We build complete Privacy Management Programs for small-to-midsize Alberta public bodies. Full PMP document, PIAs for your SaaS tools, privacy officer framework, breach procedures — delivered in 3–4 weeks. Fixed fee from $4,500 CAD.
See the PMP Readiness Service →What is a Privacy Management Program under POPA?
A Privacy Management Program (PMP) is a documented set of policies and procedures that promote a public body's compliance with POPA. Under Section 25(1), every Alberta public body must establish and implement a PMP. This requirement comes into effect on June 11, 2026 — one year after POPA's proclamation. The PMP must be made publicly available upon request.
What must a PMP include?
The Ministerial Regulation specifies requirements including: designating a privacy officer, establishing internal procedures for handling personal information, training employees on their obligations under POPA, documenting privacy risks and safeguards, and establishing processes for completing Privacy Impact Assessments. For public bodies handling high volumes of personal information or highly sensitive data, additional documented safeguards are required.
How do PIAs fit into the PMP?
PIAs are a core component of the PMP. The Ministerial Regulation requires public bodies that handle high volumes or highly sensitive personal information to establish an internal process for completing and submitting PIAs. Every time your organization deploys or substantially changes a SaaS tool that processes personal information, a PIA must be completed — and potentially submitted to the OIPC.
What is the penalty for not having a PMP by June 2026?
POPA introduced penalties of up to $1 million for certain offences. While the PMP requirement itself doesn't carry a specific fine, failure to have a PMP means your organization cannot demonstrate compliance with POPA — which exposes you to Commissioner orders and enforcement action if a privacy incident occurs. The PMP is the foundation that all other POPA obligations build on.
How should public bodies prepare now?
Start with your SaaS inventory. Identify every tool that processes personal information. Complete PIAs for each one — the OIPC template is now available. Designate a privacy officer. Document your safeguards. Build your breach notification procedures. The PMP is not a single document — it's an operating framework. PIAs for your SaaS tools are the most concrete, actionable place to start.
Complete PMP, PIAs for your SaaS tools, breach procedures — delivered in 3–4 weeks. Fixed fee from $4,500 CAD.
Learn more →Generate jurisdictional answers for Sections F, G, H2 of the OIPC template from our 766-tool database. $199.
Try the tool →PMP Readiness Service (done-for-you) → · Alberta POPA overview → · CLOUD Act & Canadian data → · Data residency vs sovereignty → · PIA Research Tool →
Frequently asked questions
Yes. Every public body in Alberta — from large government departments to small municipalities — must establish a PMP by June 11, 2026.
Technically yes, but your PMP must include a process for completing PIAs. Starting with PIAs for your existing SaaS tools gives you concrete documentation to build your PMP around.
The requirements are set out in the Protection of Privacy (Ministerial) Regulation, Section 6. The OIPC is also developing a PMP guideline.