In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2017-ND-125||Aug 28 2017||Spiraledge, Inc.|
|Summary: The organization confirmed that malware may have stolen credit or debit card data from some credit... [More]|
|P2017-ND-124||Aug 28 2017||Native Canada Footwear Ltd.|
|Summary: The organization determined that malware infected the organization's website. It appears the... [More]|
|P2017-ND-123||Aug 28 2017||Hartz Hotel Services, Inc.|
|Summary: The organization was notified by its service provider that an unauthorized party gained access to... [More]|
|P2017-ND-121||Aug 11 2017||National Bank Investments|
|Summary: The organization reported that an unauthorized party outside the organization accessed a number of... [More]|
|P2017-ND-120||Aug 11 2017||Spectrum Psychological Inc.|
|Summary: The organization, a psychologist, reported that for many years he sent documents related to his... [More]|
|P2017-ND-119||Aug 9 2017||Central 1 Credit Union|
|Summary: While troubleshooting a software issue, an employee of the organization inadvertently uploaded an... [More]|
|P2017-ND-118||Aug 9 2017||First Calgary Financial a division of Connect First Credit Union Ltd.|
|Summary: A teller with the organization gathered cheques received for the day for deposit or cash, printed a... [More]|
|P2017-ND-117||Aug 9 2017||Beacon Consumer Holdings Inc.|
|Summary: The organization discovered a virus on its system relating to its website. The organization found... [More]|
|P2017-ND-116||Aug 8 2017||College of Licensed Practical Nurses of Alberta|
|Summary: An employee of the organization emailed a letter containing the personal information at issue to... [More]|
|P2017-ND-114||Aug 8 2017||Dalmac Oilfield Services Inc.|
|Summary: The organization discovered that key-logger software had been installed on an employee's computer... [More]|
|P2017-ND-111||Aug 4 2017||Sun Life Assurance Company of Canada|
|Summary: A laptop belonging to an advisor with the organization was stolen from the advisor’s vehicle parked... [More]|
|P2017-ND-110||Aug 4 2017||Brion Energy Corporation|
|Summary: A phishing email was sent from an executive email account to an executive assistant requesting... [More]|
|P2017-ND-109||Aug 4 2017||HSBC InvestDirect, a division of HSBC Securities (Canada) Inc.|
|Summary: A husband and wife set up an account with the organization. When the account was opened, the... [More]|
|P2017-ND-108||Aug 4 2017||Magellan Vacations (operating as Magellan Luxury Hotels)|
|Summary: The organization received information from a third party service provider that an unauthorized... [More]|
|P2017-ND-107||Aug 3 2017||Activision Blizzard, Inc.|
|Summary: The organization was notified that an unauthorized party obtained access to information associated... [More]|
Copyright 2017 OIPC. All rights reserved.