Calgary bylaws: Who handles cybersecurity incidents

Technology and Data Alberta 3 Minutes Read · published February 11, 2026 Flag of Alberta

In Calgary, Alberta, cybersecurity incidents that affect City systems are handled through a combination of municipal information technology teams for operational containment and law enforcement for criminal investigation. City of Calgary corporate IT and security teams lead incident response inside City Hall, while the Calgary Police Service investigates suspected criminal activity. Provincial or federal agencies may become involved for offences under provincial or federal law. This article explains which municipal offices are responsible, the enforcement pathways, practical reporting steps and what municipal bylaws or published City resources currently say about penalties and appeals (current as of February 2026).

Report incidents promptly to preserve evidence and reduce harm.

Penalties & Enforcement

The City does not publish a standalone bylaw imposing specific monetary fines for cybersecurity incidents affecting City systems; enforcement is primarily operational and investigative. Where misconduct or noncompliance with City policies occurs, the City may pursue administrative actions; criminal aspects are referred to the Calgary Police Service and, if applicable, provincial or federal prosecutors. For specific fine amounts, statutory offences, or administrative penalties tied to cybersecurity, the City pages consulted do not list monetary fines or schedules for public cyber incidents and therefore the fine amounts are not specified on the cited page (current as of February 2026).

  • Enforcer: City of Calgary Information Technology / Corporate Security for internal incidents; Calgary Police Service for suspected criminal conduct.
  • Complaint/report pathways: internal IT security reporting channels and the Calgary Police Service non-emergency or online reporting for crimes.
  • Escalation: operational containment by IT, internal investigation, referral to police, and potential provincial/federal prosecution; escalation specifics and timeframes are not specified on the cited page.
  • Monetary penalties: not specified on the cited page for municipal enforcement of cybersecurity incidents.
  • Non-monetary sanctions: administrative orders, access suspension, system account revocation, internal disciplinary measures and seizure of equipment by police where warranted.
If an incident may be criminal, notify police quickly after internal containment steps.

Applications & Forms

The City does not publish a public, dedicated ‘‘cyber incident’’ form for external members of the public to file against City systems; incident handling is managed internally by City IT and Corporate Security, with criminal complaints directed to the Calgary Police Service. For privacy breaches, the City maintains privacy reporting procedures; specific public-facing incident forms or fee schedules for cyber incidents are not specified on the cited page (current as of February 2026).

Typical action steps for affected parties and staff include: contain affected systems, preserve logs and evidence, notify the City IT/security team immediately, and report criminal matters to police. Appeals from disciplinary or administrative actions follow City employment or administrative processes; deadlines and formal appeal routes for cybersecurity-specific sanctions are not published on the cited City pages.

Keep forensic evidence intact and record times and contacts when you report an incident.

FAQ

Who is responsible for responding to a cyber incident at City Hall?
The City of Calgary Information Technology and Corporate Security teams lead operational response; the Calgary Police Service handles criminal investigations where applicable.
Can the City fine me for a cybersecurity incident?
The City pages reviewed do not list specific monetary fines for cybersecurity incidents; criminal penalties would be under provincial or federal law and are handled by prosecutors.
How do I report a cyber incident involving City systems?
Report internally to City IT or Corporate Security if you are City staff; members of the public should report suspected criminal activity to the Calgary Police Service and contact City customer service for City-specific concerns.

How-To

  1. Immediate containment: disconnect affected devices from networks if instructed and isolate the incident to stop further spread.
  2. Preserve evidence: do not power off critical devices and collect timestamps, screenshots and log locations.
  3. Notify City IT/Cybersecurity: use your internal reporting channel or security contact as soon as possible.
  4. Report criminal activity: if you suspect a crime, contact the Calgary Police Service to file a report and provide preserved evidence.
  5. Follow official instructions: cooperate with IT, Corporate Security, and any investigators and complete required internal forms if requested.
Document dates, times and who you told when you report an incident.

Key Takeaways

  • The City handles operational response; police handle criminal investigations.
  • Monetary fines for cyber incidents are not published on City pages; criminal penalties fall under law.

Help and Support / Resources

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data