In 2010, Alberta became the first jurisdiction in Canada
to implement breach notification rules under the Personal
Information Protection Act (PIPA) and the Personal Informa-tion
Protection Act Regulation. PIPA applies to provincially-regulated
private sector organizations, including: corpora-tions,
unincorporated associations, professional regulatory
associations, trade unions, partnerships, private schools or
colleges and any individual acting in a commercial capacity.
On Nov. 1, 2018, similar breach notification rules under
the Personal Information and Protection and Electronic Documents
Act (PIPEDA) and the related Breaches of Security Safeguards
Regulation came into force. PIPEDA applies to organizations
in Alberta that are either federally regulated or that move per-sonal
information across provincial or international borders.
PIPA requires organizations to protect personal informa-tion
that is in its custody or under its control by making
reasonable security arrangements against such risks as unau-thorized
access, collection, use, disclosure, copying, modifica-tion,
disposal or destruction.
Organizations subject to PIPA are required to report to
the Office of the Information and Privacy Commissioner
of Alberta (OIPC), without reasonable delay, any incident
involving the loss of or unauthorized access to or disclosure
of personal information, where a reasonable person would
bacho12345/123RF
Breach Notification
Rules under PIPA
By Kelsey M. Yakimoski
L E G A L
ALBERTA HEAVY 1 2019 27
/profile_bacho12345
