Alberta PIPA Online
Customer Privacy
The following table indexes Alberta's Personal
Information Protection Act (AB PIPA), provides quick reference
to definitions and provides links to compliance tips, best
practices and policy examples.
A copy of the Act follows the table below.
|
|
|
This is not an official version of the Act.
Definitions |
1 In this Act,
(a) "business
contact information" means an individual's
name, position name or title, business telephone number,
business address, business e-mail, business fax number
and other similar business information;
(b) "Commissioner" means
the Information and Privacy Commissioner appointed under
the Freedom of Information and Protection of Privacy
Act;
(c) "credit reporting organization"
means a reporting agency as defined in Part 5 of the
Fair Trading Act;
(d) "domestic" means related
to home or family;
(e) "employee"
means an individual employed by an organization and
includes an individual who performs a service for or
in relation to or in connection with an organization
(i) as an apprentice, volunteer, participant or student,
or
(ii) under a contract or an agency relationship with
the organization;
(f) "investigation" means
an investigation related to
(i) a breach of agreement,
(ii) a contravention of an enactment of Alberta or
Canada or of another province of Canada, or
(iii) circumstances or conduct that may result in
a remedy or relief being available at law, if the
breach, contravention, circumstances or conduct in
question has or may have occurred or is likely to
occur and it is reasonable to conduct an investigation;
(g) "legal proceeding" means
a civil, criminal or administrative proceeding that
is related to
(i) a breach of an agreement,
(ii) a contravention of an enactment of Alberta or
Canada or of another province of Canada, or
(iii) a remedy available at law;
(h) "Minister" means the
Minister determined under section 16 of the Government
Organization Act as the Minister responsible for this
Act;
(i) "organization"
includes
(i) a corporation,
(ii) an unincorporated association,
(iii) a trade union as defined in the Labour Relations
Code,
(iv) a partnership as defined in the Partnership Act,
and
(v) an individual acting in a commercial capacity,
but does not include an individual acting in a personal
or domestic capacity;
(j) "personal
employee information" means, in respect
of an individual who is an employee or a potential employee,
personal information reasonably required by an organization
that is collected, used or disclosed solely for the
purposes of establishing, managing
or terminating
(i) an employment relationship, or
(ii) a volunteer work relationship
between the organization and the individual but does
not include personal information about the individual
that is unrelated to that relationship;
(k) "personal information"
means information about an identifiable individual;
(l) "public body" means a
public body as defined in the Freedom of Information
and Protection of Privacy Act;
(m) "record"
means a record of information in any form or in any
medium, whether in written, printed, photographic or
electronic form or any other form, but does not include
a computer program or other mechanism that can produce
a record;
(n) "volunteer
work relationship" means a relationship
between an organization and an individual under which
a service is provided for or in relation to or is undertaken
in connection with the organization by an individual
who is acting as a volunteer or is otherwise unpaid
with respect to that service and includes any similar
relationship involving an organization and an individual
where, in respect of that relationship, the individual
is a participant or a student.
|
Standard as to what is reasonable
2 Where in this Act anything or any matter
(a) is described, characterized or referred to as
reasonable or unreasonable, or
(b) is required or directed to be carried out or otherwise
dealt with reasonably or in a reasonable manner,the
standard to be applied under this Act in determining
whether the thing or matter is reasonable or unreasonable,
or has been carried out or otherwise dealt with reasonably
or in a reasonable manner, is what a reasonable person
would consider appropriate in the circumstances.
|
|
Part 1: Purpose and Application |
Purpose
3 The purpose of this Act is to govern the collection,
use and disclosure of personal information by organizations
in a manner that recognizes both the right of an individual
to have his or her personal information protected and
the need of organizations to collect, use or disclose
personal information for purposes that are reasonable.
|
Application
4(1) Except as provided in this Act and subject to
the regulations, this Act applies to every organization
and in respect of all personal information.
