If you work for an Alberta municipality, town, or village, the rules that govern how you handle information have changed. On June 11, 2025, Alberta's long-standing Freedom of Information and Protection of Privacy Act (FOIP) was repealed and replaced by two separate laws. Here's a plain-language overview of what changed and the practical IT safeguards that support staying compliant.
This article is general information, not legal advice. For guidance on your obligations, consult your municipality's privacy officer or legal counsel.
FOIP is now two laws
For decades, FOIP covered both sides of information governance — the public's right to access records, and the protection of personal information — in a single act. Alberta has now split those into two dedicated laws:
- The Access to Information Act (ATIA) governs the public's right to access records held by public bodies.
- The Protection of Privacy Act (POPA) governs how public bodies collect, use, protect, and disclose personal information.
Both apply to public bodies across the province — including government departments, municipalities, police services, and more.
What this means for municipalities
The split doesn't erase your responsibilities — it clarifies and, in places, strengthens them. Municipalities are still accountable for protecting the personal information of residents and staff, and for responding to access requests. The practical takeaways:
- Your policies and templates need updating. Anything that referenced "FOIP" — request forms, privacy notices, internal procedures — should be reviewed and updated to reference ATIA and POPA appropriately.
- Privacy obligations are front and centre. POPA puts a clear focus on how personal information is collected, safeguarded, and disclosed, which raises the bar on the technical and administrative controls you're expected to have.
- Access processes continue under ATIA. The mechanics of responding to information requests carry forward, now under the new act.
The IT side of compliance
Legislation like POPA sets expectations for safeguarding personal information, but the law doesn't install itself — it comes down to real technical and administrative controls. From an IT perspective, the safeguards that support compliance are the same fundamentals that protect any organization holding sensitive data:
- Access controls — ensure staff can only access the records their role requires, with individual accounts and strong authentication.
- Encryption — protect personal information both at rest (on servers and devices) and in transit (email and file sharing).
- Verified, recoverable backups — so records are protected against ransomware, hardware failure, and accidental deletion, and can actually be restored when needed.
- Endpoint and email protection — to reduce the risk of the breaches that expose personal information in the first place.
- Staff awareness — because most incidents start with a person, not a system. Regular, practical security awareness matters.
- Audit-ready logging — knowing who accessed what, and when, supports both accountability and incident response.
None of this is exotic. It's disciplined, well-run IT — the kind that also happens to keep your operations resilient and your residents' trust intact.
A good moment to review your setup
A legislative change like this is a natural prompt to ask a bigger question: is our IT actually set up to protect the information we're responsible for? Many smaller municipalities run on aging infrastructure with limited internal IT — which makes now a sensible time to review access controls, backups, and security posture against the standard POPA implies.
The bottom line
FOIP is gone; ATIA and POPA are here. Municipalities should update their policies and references, keep their access processes running under ATIA, and make sure the technical safeguards behind POPA — access control, encryption, backups, and endpoint/email protection — are genuinely in place.
We help Alberta municipalities put those safeguards in place with dependable, accountable IT built for the public sector. Learn more about our IT support for municipalities, or book a free evaluation to review your current setup.
Sources: Government of Alberta — Access to Information Act; Office of the Information and Privacy Commissioner of Alberta.
