Protecting Personal Information

Other Privacy Acts

It is common for organizations to work together to offer joint programs. Often each organization will maintain its own records related to its area of the program. However, sometimes organizations will need to share personal information about their clients in order to run the joint program. If your organization needs to share personal information with another organization, you will want to ensure that the other organization handles the information responsibly.

Most organizations in Alberta are subject to privacy legislation:

• most private‐sector organizations are subject to PIPA,
• public bodies (government departments, municipalities, schools, etc.) are subject to the Freedom of Information and Protection of Privacy Act (the FOIP Act), and
• health care providers are subject to the Health Information Act (HIA).

A non‐profit organization that works under contract to a public body is not subject to the FOIP Act. The public body remains responsible for complying with the FOIP Act, and will “pass along” its obligation for protecting personal information through the contract. The records held by the non‐profit organization under the contract are not subject to PIPA; they remain under the control of the public body. If a privacy complaint is made, the public body is accountable. Any questions on how to protect the personal information should be directed to the public body.

Similarly, a non‐profit organization would not be subject to the Health Information Act unless named in the HIA as a custodian, or if it has signed an agreement to become an information manager.