(2) Subject to the regulations, this Act does not apply
to a public body or any personal information that is
in the custody of or under the control of a public body.
(3) This Act does not apply to the following:
(a) the collection, use or disclosure of personal
information if the collection, use or disclosure,
as the case may be, is for personal or domestic purposes
of the individual and for no other purpose;
(b) the collection, use or disclosure of personal
information if the collection, use or disclosure,
as the case may be, is for artistic or literary purposes
and for no other purpose;
(c) the collection, use or disclosure of personal
information, other than personal employee information
that is collected, used or disclosed pursuant to section
15, 18 or 21, if the collection, use or disclosure,
as the case may be, is for journalistic purposes and
for no other purpose;
(d) the collection, use or disclosure of business
contact information if the collection, use or disclosure,
as the case may be, is for the purposes of contacting
an individual in that individual's capacity as an
employee or an official of an organization and for
no other purpose;
(e) personal information that is in the custody of
an organization if the Freedom of Information
and Protection of Privacy Act applies to that
information;
(f) health information as defined in the Health Information
Act to which that Act applies;
(g) the collection, use or disclosure of personal
information by an officer of the Legislature if the
collection, use or disclosure, as the case may be,
relates to the exercise of that officer's functions
under an enactment;
(h) personal information about an individual if the
individual has been dead for at least 20 years;
(i) personal information about an individual that
is contained in a record that has been in existence
for at least 100 years;
(j) personal information contained in any record transferred
to an archival institution where access to the record
was archival institution and the donor of the record
before the coming into force of this Act;
(k) personal information contained in a court file,
a record of a judge of the Court of Appeal of Alberta,
the Court of Queen's Bench of Alberta or The Provincial
Court of Alberta, a record of a master in chambers
of the Court of Queen's Bench of Alberta, a record
of a sitting justice of the peace or a presiding justice
of the peace under the Justice of the Peace Act, a
judicial administration record or a record relating
to support services provided to the judges of any
of the courts referred to in this clause;
(l) personal information contained in a record of
any type that has been created by or for
(i) a Member of the Legislative Assembly, or
(ii) an elected or appointed member of a public
body;
(m) the collection, use or disclosure of personal
information by, or for, a registered constituency
association or a registered party as defined in the
Election Finances and Contributions Disclosure
Act or in respect of an office or a position
in a registered constituency association or a registered
party;
(n) the collection, use or disclosure of personal
information by, or for, an individual who is a bona
fide candidate for public office or for an office
or a position in a registered constituency association
or a registered party as defined in the Election
Finances and Contributions Disclosure Act where
the information is being collected, used or disclosed,
as the case may be, for the purposes of campaigning
for that office or position and for no other purpose;
(o) personal information contained in a personal note,
communication or draft decision created by or for
a person who is acting in a judicial, quasi-judicial
or adjudicative capacity.
(4) If an organization has under its control personal
information about an individual that was acquired prior
to January 1, 2004, that information, for the purposes
of this Act,
(a) is deemed to have been collected pursuant to consent
given by that individual,
(b) may be used and disclosed by the organization
for the purposes for which the information was collected,
and
(c) after the coming into force of this Act, is to
be treated in the same manner as information collected
under this Act.
(5) This Act is not to be applied so as to
(a) affect any legal privilege,
(b) limit the information available by law to a party
to a legal proceeding, or
(c) limit or affect the collection, use or disclosure
of information that is the subject of trust conditions
or undertakings to which a lawyer is subject.
(6) If a provision of this Act is inconsistent or in
conflict with a provision of another enactment, the
provision of this Act prevails unless
(a) the other enactment is the Freedom of Information
and Protection of Privacy Act, or
(b) another Act or a regulation under this Act expressly
provides that the other Act or a regulation, or a
provision of it, prevails notwithstanding this Act.
