Policies & Guidelines

Privacy impact assessments


Although not required under the Alberta FOIP Act, Privacy Impact Assessments (PIAs) provide a way to mitigate various privacy risks associated with projects implemented by public bodies that collect, use, and disclose personal information.

Mount Royal University departments can use the Privacy Impact Assessment (PIA) format developed by the Office of the Information and Privacy Commissioner of Alberta (the OIPC) for any department projects that collect, use and disclose personal information.

Completed Privacy Impact Assessments may be forwarded to the Mount Royal University Privacy Office for review. These PIAs are retained on file by the Mount Royal University Privacy Office for future reference.

Depending on the project, the University department can also take an additional step and forward the Privacy Impact Assessment (PIA) to the OIPC for review. The OIPC can then, upon review, decide to "accept" the PIA, which demonstrates that the OIPC is satisfied that the University has made reasonable provisions to protect an individual's privacy.

Because the responsibility for protecting the privacy of individuals falls on the University due to the Alberta FOIP Act, the OIPC will "accept" (rather than "approve") the PIA.

The following provides a table summary of Privacy Impact Assessments (PIAs) submitted to the Mount Royal University Privacy Office.