· Order in Council / Protection of Privacy Regulation · in-force
Protection of Privacy Regulation
Establishes the Protection of Privacy Regulation under the Protection of Privacy Act, defining key terms and setting rules for consent, disclosure for audits, and researcher agreements for public bodies.
Moderate impactPrivacy & surveillanceInstitutional independenceThe public, directlyHealth-care bodiesPost-secondary institutions
What changed
- Defines key terms for the Protection of Privacy Act, including 'enactment of Alberta,' 'imminent danger,' and 'reasonable security arrangements.'
- Establishes requirements for valid written, electronic, and oral consent for public bodies to use or disclose personal information.
- Outlines conditions under which personal information may be disclosed to public body employees or contractors for financial or systematic audits.
- Mandates information and conditions for agreements allowing researchers to access personal information under the Act.
- Specifies that a minor's consent is invalid unless the public body determines the minor has capacity to understand and appreciate consequences.
- Sets an expiry date of June 10, 2035, for the regulation, requiring review for ongoing relevancy and necessity.
Why it matters
- Provides the operational framework for the Protection of Privacy Act, standardizing public body management of personal information.
- Clarifies the process for individuals to provide and withdraw consent for public bodies' use and disclosure of their personal data.
- Establishes safeguards and accountability for sharing personal information for research and audit purposes.
- Introduces definitions for key privacy and security terms, guiding public bodies' data protection practices.
- Ensures public bodies assess a minor's capacity before accepting consent for personal information use or disclosure.
- The expiry clause mandates future review, allowing adaptation of privacy rules over time.
Rights affected
- Privacy — Control over personal information held by governments and institutions.
- Access to information — The ability to see public records and government decisions.
Other governance concerns
- Standardization of consent mechanisms for personal information
- Conditions for disclosure of personal information for audits
- Safeguards for personal information in research agreements
- Definition of security arrangements for data protection
- Capacity assessment for minors' consent
Primary sources (1)
- Primary sourceGovernment documentOrder in Council 193/2025 (Alberta King's Printer)
Secondary sources (3)
- Secondary sourceNews articleIAPP: Major privacy changes, new requirements for Alberta's public sector
- Secondary sourceNews articleRMRF: Alberta's Privacy Laws, Rewritten
- Secondary sourceNews articleGowling WLG: Alberta overhauls public-sector privacy and access to information law