(7) This Act applies notwithstanding any agreement to
the contrary, and any waiver or release given of the
rights, benefits or protections provided under this
Act is against public policy and void.
|
|
Part 2: Protection of Personal
Information
|
Division 1 : Compliance
and Policies
|
Compliance with Act
5(1) An organization is responsible for personal information
that is in its custody or under its control.
(2) For the purposes of this Act, where an organization
engages the services of a person, whether as an agent,
by contract or otherwise, the organization is, with
respect to those services, responsible for that person's
compliance with this Act.
(3) An organization must designate one or more individuals
to be responsible for ensuring that the organization
complies with this Act.
(4) An individual designated under subsection (3) may
delegate to one or more individuals the duties conferred
by that designation.
(5) In meeting its responsibilities under this Act,
an organization must act in a reasonable manner.
(6) Nothing in subsection (2) is to be construed so
as to relieve any person from that person's responsibilities
or obligations under this Act.
|
Policies and practices
6 An organization must
(a) develop and follow policies and practices that
are reasonable for the organization to meet its obligations
under this Act, and
(b) make information about the policies and practices
referred to in clause (a) available on request.
|
Division 2: Consent
|
Consent required
7(1) Except where this Act provides otherwise, an organization
shall not, with respect to personal information about
an individual,
(a) collect that information unless the individual
consents to the collection of that information,
(b) collect that information from a source other than
the individual unless the individual consents to the
collection of that information from the other source,
(c) use that information unless the individual consents
to the use of that information, or
(d) disclose that information unless the individual
consents to the disclosure of that information.
(2) An organization shall not, as a condition of supplying
a product or service, require an individual to consent
to the collection, use or disclosure of personal information
about an individual beyond what is necessary to provide
the product or service.
(3) An individual may give a consent subject to any
reasonable terms, conditions or qualifications established,
set, approved by or otherwise acceptable to the individual.
|
Form of consent
8(1) An individual may give his or her consent in writing
or orally to the collection, use or disclosure of personal
information about the individual.
(2) An individual is deemed to consent to the collection,
use or disclosure of personal information about the
individual by an organization for a particular purpose
if
(a) the individual, without actually giving a consent
referred to in subsection (1), voluntarily provides
the information to the organization for that purpose,
and
(b) it is reasonable that a person would voluntarily
provide that information.
(3) Notwithstanding section 7(1), an organization may
collect, use or disclose personal information about
an individual for particular purposes if
(a) the organization
(i) provides the individual with a notice, in a
form that the individual can reasonably be expected
to understand, that the organization intends to
collect, use or disclose personal information about
the individual for those purposes, and
(ii) with respect to that notice, gives the individual
a reasonable opportunity to decline or object to
having his or her personal information collected,
used or disclosed for those purposes,
(b) the individual does not, within a reasonable time,
give to the organization a response to that notice
declining or objecting to the proposed collection,
use or disclosure, and
(c) having regard to the level of the sensitivity,
if any, of the information in the circumstances, it
is reasonable to collect, use or disclose the information
as permitted under clauses (a) and (b).
(4) Subsections (2) and (3) are not to be construed
so as to authorize an organization to collect, use or
disclose personal information for any purpose other
than the particular purposes for which the information
was collected.
(5) Consent in writing may be given or otherwise transmitted
by electronic means to an organization if the organization
receiving that transmittal produces or is able at any
time to produce a printed copy or image or a reproduction
of the consent in paper form.
|
Withdrawal or variation of consent
9(1) Subject to subsection (5), on giving reasonable
notice to an organization, an individual may at any
time withdraw or vary consent to the collection, use
or disclosure by the organization of personal information
about the individual.
(2) On receipt of notice referred to in subsection (1),
an organization must, subject to subsection (3), inform
the individual of the likely consequences to the individual
of withdrawing or varying the consent.
(3) An organization is not required to inform an individual
under subsection (2) if the likely consequences of withdrawing
or varying the consent would be reasonably obvious to
the individual.
