Overview
Alberta’s transition from FOIP to the Protection of Privacy Act (POPA) and Access to Information Act (ATIA) has introduced new requirements for how public sector organizations manage personal information and records.
For school divisions and municipalities, this shift goes beyond policy updates. It directly impacts how data is stored, connected, reported on, and accessed across systems like SharePoint, Teams, and Power Platform.
At the same time, it presents an opportunity. With the right approach, organizations can modernize their records management practices while strengthening compliance.
The Challenge: Compliance in a Modern Data Environment
Most school divisions and municipalities are already using Microsoft 365 to manage documents, workflows, and collaboration. However, many of these environments were designed under FOIP and have not yet been updated to reflect POPA requirements.
This creates a few common challenges:
- Records management frameworks that no longer align with current legislation
- Limited visibility into where personal information lives across systems
- Data being combined across platforms without clear authority or governance
- Manual processes for reporting, access requests, and compliance tracking
POPA introduces new expectations around data matching, derived data, and privacy impact assessments, all of which directly affect how modern digital solutions are built and used.
Where POPA Shows Up in Microsoft 365
Compliance is no longer a standalone exercise. It is built into how your systems are configured.
In a typical Microsoft environment:
- SharePoint becomes a system of record for personal information
- Power Automate connects and moves data between systems
- Power Apps collects and surfaces regulated data
- Power BI combines datasets and generates insights
Under POPA, these activities can trigger requirements such as:
- Formal authority for data matching across systems
- Governance over derived data and analytics outputs
- Privacy Impact Assessments for new or significantly changed solutions
Without the right structure, even well-intentioned solutions can introduce compliance risk.
Our Approach: Designing for Compliance from the Start
At Segue Systems, we work with school divisions and municipalities to align Microsoft 365 environments with POPA requirements from the ground up.
Rather than treating compliance as a separate exercise, we embed it directly into how solutions are designed, built, and governed.
This includes:
1. Records and Data Structure Alignment
We help organizations:
- Identify where personal information exists across SharePoint, Teams, and connected systems
- Align site structures, libraries, and data models with records management requirements
- Ensure retention, access, and classification policies reflect current legislation
2. Governance of Data Movement and Integration
Modern solutions often connect multiple systems. Under POPA, this must be intentional.
We design:
- Power Automate flows and integrations with clear data governance in place
- Controls around how and when data is combined or shared
- Documentation to support compliance with data matching requirements
3. Power Platform and Analytics Governance
Tools like Power BI and Dataverse create powerful insights, but also introduce new compliance considerations.
We support:
- Structuring datasets to reduce risk around identifiable information
- Designing dashboards and reports that align with POPA requirements
- Managing how derived data is created, used, and retained
4. Privacy-First Solution Design
We work alongside your team to ensure:
- Privacy Impact Assessments are considered early, not after deployment
- Systems are designed with compliance in mind from the start
- Your Microsoft environment supports, rather than complicates, your privacy obligations
Impact: Moving from Reactive to Proactive Compliance
Organizations that take this approach are seeing measurable improvements:
- Reduced risk tied to outdated records management practices
- Greater visibility into where personal information exists and how it flows
- More efficient response to access requests and reporting requirements
- Scalable systems that support both operations and compliance
Most importantly, they move from reacting to compliance requirements to building systems that are designed to meet them from day one.
The Opportunity for School Divisions and Municipalities
POPA has introduced new complexity, but it also creates a clear opportunity to modernize.
For school divisions, this means better management of student and staff data across departments.
For municipalities, it means improved control over citizen data, service records, and internal workflows.
Microsoft 365 provides the platform to support this, but the value comes from how it is implemented and governed.
POPA is not just a legislative change. It is a shift in how public sector organizations need to think about data, systems, and accountability.
With the right approach, school divisions and municipalities can use this moment to not only meet compliance requirements, but also build more efficient, scalable, and defensible digital environments.
If your organization is reviewing its records management plan or preparing for POPA alignment, this is the right time to assess how your current Microsoft environment supports those goals. Contact us today to learn more!