summer-campus

Access and Privacy Office (APO)

The Government of Alberta has updated Alberta’s public-sector access to information and privacy legislation by repealing the Freedom of Information and Protection of Privacy Act (FOIP) and replacing it with two new pieces of legislation. These changes took effect on June 11, 2025. The new legislation separates access to information and privacy into two distinct frameworks:

Access to Information Act Protection of Privacy Act

Compliance with ATIA and POPA

For the purposes of both the the Access to Information Act (ATIA) and Protection of Privacy Act (POPA), the Board of Governors has designated the General Counsel and Vice-President (People and Culture) as the "Head" of the University of Calgary. The Head is accountable for all decisions made under the acts. 

Under the authority of the Head, the day-to-day administration and implementation of the requirements of ATIA and POPA are delegated to the Access and Privacy Office. In accordance with the applicable provisions of ATIA and POPA, the Head has further delegated specific duties, powers, and functions as outlined in the University of Calgary's Privacy Policy and Delegation of Authority Policy

What we do

Compliance

The Access and Privacy Office develops and implements effective processes and guidelines to ensure the University of Calgary's compliance with Alberta’s access to information and protection of privacy legislation. 

All collection of personal information for institutional purposes must comply with the University of Calgary’s Guidelines for the Collection of Personal Information. All surveys conducted for institutional purposes must comply with the University of Calgary’s Guidelines for Conducting University of Calgary Surveys

Operating Standards, Guidelines & Forms

Advice & Guidance

The Access and Privacy Office provides advice and guidance to administrators and the broader campus community on all matters related to access to information and protection of privacy. 

If you require advice or guidance regarding an access or privacy matter, please contact the Access and Privacy Office. For general information, please see the Access and Privacy Office Frequently Asked Questions (FAQs) page or review the additional resources available on the Operating Standards, Guidelines & Forms page. 

Contact the Access and Privacy office

Access Requests

Formal access to information requests under ATIA are processed by the Access and Privacy Office in accordance with the University of Calgary's Formal Access Request Procedure. Please direct all access requests to the Access and Privacy Office for review. The Access and Privacy Office can also advise on routine access to information requests, access to information for research purposes, or the sharing of personal information across the institution.

Request to Access Information Form

Privacy Breaches

The Access and Privacy Office advises on the proper collection, use, and disclosure of personal information in accordance with POPA, and investigates concerns or complaints related to non-compliance. All privacy incidents/breaches must be reported to the Access and Privacy Office in accordance with the Procedure for Responding to a Privacy Breach. An incident report should be submitted within 24 hours of discovering a breach to accessandprivacy@ucalgary.ca

Privacy Breach Incident Report Form

Overview of ATIA and POPA

Hover over each component below to learn more.

Access to Information Act (ATIA)

Access to Information Act (ATIA)

ATIA governs the public's right to access records held by public bodies, promoting transparency and accountability. The Head also has the discretion to refuse to disclose certain types of records or information, subject to limited exclusions and exemptions.

Access to Information Act, SA 2024, c A-1.4 (ATIA)

Protection of Privacy Act (POPA)

Protection of Privacy Act (POPA)

POPA is the legislative framework by which public bodies may collect, use, or disclose personal information and requires the protection of personal information held by public bodies. 

Protection of Privacy Act, SA 2024, c P-28.5 (POPA)

Other Applicable Privacy Laws and Regulations

Hover over each component below to learn more.

Health Information Act (HIA)

Health Information Act (HIA)

Physicians who bill Alberta Health Care are custodians under the HIA and are personally responsible for patient records. When practicing through a University or University clinic and using University systems, the University is responsible for maintaining a secure operating environment.

Health Information Act, RSA 2000, c H-5 (HIA)

International Privacy Laws

International Privacy Laws

The University complies with international privacy laws and regulations such as the European Union’s General Data Protection Regulation (GDPR) when applicable to its operations such as when it sponsors, or contracts with entities involved in conducting, research with participants in other countries. 

Data Protection Officer: dpo@ucalgary.ca

More resources

Can't find what you're looking for or still have questions?

Get in touch