summer-campus

Access and Privacy Office

The Government of Alberta has updated Alberta’s public-sector access to information and privacy legislation by repealing the Freedom of Information and Protection of Privacy Act (FOIP) and replacing it with two new pieces of legislation. These changes took effect on June 11, 2025. The new legislation separates access to information and privacy into two distinct frameworks:

Access to Information Act Protection of Privacy Act

Compliance with ATIA and POPA

For the purposes of both the the Access to Information Act (ATIA) and Protection of Privacy Act (POPA), the Board of Governors has designated the General Counsel and Vice-President (People and Culture) as the "Head" of the University of Calgary. The Head is accountable for all decisions made under the acts. 

Under the authority of the Head, the day-to-day administration and implementation of the requirements of ATIA and POPA are delegated to the Access and Privacy Office. In accordance with the applicable provisions of ATIA and POPA, the Head has further delegated specific duties, powers, and functions as outlined in the University of Calgary's Privacy Policy and Delegation of Authority Policy

What we do

Compliance

The Access and Privacy Office develops and implements effective processes and guidelines to ensure the University of Calgary's compliance with Alberta’s access to information and protection of privacy legislation. 

All collection of personal information for institutional purposes must comply with the University of Calgary’s Guidelines for the Collection of Personal Information. All surveys conducted for institutional purposes must comply with the University of Calgary’s Guidelines for Conducting University of Calgary Surveys

Operating Standards, Guidelines & Forms

Advice & Guidance

The Access and Privacy Office provides advice and guidance to administrators and the broader campus community on all matters related to access to information and protection of privacy. 

If you require advice or guidance regarding an access or privacy matter, please contact the Access and Privacy Office. For general information, please see the Access and Privacy Office Frequently Asked Questions (FAQs) page or review the additional resources available on the Operating Standards, Guidelines & Forms page. 

Contact the Access and Privacy office

Access Requests

Formal access to information requests under ATIA are processed by the Access and Privacy Office in accordance with the University of Calgary's Formal Access Request Procedure. Please direct all access requests to the Access and Privacy Office for review. The Access and Privacy Office can also advise on informal access to information requests, access to information for research purposes, or the sharing of personal information across the institution.

Request to Access Information Form

Privacy Breaches

The Access and Privacy Office advises on the proper collection, use, and disclosure of personal information in accordance with POPA, and investigates concerns or complaints related to non-compliance. All privacy incidents/breaches must be reported to the Access and Privacy Office in accordance with the Procedure for Responding to a Privacy Breach. An incident report should be submitted within 24 hours of discovering a breach. 

Privacy Breach Incident Report Form

Overview of ATIA and POPA

Hover over each component below to learn more.

Access to Information Act (ATIA)

Access to Information Act (ATIA)

ATIA governs the public’s right to access records held by public bodies, promoting transparency and accountability. The Head also has the discretion to refuse to disclose certain types of records or information, subject to limited exclusions and exemptions. 

Access to Information Act, SA 2024, c A-1.4 (ATIA)

Protection of Privacy Act (POPA)

Protection of Privacy Act (POPA)

POPA governs how public bodies may collect, use, and disclose personal information. Individuals have the right to access their personal information held by the public body and the right to request corrections to that information.

Protection of Privacy Act, SA 2024, c P-28.5 (POPA)
HIA

Health Information Act (HIA)

Physicians who bill Alberta Health Care for the provision of a health service are considered custodians under the HIA and they are personally responsible for managing patient files in accordance with the provisions of the act. However, when a physician operates under the auspices of the University or a University clinic and stores health information on University systems, the University assumes responsibility for creating and maintaining a secure operating environment.

Health Information Act, RSA 2000, c H-5

More resources

Can't find what you're looking for or still have questions?

Get in touch