Skip to content

AI search tool

Try our new Search AI tool as an alternative to the search below to improve your experience on Alberta.ca using artificial intelligence. See the AISearch fact sheet for more information.

Popular topics:

Alberta.ca Account
Part of Protection of Privacy Act

Data matching

The Protection of Privacy Act (POPA) allows public bodies to carry out data matching to create data derived by personal information.

Explore pages in:
Protection of Privacy Act
On this page:

Overview

A public body can link personal information between 2 or more databases or other electronic sources of information to create data derived from personal information. This process is known as data matching.

Data matching

Data matching can only occur if the public body’s reason for combining databases meets one or more of the following purposes:

  • research and analysis
  • planning, administering, delivering, managing, monitoring or evaluating a program or service
  • one or more prescribed purposes identified in the Protection of Privacy Act (POPA) Regulation

A public body can only data match with personal information it collects from another public body or information it already has in its custody or under its control. It cannot collect personal information directly from the individual the information is about for the purpose of data matching.

Public bodies are subject to various restrictions when data matching, and it may only be carried out in accordance with the prescribed security arrangements and public bodies may only collect, use and disclose data derived from data matching in accordance with the Act and regulation.

Data derived from personal information

Means the data created by data matching and that identities any individual who personal information was used in data matching.

Public bodies must protect any data derived from personal information created by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or destruction. See Non-personal data page for more information.

Use and disclosure

It is restricted to only using the data for the purpose for which it was created and must be destroyed or transformed into non-personal data once the purpose for creation has been fulfilled.

A public body cannot disclose data derived from personal information except when it discloses the data to the public body that provided the personal information that was used to create it. 

Disclaimer

All persons reviewing Technology and Innovation’s Protection of Privacy Act are reminded that it has no legislative sanction and has been provided for guidance and convenience of reference only. The official statutes and regulations should be consulted for all purposes of interpreting and applying the law.

Previous Correction of personal information
Next Non-personal data