Alberta's Personal Information Protection Act (PIPA) is the provincial privacy law that governs how Alberta-based private sector organisations collect, use, and disclose personal information. If your business operates primarily within Alberta and is not a federally regulated work, Alberta PIPA is your primary privacy obligation, not PIPEDA.
Alberta PIPA applies to private sector organisations operating in Alberta that are not federal works, undertakings, or businesses (banks, airlines, telecoms, interprovincial transport). If you are an Alberta retailer, professional services firm, manufacturer, or trades business operating only within the province, PIPA is your law.
If your business crosses provincial borders, shipping goods to BC customers, for example, or if you are federally regulated, PIPEDA applies to that portion of your activity.
Both laws share the same foundational principles: consent, purpose limitation, access rights, and security safeguards. The meaningful differences are:
Alberta PIPA requires organisations to notify affected individuals and the OIPC AB when a breach creates a real risk of significant harm. "Significant harm" includes bodily harm, humiliation, damage to reputation, financial loss, identity theft, and loss of employment or business opportunities.
You must also keep a record of every breach, even those that do not require notification, and make that log available to the Commissioner on request.
You must obtain meaningful consent before collecting, using, or disclosing personal information. Consent must be appropriate to the sensitivity of the information. Implied consent is acceptable for less sensitive information collected for obvious purposes; express consent is required for sensitive information.
Employee personal information has specific rules: you may collect what is reasonably required for the employment relationship without consent in some circumstances, but you must inform employees of the purposes.
Fines under Alberta PIPA can reach $100,000 for individuals and $500,000 for organisations for offences such as collecting information under false pretences, obstructing an investigation, or destroying requested records. These are criminal-style offences. The more common compliance outcome is a binding order from the Commissioner requiring changes to your practices.
Does Alberta PIPA apply to my non-profit? Yes. Alberta PIPA covers non-profit organisations that collect personal information in the course of commercial-like activities.
Do I need to register with the OIPC AB? No registration is required, but you must designate a privacy officer and respond to access requests within 45 days.
What if I operate in both Alberta and BC? Both BC PIPA and Alberta PIPA may apply, plus PIPEDA for interprovincial activity. In practice, one solid privacy programme covers all three if designed correctly.
How long must I keep breach records? Alberta PIPA does not specify a minimum, but two years is the standard recommended practice. Keeping records indefinitely for significant breaches is prudent.
Can North Star IT help with Alberta PIPA compliance? Yes. North Star helps Alberta SMBs with privacy policy drafting, breach response planning, technical security controls, and staff training to satisfy PIPA requirements.
Operating in Alberta and need a privacy compliance review? Call 672-983-1174 or book a free assessment at northstarit.ca. North Star serves businesses in Northern BC, Alberta, and Yukon.
Quick answers.
Does Alberta PIPA apply to my Alberta business?
If you operate only within Alberta and are not a federal work, Alberta PIPA applies. Cross-provincial or federal businesses fall under PIPEDA.
Is Alberta PIPA stricter than PIPEDA?
On most issues they are aligned. Alberta PIPA has specific provisions on employee personal information and the use of personal information in transactions.
What is the Alberta PIPA breach notification rule?
Notification is required when there is a real risk of significant harm. The bar is similar to PIPEDA and BC PIPA.
Are penalties higher under Alberta PIPA?
Penalties range up to 100,000 dollars for individuals and 500,000 dollars for organizations for certain offences.
Can you help with Alberta PIPA compliance?
Yes. North Star helps Alberta SMBs with privacy policy drafting, breach response planning, and technical controls to satisfy PIPA requirements.
Have a specific situation in mind?
Book a free 30-minute scoping call with a Northstar IT engineer. We will walk through your environment, your questions, and what good looks like for your team.
Get a Free Assessment More guides