(4) Except where the collection, use or disclosure of
personal information without consent of the individual
is permitted under this Act, if an individual withdraws
or varies a consent to the collection, use or disclosure
of personal information about the individual by an organization,
the organization must,
(a) in the case of the withdrawal of a consent, stop
collecting, using or disclosing the information, and
(b) in the case of a variation of a consent, abide
by the consent as varied.
(5) If withdrawing or varying a consent would frustrate
the performance of a legal obligation, any withdrawal
or variation of the consent does not, unless otherwise
agreed to by the parties who are subject to the legal
obligation, operate to the extent that the withdrawal
or variation would frustrate the performance of the
legal obligation owed between those parties.
(6) A withdrawal or variation of a consent by an individual
may be given to an organization in the same manner as
a consent may be given.
(7) An individual may, subject to this section, withdraw
or vary a consent subject to any reasonable terms, conditions
or qualifications established, set, approved by or otherwise
acceptable to the individual.
(8) Nothing in this section is to be construed so as
to empower
(a) an individual, as part of the withdrawal or variation
of a consent, to impose an obligation or a liability
on an organization unless the organization agrees
otherwise, or
(b) an organization, as part of the withdrawal or
variation of a consent, to impose an obligation or
liability on an individual
unless the individual agrees otherwise.
|
Consent obtained by deception,
etc.
10 If an organization obtains or attempts to obtain
consent to the collection, use or disclosure of personal
information by
(a) providing false or misleading information respecting
the collection, use or disclosure of the information,
or
(b) using deceptive or misleading practices,
any consent provided or obtained under those circumstances
is negated. |
Division 3: Collection of
Personal Information
|
Limitations on collection
11(1) An organization may collect personal information
only for purposes that are reasonable.
(2) Where an organization collects personal information,
it may do so only to the extent that is reasonable for
meeting the purposes for which the information is collected.
|
Limitation on sources for collection
12 An organization may without the consent of the individual
collect personal information about an individual from
a source other than that individual if the information
that is to be collected is information that may be collected
without the consent of the individual under section
14, 15 or 22.
|
Notification required for collection
13(1) Before or at the time of collecting personal information
about an individual from the individual, an organization
must notify that individual in writing or orally
(a) as to the purposes for which the information is
collected,
and
(b) of the name of a person who is able to answer
on behalf of the organization the individual's questions
about the collection.
(2) Before or at the time personal information about
an individual is collected from another organization
with the consent of the individual, the organization
collecting the information must notify the organization
that is disclosing the information that the individual
has consented to the collection of the information.
(3) Before or at the time personal information about
an individual is collected from another organization
without the consent of the individual, the organization
collecting the personal information must provide the
organization that is disclosing the personal information
with sufficient information regarding the purpose for
which the personal information is being collected in
order to allow the organization that is disclosing the
personal information to make a determination as to whether
that disclosure of the personal information would be
in accordance with this Act.
(4) Subsection (1) does not apply to the collection
of personal information that is carried out pursuant
to section 8(2).
|
Collection without consent
14 An organization may collect personal information
about an individual without the consent of that individual
but only if one or more of the following are applicable:
(a) a reasonable person would consider that the
collection of the information is clearly in the
interests of the individual and consent of the individual
cannot be obtained in a timely way or the individual
would not reasonably be expected to withhold consent;
(b) the collection of the information is pursuant
to a statute or regulation of Alberta or Canada
that authorizes or requires the collection;
5
For the purposes of sections 14(b), 17(b) and
20(b) of the Act, "regulation" means
(a)
an Alberta regulation;
(b) a Canada regulation;
(c) a bylaw of a local government body;
(d) a legislative instrument of a professional
regulatory organization.
