Privacy Management Program

Our commitment to privacy

The Town of Okotoks is committed to protecting personal privacy and managing personal information in a responsible, transparent and lawful manner. We collect, use, disclose and protect personal information in accordance with Alberta’s Protection of Privacy Act (POPA),  and its regulations.

To support this commitment, the Town has established and maintains a Privacy Management Program (PMP).

What is a Privacy Management Program?

A Privacy Management Program (PMP) is the framework the Town uses to ensure ongoing compliance with POPA. It consists of administrative guidelines, procedures, roles, training and safeguards that govern how personal information is handled across all Town programs and services.

The PMP helps ensure that:

• personal information is collected, used, disclosed and protected in accordance with legislation
• privacy risks are identified and addressed
• privacy complaints and incidents are managed consistently
• the Town can demonstrate accountability and compliance for how personal information is managed

How the Town protects personal information

Under the Privacy Management Program, the Town:

• designates an Access and Privacy Officer responsible for overseeing privacy compliance
• maintains documented guidelines and procedures for handling personal information
• implements administrative, physical, and technical safeguards appropriate to the sensitivity of the information
• provides mandatory privacy training to employees
• reviews and updates privacy practices on a regular basis

These measures are proportionate to the volume and sensitivity of the personal information the Town holds.

Your privacy rights

The Town is committed to protecting personal information and upholding individuals’ rights under the Protection of Privacy Act (POPA). You have the right to request access to records, request correction of your personal information, and submit privacy complaints. Details on how to exercise these rights are provided below.

1. Access to Information
   You have the right to request access to records in the custody or control of the Town, subject to limited exceptions set out in legislation. Some information is made available through routine disclosure. Where information is not routinely available, or where you are requesting access to your own personal information, a formal Access to Information request may be required.

   Accessing Information Requests

2. Correction of Personal Information
   You may request a correction to your personal information if you believe it is inaccurate or incomplete. Correction requests are reviewed and decided in accordance with POPA. Where a correction is not made, you may request that a statement of disagreement be attached to the record.

   Request a Correction

3. Privacy Complaints
   You may submit a privacy complaint if you believe the Town has collected, used or disclosed personal information without proper authority, or has not adequately protected personal information. Privacy complaints are reviewed and investigated by the Access and Privacy Officer in accordance with established procedures. Use the contact form to file a complaint.

Privacy incidents and breach notification

The Town has processes in place to identify, assess and respond to privacy incidents. 

Where an incident involves the loss of, unauthorized access to, or unauthorized disclosure of personal information:

• the incident is assessed and contained
• steps are taken to mitigate risks, and
• affected individuals are notified without unreasonable delay where there is a real risk of significant harm, as required by legislation

All incidents are documented and reviewed to support continuous improvement.

Transparency and accountability

The Town uses its Privacy Management Program to support transparency and accountability in the management of personal information.

The Town will make information about its Privacy Management Program available to the public upon request. Certain technical and security-related details may be withheld when disclosure could reasonably be expected to compromise the security of personal information.

Personal Information Banks

Under the Protection of Privacy Act (POPA), public bodies are required to maintain a directory of Personal Information Banks (PIBs) and make that information available to the public. A PIB is a collection of personal information organized or retrievable by an individual’s name or another identifying particular and used for an ongoing purpose.

The Town of Okotoks manages its personal information holdings through its Privacy Management Program, including documented inventories, classification and identification of Personal Information Banks.

Not all personal information holdings constitute a Personal Information Bank. The absence of a published PIB does not indicate that the Town does not collect personal information, but reflects how information is structured, used and retrieved under POPA.

The Town is in the process of developing its Personal Information Bank directory, which will be made available to the public upon completion.

Continuous improvement

The Privacy Management Program is regularly reviewed and updated to ensure compliance with legislative requirements and to address evolving risks, technologies, and operational practices.