provisions for personal employee
PIPA's definition of "personal employee information"
has also been expanded to include personal information reasonably
required for the purposes of "managing a post-employment or
post-volunteer-work relationship." The expansion allows
employers to collect, use and disclose personal information about
former employees under PIPA's special provisions for personal
Retention and destruction of personal information
A new provision has been added to PIPA requiring organizations
to destroy records containing personal information (or to render
such information non-identifying) when such information is no
longer reasonably required for legal or business purposes.
Notice to Individuals of security breach
The Alberta Information and Privacy Commissioner has been given
the authority to require organizations that suffer a privacy breach
to notify individuals to whom there is a real risk of significant
harm. The Commissioner is able to exercise this power at any time
and an individual complaint need not be filed.
If notification is ordered, the notice must include a description
of the incident that led to the privacy breach, the time the
incident occurred, a description of the personal information
involved, information about any steps taken to reduce the risk of
harm and contact information for a person who can answer questions
about the breach.
New offence provisions
There are two new offence provisions. It is now an offence under
fail to notify the Commissioner of a privacy breach that poses
a real risk of significant harm to individuals; and
take any adverse employment action against individuals who
disclose a contravention of PIPA by their employer or fellow
employees, who take action in order to avoid having any person
contravene PIPA, or who refuse to do anything in contravention of
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Unfortunately, reasonable accommodation for employees in the workplace continues to be the source of significant litigation and even today we continue to see outrageous examples of employers behaving badly.
We are now beginning to see reported cases involving charges and subsequent fines laid against employers for failing to provide information, instruction and supervision to protect a worker from workplace violence.
On October 13, 2016, the Supreme Court of Canada denied leave to appeal an Ontario Court of Appeal decision which ordered an employer to pay a former employee 37 months of salary and benefits following termination.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).