19 Without restricting
the generality of sections 14(b), 17(b) or 20(b)
of the Act, an organization may collect, use and
disclose personal information about an individual
without the consent of the individual in the following
circumstances:
(a) the collection, use or disclosure is necessary
to comply with a collective agreement referred
to in section 128 of the Labour Relations Code;
(b) the collection,
use or disclosure is necessary to comply with
an audit or inspection of or by the organization
where the audit or inspection is authorized
or required by a statute of Alberta or Canada,
an Alberta regulation or a Canada regulation;
(c) the collection of personal information is
authorized or required by a statute of Alberta
or an Alberta regulation and the method of collection
is by way of a form approved or otherwise provided
for under that statute or regulation
(c) the collection of the information is from a
public body and that public body is authorized or
required by an enactment of Alberta or Canada to
disclose the information to the organization;
(d) the collection of the information is reasonable
for the purposes of an investigation or a legal
proceeding;
(e) the information is publicly available;
Regulations
- Publicly available personal information
7
For the purposes of sections 14(e), 17(e) and
20(j) of the Act, personal information does not
come within the meaning of "the information is
publicly available" except in the following circumstances:
(a)
the personal information is contained in a telephone
directory but only if
(i)
the information consists of the name, address
and telephone number of a subscriber to the directory,
(ii) the directory is available to the public,
and
(iii) the subscriber can refuse to have the personal
information appear in the directory;
(b) the personal
information, including, but not limited to, the
name, title, address, telephone number and e-mail
address of an individual, is contained in a professional
or business directory, listing or notice but only
if
(i) the directory, listing or notice is available
to the public, and
(ii) the collection, use or disclosure of the
personal information relates directly to the purpose
for which the information appears in the directory,
listing or notice;
(c)
the personal information is contained in a registry
that is
(i)
a Government registry, or
(ii) a non-governmental registry,
but only if the collection, use or disclosure
of the information relates directly to the purpose
for which the information appears in the registry
and that purpose is an established purpose of
the registry;
(d)
the personal information is contained in a record
of a quasi-judicial body but only if
(i)
the record is available to the public, and
(ii) the collection, use or disclosure of the
information relates directly to the purpose for
which the information appears in the record;
(e)
the personal information is contained in a publication,
including, but not limited to, a magazine, book
or newspaper, whether in printed or electronic
form, but only if
(i)
the publication is available to the public, and
(ii) it is reasonable to assume that the individual
that the information is about provided that information;
(f) personal information
that is under the control of an organization and
that has been collected from outside of Alberta,
that if collected from within Alberta would have
been collected under the authority of clause (a),
(b), (c), (d) or (e), or any 2 or more of those
clauses.
(f) the collection of the information is necessary
to determine the individual's suitability to receive
an honour, award or similar benefit, including an
honorary degree, scholarship or bursary;
(g) the information is collected by a credit reporting
organization to create a credit report where the
individual consented to the disclosure to the credit
reporting organization by the organization that
originally collected the information;
(h) the information may be disclosed to the organization
without the consent of the individual under section
20;
(i) the collection of the information is necessary
in order to collect a debt owed to the organization
or for the organization to repay to the individual
money owed by the organization;
(j) the organization collecting the information
is an archival institution and the collection of
the information is reasonable for archival purposes
or research;
(k) the collection of the information meets the
requirements respecting archival purposes or research
set out in the regulations and it is not reasonable
to obtain the consent of the individual whom the
information is about.
|
Collection of personal employee
information
15(1) Notwithstanding anything in this Act other than
subsection (2), an organization may collect personal
employee information about an individual without the
consent of the individual if
(a) the individual is an employee of the organization,
or
(b) the collection of the information is for the purpose
of recruiting a potential employee.
(2) An organization shall not collect personal information
about an individual under subsection (1) without the
consent of the
individual unless
(a) the collection is reasonable for the purposes
for which the information is being collected,
(b) the information consists only of information that
is related to the employment or volunteer work relationship
of the individual, and
(c) in the case of an individual who is an employee
of the organization, the organization has, before
collecting the information, provided the individual
with reasonable notification that the information
is going to be collected and of the purposes for which
the information is going to be collected.
(3) An organization may disclose personal employee information
about an individual without the consent of the individual
where that information is being disclosed to an organization
that is collecting that information under subsection
(1).
