• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 8  
Decision Date Body
P2017-ND-125 Aug 28 2017 Spiraledge, Inc.
Summary: The organization confirmed that malware may have stolen credit or debit card data from some credit... [More]
P2017-ND-124 Aug 28 2017 Native Canada Footwear Ltd.
Summary: The organization determined that malware infected the organization's website. It appears the... [More]
P2017-ND-123 Aug 28 2017 Hartz Hotel Services, Inc.
Summary: The organization was notified by its service provider that an unauthorized party gained access to... [More]
P2017-ND-121 Aug 11 2017 National Bank Investments
Summary: The organization reported that an unauthorized party outside the organization accessed a number of... [More]
P2017-ND-120 Aug 11 2017 Spectrum Psychological Inc.
Summary: The organization, a psychologist, reported that for many years he sent documents related to his... [More]
P2017-ND-119 Aug 9 2017 Central 1 Credit Union
Summary: While troubleshooting a software issue, an employee of the organization inadvertently uploaded an... [More]
P2017-ND-118 Aug 9 2017 First Calgary Financial a division of Connect First Credit Union Ltd.
Summary: A teller with the organization gathered cheques received for the day for deposit or cash, printed a... [More]
P2017-ND-117 Aug 9 2017 Beacon Consumer Holdings Inc.
Summary: The organization discovered a virus on its system relating to its website. The organization found... [More]
P2017-ND-116 Aug 8 2017 College of Licensed Practical Nurses of Alberta
Summary: An employee of the organization emailed a letter containing the personal information at issue to... [More]
P2017-ND-114 Aug 8 2017 Dalmac Oilfield Services Inc.
Summary: The organization discovered that key-logger software had been installed on an employee's computer... [More]
P2017-ND-111 Aug 4 2017 Sun Life Assurance Company of Canada
Summary: A laptop belonging to an advisor with the organization was stolen from the advisor’s vehicle parked... [More]
P2017-ND-110 Aug 4 2017 Brion Energy Corporation
Summary: A phishing email was sent from an executive email account to an executive assistant requesting... [More]
P2017-ND-109 Aug 4 2017 HSBC InvestDirect, a division of HSBC Securities (Canada) Inc.
Summary: A husband and wife set up an account with the organization. When the account was opened, the... [More]
P2017-ND-108 Aug 4 2017 Magellan Vacations (operating as Magellan Luxury Hotels)
Summary: The organization received information from a third party service provider that an unauthorized... [More]
P2017-ND-107 Aug 3 2017 Activision Blizzard, Inc.
Summary: The organization was notified that an unauthorized party obtained access to information associated... [More]
Page: of 8  
Loading... Please Wait