Calgary Municipal Privacy Impact Assessment Guide

Technology and Data Alberta 4 Minutes Read · published February 11, 2026 Flag of Alberta

Calgary, Alberta projects that collect, use or share personal information usually require an internal privacy impact assessment (PIA) to meet municipal privacy obligations and best practices. This guide explains why a PIA matters for City of Calgary initiatives, who must complete one, the typical steps and timelines, and how to interact with the City’s Access and Privacy office during procurement, system design or service changes.

What is a Privacy Impact Assessment?

A Privacy Impact Assessment (PIA) is a structured evaluation of how a project, technology or program collects, stores, uses, discloses and protects personal information. Municipal PIAs identify privacy risks, propose mitigation, and document decisions so projects comply with applicable city policies and provincial privacy oversight.

When a PIA is required

At the City of Calgary, PIAs are typically required for new business systems, major changes to existing systems, vendor-hosted services that handle personal data, and initiatives that increase surveillance or data sharing across departments. Project owners should consult the City’s privacy guidance and notify the Access and Privacy office early in the design phase to confirm requirements and timing. See the City’s privacy guidance page Privacy impact assessments[1] for City-specific triggers and templates.

Typical PIA process and timeline

  • Early scoping: project owner notifies Access and Privacy and confirms whether a PIA is required.
  • Assessment: complete the PIA template documenting data flows, purposes, legal authority and retention.
  • Risk mitigation: propose technical and administrative controls and update project plans.
  • Review and sign-off: Access and Privacy reviews the PIA; proceed after approval or conditions.
  • Implementation: build and test controls, update procurement or contract terms for vendors.
Start the PIA at project conception to avoid delays in procurement or deployment.

Penalties & Enforcement

Enforcement for privacy lapses related to municipal projects is managed through internal City processes and, where applicable, provincial oversight. The City’s Access and Privacy office handles internal compliance, reviews PIAs and may require corrective actions. Specific monetary fines for municipal PIA non-compliance are not specified on the cited City guidance page; procedural remedies and complaint routes are described by city and provincial oversight bodies.

  • Fine amounts: not specified on the cited City page; consult provincial legislation or the Office of the Information and Privacy Commissioner of Alberta for statutory penalties where applicable.
  • Escalation: the City may require remediation actions; repeat or continuing non-compliance procedures are not specified on the cited City page.
  • Non-monetary sanctions: administrative orders, mandatory remediation, contract suspension or termination, and referral to legal services or provincial oversight (as applicable).
  • Enforcer and complaints: primary contact is the City of Calgary Access and Privacy office; public privacy concerns may also be raised with the provincial Information and Privacy Commissioner. Contact the City’s Access and Privacy office for enforcement and complaint procedures Contact Access and Privacy[2].
  • Appeals and review: specific appeal time limits are not specified on the cited City page; where a public body decision is at issue, the provincial commissioner’s complaint process sets statutory timelines—see the provincial complaint guidance for details.
If you handle sensitive personal data, document safeguards and retention precisely to minimize enforcement risk.

Applications & Forms

The City publishes a PIA template and guidance for project teams; the City web guidance identifies how to submit PIAs to Access and Privacy but a named fee or numbered municipal form is not specified on the cited page. For submission instructions, use the City contact page above. Current procedures are published on the City’s privacy guidance page Privacy impact assessments[1].

How to prepare a PIA

  1. Identify the project scope, stakeholders and all personal data collected.
  2. Map data flows and list legal authorities or municipal bylaws authorizing the collection and use.
  3. Assess risks and select mitigation: access controls, retention schedules, encryption, contract clauses for third parties.
  4. Submit the completed PIA to Access and Privacy and incorporate their recommendations into procurement or deployment plans.

FAQ

Who must complete a PIA for City of Calgary projects?
Project owners and sponsors for systems or services that handle personal information should complete a PIA; consult Access and Privacy to confirm.
How long does a PIA take?
Timeline varies by project complexity; simple assessments may take weeks while complex systems with vendor review can take months.
Is there a fee to submit a PIA?
The City’s guidance does not list a fee; confirm submission details with Access and Privacy.
Who enforces PIA compliance?
Access and Privacy manages internal compliance; provincial oversight and complaint routes are available through the Office of the Information and Privacy Commissioner of Alberta.

How-To

  1. Initiate: notify the City Access and Privacy office at project conception and request the PIA template.
  2. Document: complete the PIA template with data flows, legal authority, retention, and vendor details.
  3. Mitigate: list and budget for technical and contractual controls required by Access and Privacy.
  4. Submit: send the PIA to Access and Privacy and address any required changes before procurement or go-live.
  5. Maintain: keep the PIA and related records for the retention period and update on major changes.

Key Takeaways

  • Start PIAs early to avoid procurement and implementation delays.
  • Record decisions and controls in the PIA to show due diligence.

Help and Support / Resources

  1. [1] City of Calgary - Privacy impact assessments
  2. [2] City of Calgary - Access and Privacy contact
  3. [3] Office of the Information and Privacy Commissioner of Alberta - Make a complaint

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data