Access to Information Act (ATIA) & Protection of Privacy Act (POPA)

MD of Peace No. 135 is governed by two provincial laws:

Access to Information Act (ATIA): Gives people the right to access records in the MD of Peace No. 135’s custody, subject to limited exceptions.
Protection of Privacy Act (POPA): Controls how the MD of Peace No. 135 collects, uses, shares, and safeguards personal information. It also requires public bodies to maintain a Privacy Management Program.

MD of Peace No. 135 – Privacy Management Program (PMP)

What is the Privacy Management Program (PMP)?
The MD of Peace No. 135 is committed to protecting personal information in accordance with Alberta’s Protection of Privacy Act (POPA). Our Privacy Management Program (PMP) encompasses the policies, procedures, and safeguards we implement for collecting, using, sharing, and protecting personal information. The PMP serves as the formal framework for how the MD of Peace No. 135 manages the collection, use, disclosure, and safeguarding of personal information. As a public body in Alberta, the MD of Peace No. 135 is required to maintain a documented Privacy Management Program in compliance with the Protection of Privacy Act (POPA) and related regulations.

Why does this matter to you?
The PMP helps ensure your information is handled responsibly, transparently, and securely. It also explains your privacy rights and how to contact us with questions or requests.

Your privacy rights and assurances

Access & correction: You can request access to your personal information and ask us to correct it if it’s inaccurate.
Breach notification: If a privacy breach creates a real risk of significant harm, we will notify you and also notify the Office of the Information and Privacy Commissioner (OIPC) and the Minister of Technology & Innovation.
Automated decisions: If we use automated systems to generate content or make decisions about you, we will tell you at the time of collection.
Independent review: If you are not satisfied with our response, you may request an independent review by the OIPC of Alberta.

What the PMP includes

Policies: Access to Information; Protection of Privacy; Delegation of Authority – Information & Technology. These set responsibilities and decision‑making authority.
Procedures: Access to information, privacy protections, privacy complaints, privacy incidents/breaches, records & information management, and user account management. These guide day-to-day compliance.
Regulations: Data & Information Security Classification; Privacy by Design; Privacy Management Program; Privacy Impact Assessment; Acceptable Use of IT; Cloud Vendor Assessment; Personal Information Bank (PIB) Directory. These reinforce secure, transparent, risk‑based practices.
Forms & tools: Privacy Impact Assessment (PIA) templates, Personal Information Banks (PIB) forms, access request forms, complaint and breach checklists, and correction‑of‑information templates.
Staff training: All the MD of Peace No. 135 employees complete mandatory privacy training to help keep your information safe.

MD of Peace No. 135 PMP Table of Contents

Contact us

Privacy & Access Officer
Email: admin@mdpeace.com

We welcome questions, access/correction requests, privacy complaints, and reports of suspected privacy breaches.

Last reviewed: May 8, 2026

What personal information does MD of Peace No. 135 collect - and for what purpose?

The MD of Peace No. 135 collects only what it needs to provide programs and services. Personal Information Bank (PIB) Directory describes what data we hold, why we hold it, how we use it, and common disclosures—improving transparency about our information holdings. See Personal Information Bank Directory for a structured list.

Personal information collected is used for:

Managing programs and services
Maintaining financial records of accounts
Emergency contacts
Providing specific services, such as health and safety emergency
To determine suitability for an honor or award
As required for law enforcement purposes

How does the MD of Peace No. 135 use or disclose personal information?

What are my privacy rights?

You can:

Access your personal information held by the MD of Peace No. 135 (subject to limited exceptions).
Request corrections to your personal information; if used to make a decision that directly affects you, POPA requires the MD of Peace No. 135 to retain it for at least one year after use so you can access it.

Seek an independent review of access or privacy decisions by the Office of the Information and Privacy Commissioner (OIPC) of Alberta.

What Personal Information has restricted access?

Addresses, telephone numbers, and emails are not released without consent
Unless written consent is given, the MD of Peace No. 135 employees cannot release personal information to other third parties (e.g. regarding financial records, address in the MD of Peace No. 135 Residence, etc.)
Redaction may be required before records are released should an official request for information occur.
The MD of Peace No. 135 staff are provided with guidelines in the preparation of written or verbal references.

How to make an access request or ask for a correction

Will MD of Peace No. 135 notify me about a privacy breach?

How does MD of Peace No. 135 handle privacy complaints?

What is a Privacy Impact Assessment (PIA) and when is it required?

What is "data matching" and what rules apply?

How does the MD of Peace No. 135 protect my information?

The MD of Peace No. 135 assigns a security classification level to information (e.g., Public, Protected A/B/C) and applies safeguards proportionate to sensitivity—especially for high‑sensitivity information (e.g., biometric or financial data, or information about minors/seniors/vulnerable individuals). Staff complete mandatory training on privacy and information handling.

How quick will the MD of Peace No. 135 respond to an access request?

Who can I contact with questions or to report a concern?