RIM & FOIP Employee tool kit

Newsbrief - privacy in the news

The Office of the Information and Privacy Commissioner of Alberta's mandate is to investigate complaints put forth by individuals who wish to access records held by public bodies in Alberta.

Once an investigation is completed by a Government of Alberta adjudicator, a report is submitted that determines whether the public body responded correctly to the request.

These orders are posted on the Office of the Information and Privacy Commissioner's website.

News releases that may be of interest to University employees are posted below with the most recent posted at the top.

2014-06-27 News release - The Privacy Commissioner investigates the use of teacher names and personal email addresses by Alberta Education

The Office of the Information and Privacy Commissioner has investigated Alberta Education's use of teacher names and personal email addresses regarding an e-mail sent to 34,328 teachers. The use of personal email addresses was not authorized under the FOIP Act.

2014-01-22 News release - Alberta Health Minister outraged over stolen unencrypted laptop holding health information belonging to 620,000 Albertans

Alberta Health Minister Fred Horne says he is outraged that a laptop containing health information belonging to 620,000 patients was stolen four months ago and was only now brought to his Ministry's attention. The information includes unencrypted names, birthdates, health card numbers, billing codes, billing amounts, and diagnostic codes for patients who were seen at Medicentre clinics between 2011 and 2013.

2013-10-24 News release - The Privacy Commissioner investigates business continuity planning following system outage (Shaw Court building fire)

The Office of the Information and Privacy Commissioner has completed their investigation concerning the Shaw Court building fire and report their findings regarding the business continuity plans for Service Alberta, Alberta Treasury Branches, Alberta Health and Alberta Health Services.

2013-07-14 News release - Bow Valley College failed to protect personal information belonging to 183,900 students stored on its decommissioned computer servers

Bow Valley College contravened section 38 of the FOIP Act by failing to implement reasonable security arrangements to protect the personal information on its decommissioned computer servers, which resulted in the unauthorized disclosure of personal information.

2012-06-22 News release - Eagles Nest Ranch Association collected Alberta Health Care numbers for summer camp registration and contravenes the PIPA Act.

Eagles Nest Ranch Association contravened the Personal Information Protection Act when it required an individual to provide her son's Alberta Health Care number as a condition to registering for summer camp. The Adjudicator decided that Health Care providers are required to assist in an emergency without an Alberta Health Care number.

2012-01-12 News release - Holy Family Catholic Regional Division No. 37 decision to disclose limited personal information to RCMP to avert imminent danger upheld under the FOIP Act.

An Adjudicator with the Office of the Information and Privacy Commissioner has determined that Holy Family Catholic Regional Division No.37 had the authority to release the personal information of an individual to RCMP to avert or minimize an imminent danger to the health or safety of any person

2012-04-30 News release - Calgary Police Service in violation of the FOIP Act when it accessed the personal email account of an individual.

An adjudicator with the Office of the Information and Privacy Commissioner has determined (through Order F2012-07) that the Calgary Police Service was in violation of the FOIP Act when the IT department accessed the personal email account belonging to a civilian employee and distributed the personal information contained in their personal email to Human Resources.

2012-01-20 News release - Edmonton Public School District loses unencrypted memory stick with information of more than 7,000 individuals

An investigation (F2012-IR-01) by the Office of the Information and Privacy Commissioner of Alberta found that the Edmonton Public School District did not follow its own policies and guidelines in the loss of a USB memory stick containing personal information of more than 7,000 individuals. The memory stick was not password protected or encrypted. The Investigation Report also found that the School District had also retained the personal information for a longer period of time that was necessary.

2012-01-11 News release - UVIC privacy breach - thieves gain access to unencrypted data of 11,700 employees

Vancouver Sun - On the weekend of January 6-8th, 2012, the administrative services building saw the theft of laptops, handheld electronics, storage devices, cheques and a small amount of cash belonging to 11,700 employees. The data stolen included names, payroll information and social insurance numbers. UVIC recognizes that there is a risk that the information could be used for identity theft or fraud and have noticed the effected parties. An investigation has been launched by the BC Office of the Information and Privacy Commissioner to determine whether the accepted standards by keeping sensitive unencrypted information about more than 11,700 employees on a mobile device.

2011-12-15 News release - guidelines for using social media for background checks

The Office of the Information and Privacy Commissioner of Alberta has recently released guidelines on the use of social media for conducting background checks on individuals Please note that these guidelines pertain to private sector privacy legislation (PIPA) not the public sector under FOIP.

2011-09-08 News Release PC Candidate Ted Morton using private e-mail address

Edmonton Sun - Frank Work, Alberta's Information and Privacy Commissioner, orders a probe believing the matter with Morton to be "serious." As his right-hand man Wayne Wood tells the Edmonton Sun, the investigation will "look at the allegations about whether or not an email address was created to avoid FOIP issues as well as the questions around the destruction of records."

H2011-IR-003 - Computer Server Compromised

The University of Calgary notified the Privacy Commissioner that a computer server at the U of C Medical Clinics' Sunridge location had been compromised by virus software. The OIPC initiated an investigation under section 84(a) of the Health Information Act, which allows the Commissioner to investigate compliance with any provisions of the HIA. The investigation found that the computer had out-of-date computer operating systems and anti-virus software. In addition, there were several unneeded individuals with administrator access.

Order F2010-016 - Person in a judicial or quasi judicial capacity

The Adjudicator determined that the University of Calgary properly withheld a record that had been requested by an individual in regards to obtaining notes belonging to individuals participating in a Committee of an Investigation report to the Provost prompted by an employee complainant.

The University of Calgary denied access according to section 4(1)b of the Act, which states that a draft or personal note belonging to a person acting in a judicial or quasi-judicial capacity does not apply under the Act.

Order F2006-023 - Disclosure harmful to economic interests of public body (bookstore)

The Adjudicator finds Universities (University of Alberta and University of Calgary) had the authority to withhold information.
The requestor wanted to open a private bookstore and requested bookstore records. The post-secondary institutions correctly refused access to the specific records according to section 25 of the Act as the disclosure could have harmed the competitive position of the public bodies.

Back to top