On November 15, 2013, the Supreme Court of Canada struck down the Alberta Personal Information Protection Act (“PIPA”) in Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401, 2013 SCC 62 (“United Food”), and despite a one-year stay to allow for necessary amendments, delay on the part of the Alberta government has caused PIPA’s lapse to become an inevitability.
The SCC found that sections of PIPA violated the right to freedom of expression enshrined in s. 2(b) of the Canadian Charter of Rights and Freedoms (the “Charter”). Further, the SCC found PIPA unconstitutionally overbroad in that it deemed “virtually all personal information to be protected regardless of context,” thus infringing the right to freedom of expression in a manner disproportionate to the government’s objective (United Food at para 25).
At the request of the Information and Privacy Commissioner and Alberta Attorney General, the Court agreed to strike down PIPA in its entirety rather than attempt to judicially craft an amendment in order to bring PIPA into compliance with the Charter. To ensure the Alberta Legislature had sufficient time to respond, the Court stayed their declaration of invalidity until November 15, 2014 – less than a month away.
In response to the decision, Alberta’s Information and Privacy Commissioner sent an open letter on December 20, 2013, to the Minister of Justice and Solicitor General and the Minister of Service Alberta, proposing amendments designed to bring PIPA into compliance with the United Food decision. The Commissioner emphasized the importance of private-sector privacy legislation for Albertans, and proposed only such changes as were necessary to bring PIPA into compliance, rather than begin a lengthy review process which could bring PIPA into jeopardy by failing to meet the November 15, 2014 deadline.
On September 22, 2014, the Commissioner sent a second open letter to the Minister of Justice and Solicitor General, the Minister of Service Alberta, and the Premier, setting out the Commissioner’s concerns over PIPA’s impending lapse. In doing so, the Commissioner emphasized again the unique benefits afforded to Alberta’s citizens and businesses in having strong private sector privacy legislation with provincial oversight.
However, the Alberta government has not tabled any amendments to PIPA, and the Alberta Legislature has now been prorogued, meaning the next session will not begin until November 17, 2014. PIPA’s lapse is unavoidable. There has been some discussion that Jim Prentice, the Premier of Alberta, will make attempts to seek an extension of the suspension of the declaration of invalidity. However, as of the date of the publication of this blog, there has not been any further movement on that front.
This said, it is important to realize that the lapse of PIPA does not create a total legislative void in privacy legislation.
The federal Personal Information Protection and Electronic Documents Act, SC 2000, c. 5 (“PIPEDA”) will apply in the event of PIPA’s lapse, as PIPEDA also purports to apply to private sector privacy rights where the province has not regulated in a “substantially similar” manner. Therefore, when PIPA lapses, there will be no “substantially similar” privacy legislation in place in Alberta, and PIPEDA will apply. PIPEDA is narrower in scope and will impact Albertans’ privacy rights differently. In her September 22, 2014 open letter, the Commissioner commented,
“[i]f PIPA is allowed to lapse, Alberta’s citizens and businesses will lose the unique benefits afforded by the legislation, including: mandatory breach reporting and notification to affected individuals, local enforcement without court involvement, and protection for the access and privacy rights of employees of provincially regulated private sector businesses.”
PIPEDA only applies in the narrower context of activities undertaken for commercial purposes, and does not give citizens the benefit of a separate administrative complaint process with provincial oversight. PIPEDA also lacks a business transaction exemption, an exemption for personal employee information, and lacks provisions restricting cross-border data transfers. This means that certain protections afforded employees in Alberta will not be so readily available under PIPEDA.
Despite the differences between PIPA and PIPEDA, our advice to citizens and businesses in Alberta in the wake of PIPA’s lapse is to go about business as usual and ensure continued compliance with PIPA. The best practice is to maintain existing policies and procedural safeguards protecting personal information in the care of your business; whatever lapse or delay may occur in re-enacting PIPA does not entail a legislative void for the protection of privacy in Alberta.
 A convenient guide for businesses attempting to ensure compliance with PIPA can be found on the Alberta Privacy Commissioner’s website: “A Guide for Businesses and Organizations on the Personal Information Protection Act,” Service Alberta, Brochures and Guides (November 2008), online: <http://servicealberta.ca/pipa/resources/brochures-and-guides.cfm#jm_guide for B&O>.