Privacy Impact Assessments

A privacy impact assessment (PIA) helps to identify and address potential privacy risks that may occur in a project. A PIA is used for information systems, administrative practices and policy proposals that relate to the collection, use or disclosure of individually identifying personal or health information.

Requirements to Submit a PIA to the OIPC

Custodians are required to submit a PIA for review by the OIPC (section 64 of the Health Information Act).

Public bodies and private sector organizations are not required to submit a PIA for review by the OIPC. However, the OIPC encourages public bodies and organizations to voluntarily submit PIAs.

Please submit PIAs to our office by email to pia@oipc.ab.ca

Guide for Completing a PIA

The Privacy Impact Assessment Requirements Guide assists in completing a PIA.

PLEASE NOTE THAT CHANGES WERE MADE RECENTLY TO THE PIA PROCESS AT OUR OFFICE.

The changes are summarized below.

You can also read more on our Resources page:

• The recent changes are described here.
• Answers to frequently-asked questions about our PIA process are available here.

SUMMARY OF CHANGES

• PIAs will no longer be accepted, conditionally accepted, or not accepted.
• Instead, PIAs will be reviewed and a closing letter with comments and recommendations will be issued.
• The OIPC will be reviewing PIAs as submitted.
• If the PIA submission is incomplete or insufficient, the OIPC will close the file and notify the submitter of that. Generally, the OIPC will not be asking additional questions as this causes delays in the review process; however, the submitter will be asked to consider re-submitting the PIA, especially for custodians under HIA, who are required to submit PIAs to the OIPC.
• PIAs received by our office prior to October 1, but the review has not yet been completed, will be reviewed under the new process. You may receive clarifying questions if the PIA reviewer has any. Closing letters will be issued and will include comments and recommendations, if required.

PIA Registry

The following document lists all accepted PIAs since January 1, 2017:

• PIA Registry (Excel)

The following documents list certain accepted PIAs prior to 2017:

• Netcare - Physician (pre-2017)
• Netcare - Pharmacy (pre-2017)
• PIA Registry (pre-2017)
• POSP (pre-2015)