🍁 Proudly Canadian Owned and Operated | 🥭 Sign up now and receive our early bird discount
The Essential Privacy Guide for Alberta Businesses

The Essential Privacy Guide for Alberta Businesses

May 1, 2025

Which Privacy Laws Apply in Alberta?

If you're running a business in Alberta, there are a few key privacy laws you need to know about. Unlike some provinces, Alberta has its own privacy legislation for the private sector, and depending on your industry and the kind of data you collect, you might be juggling more than one set of rules.

In this post, we’ll discuss the major privacy laws Alberta businesses should be aware of.

Oh, and keep an eye out for our 🥭 Mango Moment callouts for quick tips and takeaways.

Alberta Personal Information Protection Act (PIPA)

This is Alberta’s main privacy law for private-sector organizations. If you’re running a business based in Alberta and you’re not federally regulated, this is your go-to law.

What it covers:

  • Collection, use, and disclosure of personal information from customers, employees, and clients
  • Consent requirements, access and correction rights, and secure storage expectations

Who it applies to:

  • Private businesses
  • Non-profits
  • Professional associations

🥭 Mango Moment: Alberta is one of only three provinces, along with BC and Quebec, to have its own private-sector privacy law. This means you follow Alberta’s PIPA instead of the federal PIPEDA, unless your business crosses provincial borders or falls under federal jurisdiction.

Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA is Canada’s federal privacy law. In Alberta, it only applies in specific situations.

When it applies in Alberta:

  • If your business operates across provinces or internationally
  • If you store personal data outside Canada, such as using a U.S.-based SaaS platform
  • If you’re federally regulated, like a bank, airline, or telecom

🥭 Mango Moment: Even if you're based in Alberta and follow Alberta PIPA, PIPEDA can still apply if you're working across borders or using third-party tools outside Canada. Don’t assume you're exempt.

Freedom of Information and Protection of Privacy Act (FOIP)

This is Alberta’s public-sector privacy law. If you're a public body, or work with one, you need to know FOIP.

Applies to:

  • Government departments
  • Municipalities
  • School boards and public schools
  • Universities and colleges
  • Public agencies, boards, and commissions

🥭 Mango Moment: If you’re a vendor or contractor working with a public body, FOIP obligations might apply to you through your contract, especially if you’re handling personal information on their behalf.

Health Information Act (HIA)

Alberta has a separate privacy law just for health information. If you work in or around healthcare, this one matters.

What it governs:

  • How personal health information is collected, used, and disclosed
  • Who can access patient records and under what conditions
  • Rules for Alberta’s shared electronic health systems, such as Netcare

Who it applies to:

  • Physicians, dentists, chiropractors, and pharmacists
  • Alberta Health Services (AHS)
  • Labs, clinics, hospitals, and some private providers

🥭 Mango Moment: If you’re handling health information in Alberta, even as a private clinic, you fall under HIA, not PIPA. It’s one of the strictest health privacy laws in Canada.

CASL (Canada’s Anti-Spam Legislation)

We can’t forget about CASL. This law applies to any business in Canada that markets through email, SMS, or social media, even if you're a solo operation.

Covers things like:

  • Promotional emails and newsletters
  • SMS campaigns
  • LinkedIn or Instagram DMs promoting your services
  • Referral offers and event invites

🥭 Mango Moment: It’s not just about whether you send spam. CASL is about consent, transparency, and making it easy for people to unsubscribe. And the fines? They can reach up to 10 million dollars for businesses. Definitely worth getting it right.

Other Laws That Might Affect You

Depending on your sector, these other Alberta or federal laws could also apply:

  • Privacy Act (Canada), for privacy violations involving federal institutions
  • Access to Information Act, if you need to access federal records
  • Mental Health Act (Alberta), for special handling of psychiatric information
  • Education Act (Alberta), rules around student data
  • Insurance Act (Alberta), privacy obligations in insurance
  • Financial Consumers Act, includes provisions tied to data rights in financial services
  • Credit Union Act, governs personal information in credit unions

What Can You Do as an Employer?

  • ✅ Download our Alberta Privacy Map with a breakdown of which laws apply to which sectors
  • ✅ Sign up for our free MangoHR training platform and enroll your team in Alberta-specific privacy modules tailored to industries like healthcare, finance, non-profits, and more
  • ✅ Subscribe to our newsletter so you don’t miss future blogs

Related Posts

Doing Business in BC? Don’t Ignore These Privacy Rules

Apr 29, 2025

Doing Business in BC? Don’t Ignore These Privacy Rules

Many businesses in BC think PIPEDA is all they need to follow—but if you're operating entirely within the province, BC's own privacy law likely applies. Here's what that means for your business, your employees, and how you train them.

Read More
Land a job in Vancouver's tech scene

Mar 6, 2025

Land a job in Vancouver's tech scene

Helpful tips on how to land your dream job in Vancouver, BC

Read More