Personal Information Protection Act (PIPA), as it pertains to privacy of information

”Division 2 – Care of Personal Information

Protection of information

34 An organization must protect personal information that is in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction

34.1 (1) An organization having personal information under its control must, without unreasonable delay, provide notice to the Commissioner of any incident involving the loss of or unauthorized access to or disclosure of the personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure.

(private and public sector)

(2) A notice to the Commissioner under subsection (1) must include the information prescribed by the regulations.”

Related Links:

Personal Information Protection Act (PIPA) - Alberta Privacy Legislation as it pertains to the collection, use and disclosure of personal information

"Getting Accountability Right With a Privacy Management Program" - guidebook to assist with creating a company privacy managment program