Chris Stinner is a Senior Information and Privacy Manager with the Office of the Information and Privacy Commissioner of Alberta. As a member of the Compliance and Special Investigations team, he does work in relation to any of the three pieces of access and privacy legislation in Alberta. This includes reviewing privacy impact assessments, investigating privacy breaches, contributing to special projects, and conducting investigations initiated by the Commissioner. Prior to working with the OIPC, Chris has spent a number of years working as a privacy advisor in the health sector, working with physician practices and hospitals to help them comply with information and privacy legislation.
This session will provide an overview of Alberta's three access and privacy laws, and will describe the regulation and enforcement role of the Office of the Information and Privacy Commissioner (OIPC) with regard to these laws.
Handouts: Overview of Legislation and OIPC
Privacy impact assessments (PIAs) are internationally recognized due diligence exercise used to identify and mitigate privacy risks in a given initiative. This session will summarize the steps of PIAs. In Alberta, PIAs are required under the Health Information Act, and are often prepared by private and public sector entities.
Handouts: Privacy Impact Assessments
Under each of Alberta’s three laws, individuals have certain access to information rights while public, private and health sector entities have a number of responsibilities to respond to access to information requests. This session will provide an overview of the process to respond to access requests, summarize correction requests, and explain the role of the OIPC in reviewing access request responses.
Handouts: Access Requests
Privacy laws are often mentioned as a barrier to share information when providing services, but in most situations, the laws present a way to enable information sharing to support service delivery while respecting individuals’ privacy. This session will help clarify some of the rules guiding information sharing, and will offer participants recommendations on how to best approach information sharing initiatives.
Handouts: Information Sharing
This session will focus on privacy breach preparedness and response. This includes general proactive measures to avoid privacy breaches, the reporting of a breach to the OIPC, as well as how to notify affected individuals.
Handouts: Privacy Breach Reporting and Notification