On June 11, 2025, Alberta’s Freedom of Information and Protection of Privacy Act (FOIP) was replaced by the Access to Information Act (ATIA) and the Protection of Privacy Act (POPA). This change significantly affects how municipalities handle information, respond to access requests, and protect residents’ personal data. Municipal administrators, clerks, CAOs, elected officials, records officers, and contractors must understand the new framework to stay compliant and reduce risk.
Access to Information Under ATIA
The Access to Information Act (ATIA) gives Albertans the right to request records held by public bodies, including municipalities. “Records” include emails, reports, documents, and other materials in the custody or control of municipal staff. While transparency is a key principle, ATIA defines clear exceptions to protect sensitive information, such as legal advice, law enforcement records, or confidential business data.
Municipalities must establish processes to handle requests efficiently and lawfully. Requests may come from residents, media, or advocacy groups and must be responded to within specified timelines. Failure to comply can result in legal challenges, administrative penalties, and reputational harm.
Protecting Privacy Under POPA
The Protection of Privacy Act (POPA) sets new privacy rights for Albertans and outlines how municipalities can collect, use, or disclose personal information. POPA allows municipalities to conduct data matching or create non-personal datasets for planning and analytics, provided privacy is protected.
Staff must manage personal information responsibly at all stages—from collection and storage to sharing and disposal. POPA emphasizes accountability, requiring clear policies, staff training, and security measures to safeguard residents’ data.
Why Municipalities Must Act
Transitioning from FOIP to ATIA and POPA is more than a legal update—it is an operational necessity. Without proper processes, municipalities risk:
-
Legal exposure: mishandling requests or personal information can trigger complaints or penalties.
-
Reputational harm: residents expect their information to be handled responsibly.
-
Operational inefficiency: unclear procedures can waste staff time and resources.
Proactively adopting ATIA and POPA compliance measures ensures municipalities can respond efficiently to requests, protect sensitive data, and use non-personal information for evidence-based decision-making.
Equip Your Team With the Knowledge They Need
Our comprehensive course is designed specifically for municipal administrators, clerks, CAOs, department heads, elected officials, records officers, and contractors. Participants will learn to:
-
Understand obligations under ATIA and POPA
-
Respond to access requests lawfully and efficiently
-
Manage personal information securely
-
Develop policies, procedures, and training programs
-
Reduce legal, reputational, and operational risks
-
Leverage non-personal data for municipal planning
Through practical guidance and real-world examples, attendees will gain the confidence and skills to apply ATIA and POPA principles to everyday municipal operations.
Register Today
Alberta’s new access and privacy framework is here. Municipalities that act now can ensure compliance, protect residents’ data, and build public trust.
Leave a Reply