If you’ve already read our article on the Protection of Privacy Act (POPA), you know Alberta’s privacy rules have changed. Now, let’s look at the other half of the equation: transparency and access.

On June 11, 2025, Alberta introduced the Access to Information Act (ATIA), replacing the access provisions of the old FOIP Act. This law governs how public bodies handle access requests and transparency obligations. If your organization uses Microsoft 365 (Outlook, Teams, SharePoint), ATIA compliance is critical.

What’s New Under ATIA?

ATIA modernizes Alberta’s access rules by introducing faster timelines, a stronger duty to assist applicants, and clearer requirements for handling digital records like emails, Teams chats, and cloud documents.

Here’s what’s new:

• Duty to Assist: Public bodies must help applicants clarify requests and document all steps.

• Stricter Timelines: Shorter deadlines for responding to access requests.

• Third-Party Notifications: If records involve third-party information, you must notify them before disclosure.

• Expanded Record Scope: Includes electronic records, emails, Teams chats, and cloud-stored documents.

• Higher Penalties: Non-compliance can lead to significant fines and reputational damage.

How ATIA Impacts Microsoft 365

1. Microsoft Teams

   
   

Chat and Meeting Records

Teams conversations, meeting notes, and recordings are considered official records under ATIA. They must be retained and retrievable for access requests.

Example: A municipal council uses Teams for internal discussions. An access request includes all messages related to a specific project.

Solution:

• Enable retention policies for Teams chats and channel messages.

• Avoid deleting meeting notes or recordings before retention periods expire.

• Use Teams compliance recording policies for sensitive meetings.

2. Outlook

Email as Official Records

Emails often contain information subject to access requests. Without proper retention, organizations risk non-compliance.

Example: A school board receives an ATIA request for all correspondence about a student program.

Solution:

• Apply retention labels to ensure emails are preserved for the required period.

• Use Microsoft Purview eDiscovery to locate emails quickly.

• Train staff to avoid storing sensitive data in personal folders.

3. SharePoint

   
   

Document Libraries

SharePoint is a primary repository for official records. Poor organization can make access requests difficult and time-consuming.

Example: A department stores contracts in SharePoint, but files are scattered across multiple sites, making retrieval difficult.

Solution:

• Organize libraries with clear naming conventions and metadata for easy search.

• Apply sensitivity labels to classify records.

• Use version control wisely retain necessary versions but avoid indefinite storage of outdated drafts.

4. Compliance & eDiscovery Tools

ATIA requires organizations to locate and provide records quickly. Microsoft 365 offers tools to make this possible.

• Microsoft Purview eDiscovery: Essential for locating and exporting records across Teams, Outlook, and SharePoint.

• Audit Logs: Track who accessed or modified records to demonstrate compliance.

• Retention Policies: Configure policies to meet ATIA timelines for record retention and disposal.

Action Steps for Your Organization

• Review your records management policy to align with ATIA.

• Train staff on what constitutes a record in Microsoft 365.

• Implement eDiscovery workflows for quick response to access requests.

• Document all steps taken to assist applicants as required by law.

Why it Matters

Failure to comply with ATIA can result in fines, legal challenges, and reputational damage. But with the right Microsoft 365 configuration, compliance can be streamlined and efficient.

Echo Transformation Helps You Turn Compliance into Capability

At Echo Transformation, we help public sector teams align Microsoft 365 with real-world needs, including compliance with transparency laws like ATIA.

We offer:

• Practical, user-first records management frameworks

• Guidance on configuring Microsoft 365 tools for ATIA compliance

• Hands-on training to make compliance part of everyday work

• Ongoing support to adapt as your needs evolve

Need help navigating ATIA in your Microsoft 365 environment? Contact us today to book an Privacy/Access Readiness Session.

Already read our POPA article? Great! Together, POPA and ATIA form the foundation of Alberta’s new privacy and transparency framework.

Next up: We’ll explore how these two laws work together and what that means for your Microsoft 365 governance strategy.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Organizations should consult their legal counsel to ensure compliance with ATIA and other applicable legislation.