(4) Nothing in this section is to be construed so as
to restrict or otherwise affect an organization's ability
to collect personal information under section 14.
|
Division 4: Use of Personal
Information
|
Limitations on use
16(1) An organization may use personal information only
for purposes that are reasonable.
(2) Where an organization uses personal information,
it may do so only to the extent that is reasonable for
meeting the purposes for which the information is used.
|
Use without consent
17 An organization may use personal information about
an individual without the consent of the individual
but only if one or more of the following are applicable:
(a) a reasonable person would consider that the use
of the information is clearly in the interests of
the individual and consent of the individual cannot
be obtained in a timely way or the individual would
not reasonably be expected to withhold consent;
(b) the use of the information is pursuant to a statute
or regulation of Alberta or Canada that authorizes
or requires the use;
5
For the purposes of sections 14(b), 17(b) and 20(b)
of the Act, "regulation" means
(a)
an Alberta regulation;
(b) a Canada regulation;
(c) a bylaw of a local government body;
(d) a legislative instrument of a professional
regulatory organization.
19 Without restricting
the generality of sections 14(b), 17(b) or 20(b)
of the Act, an organization may collect, use and
disclose personal information about an individual
without the consent of the individual in the following
circumstances:
(a) the collection, use or disclosure is necessary
to comply with a collective agreement referred
to in section 128 of the Labour Relations Code;
(b) the collection,
use or disclosure is necessary to comply with
an audit or inspection of or by the organization
where the audit or inspection is authorized or
required by a statute of Alberta or Canada, an
Alberta regulation or a Canada regulation;
(c) the collection of personal information is
authorized or required by a statute of Alberta
or an Alberta regulation and the method of collection
is by way of a form approved or otherwise provided
for under that statute or regulation
(c) the information was collected by the organization
from a public body and that public body is authorized
or required by an enactment of Alberta or Canada to
disclose the information to the organization;
(d) the use of the information is reasonable for the
purposes of an investigation or a legal proceeding;
(e) the information is publicly available;
7
For the purposes of sections 14(e), 17(e) and 20(j)
of the Act, personal information does not come within
the meaning of "the information is publicly available" except in the following circumstances:
(a)
the personal information is contained in a telephone
directory but only if
(i)
the information consists of the name, address and
telephone number of a subscriber to the directory,
(ii) the directory is available to the public, and
(iii) the subscriber can refuse to have the personal
information appear in the directory;
(b) the personal information,
including, but not limited to, the name, title,
address, telephone number and e-mail address of
an individual, is contained in a professional or
business directory, listing or notice but only if
(i) the directory, listing or notice is available
to the public, and
(ii) the collection, use or disclosure of the personal
information relates directly to the purpose for
which the information appears in the directory,
listing or notice;
(c)
the personal information is contained in a registry
that is
(i)
a Government registry, or
(ii) a non-governmental registry,
but only if the collection, use or disclosure of
the information relates directly to the purpose
for which the information appears in the registry
and that purpose is an established purpose of the
registry;
(d)
the personal information is contained in a record
of a quasi-judicial body but only if
(i)
the record is available to the public, and
(ii) the collection, use or disclosure of the information
relates directly to the purpose for which the information
appears in the record;
(e)
the personal information is contained in a publication,
including, but not limited to, a magazine, book
or newspaper, whether in printed or electronic form,
but only if
(i)
the publication is available to the public, and
(ii) it is reasonable to assume that the individual
that the information is about provided that information;
(f) personal information
that is under the control of an organization and
that has been collected from outside of Alberta,
that if collected from within Alberta would have
been collected under the authority of clause (a),
(b), (c), (d) or (e), or any 2 or more of those
clauses.
