In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2019-ND-127||Aug 7 2019||Luxury Hotels International of Canada, ULC, a wholly owned subsidiary of Marriott International, Inc., the primary operating company for Canadian hotels.|
|Summary: The organization discovered that an unauthorized party had copied and encrypted information. The... [More]|
|P2019-ND-125||Aug 2 2019||GS1 US, Inc.|
|Summary: The organization suspected malicious code on the organization’s systems that may have had the... [More]|
|P2019-ND-124||Aug 2 2019||Alberta College and Association of Opticians|
|Summary: The organization’s server and system was hacked and infected with ransomware. The incident affected... [More]|
|P2019-ND-123||Aug 2 2019||ATB Financial|
|Summary: A team member's home was broken into and a work laptop bag was stolen. The laptop was encrypted and... [More]|
|P2019-ND-122||Aug 1 2019||The Topps Company, Inc.|
|Summary: The organization found that an unauthorized third party placed malicious code on its website... [More]|
|P2019-ND-121||Aug 1 2019||Longbow Capital Inc.|
|Summary: An employee completed a fraudulent web-form based on an email which appeared to be from a trusted... [More]|
|P2019-ND-120||Aug 1 2019||Proline Pipe Equipment Inc.|
|Summary: A former employee's record of employment was erroneously emailed to approximately 50 fellow... [More]|
|P2019-ND-119||Aug 1 2019||Intuit Canada ULC|
|Summary: The organization learned that some amended T4 statements may have been sent to old mailing... [More]|
|P2019-ND-118||Aug 1 2019||1873349 Ontario, Inc.|
|Summary: The organization found unauthorized access to payment card data from cards used to make purchases... [More]|
|P2019-ND-116||Jul 31 2019||Repsol Oil & Gas Canada Inc.|
|Summary: A trespasser accessed the organization's mailroom for approximately two hours, leaving with a... [More]|
|P2019-ND-115||Jul 31 2019||500px Inc.|
|Summary: The organization believes that an unauthorized party gained access to its systems and acquired... [More]|
|P2019-ND-114||Jul 31 2019||ATB Financial Winfield Agency|
|Summary: A safe was stolen from the organization. The incident affected 93 individuals, and involved name,... [More]|
|P2019-ND-113||Jul 26 2019||Global Knowledge Network (Canada) Inc.|
|Summary: An employee of the organization made a mistake printing T4A tax forms. Recipients may have received... [More]|
|P2019-ND-112||Jul 19 2019||The Great-West Life Assurance Company|
|Summary: Due to an administrative error, a demand letter for overpayment of disability benefits under a... [More]|
|P2019-ND-111||Jul 19 2019||Imperial Oil Limited|
|Summary: A fitness for work form was emailed in error to an internal employee with the same last name as the... [More]|
Copyright 2019 OIPC. All rights reserved.