(f) the use of the information is necessary to determine
the individual's suitability to receive an honour,
award or similar benefit, including an honorary degree,
scholarship or bursary;
(g) a credit reporting organization was permitted
to collect the information under section 14(g) and
the information is not used by the credit reporting
organization for any purpose other than to create
a credit report;
(h) the information may be disclosed by an organization
without the consent of the individual under section
20;
(i) the use of the information is necessary to respond
to an emergency that threatens the life, health or
security of an individual or the public;
(j) the use of the information is necessary in order
to collect a debt owed to the organization or for
the organization to repay to the individual money
owed by the organization;
(k) the organization using the information is an archival
institution and the use of the information is reasonable
for archival purposes or research;
(l) the use of the information meets the requirements
respecting archival purposes or research set out in
the regulations and it is not reasonable to obtain
the consent of the individual whom the information
is about.
|
Use of personal employee information
18(1) Notwithstanding anything in this Act other than
subsection (2), an organization may use personal employee
information about an individual without the consent
of the individual if
(a) the individual is an employee of the organization,
or
(b) the use of the information is for the purpose
of recruiting a potential employee.
(2) An organization shall not use personal information
about an individual under subsection (1) without the
consent of the
individual unless
(a) the use is reasonable for the purposes for which
the information is being used,
(b) the information consists only of information that
is related to the employment or volunteer work relationship
of the individual, and
(c) in the case of an individual who is an employee
of the organization, the organization has, before
using the information, provided the individual with
reasonable notification that the information is going
to be used and of the purposes for which the information
is going to be used.
(3) Nothing in this section is to be construed so as
to restrict or otherwise affect an organization's ability
to use personal information under section 17.
|
Division 5: Disclosure
of Personal Information
Limitations on disclosure
19(1) An organization may disclose personal information
only for purposes that are reasonable.
(2) Where an organization discloses personal information,
it may do so only to the extent that is reasonable for
meeting the purposes for which the information is disclosed.
Disclosure without consent
20 An organization may disclose personal information
about an individual without the consent of the individual
but only if one or more of the following are applicable:
(a) a reasonable person would consider that the disclosure
of the information is clearly in the interests of
the individual and consent of the individual cannot
be obtained in a timely way or the individual would
not reasonably be expected to withhold consent;
(b) the disclosure of the information is pursuant
to a statute or regulation of Alberta or Canada that
authorizes or requires the disclosure;
5
For the purposes of sections 14(b), 17(b) and 20(b)
of the Act, "regulation" means
(a)
an Alberta regulation;
(b) a Canada regulation;
(c) a bylaw of a local government body;
(d) a legislative instrument of a professional
regulatory organization.
19 Without restricting
the generality of sections 14(b), 17(b) or 20(b)
of the Act, an organization may collect, use and
disclose personal information about an individual
without the consent of the individual in the following
circumstances:
(a) the collection, use or disclosure is necessary
to comply with a collective agreement referred
to in section 128 of the Labour Relations Code;
(b) the collection,
use or disclosure is necessary to comply with
an audit or inspection of or by the organization
where the audit or inspection is authorized or
required by a statute of Alberta or Canada, an
Alberta regulation or a Canada regulation;
(c) the collection
of personal information is authorized or required
by a statute of Alberta or an Alberta regulation
and the method of collection is by way of a form
approved or otherwise provided for under that
statute or regulation
(c) the disclosure of the information is to a public
body and that public body is authorized or required
by an enactment of Alberta or Canada to collect the
information from the organization;
(d) the disclosure of the information is in accordance
with a provision of a treaty that
(i) authorizes or requires its disclosure, and
(ii) is made under an enactment of Alberta or Canada;
(e) the disclosure of the information is for the purpose
of complying with a subpoena, warrant or order issued
or made by a court, person or body having jurisdiction
to compel the production of information or with a
rule of court that relates to the production of information;
(f) the disclosure of the information is to a public
body or a law enforcement agency in Canada to assist
in an investigation
(i) undertaken with a view to a law enforcement
proceeding, or
(ii) from which a law enforcement proceeding is
likely to result;
| | | |
