• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 6  
Decision Date Body
P2018-ND-090 Jul 27 2018 Northbridge General Insurance Corporation
Summary: An employee in the organization's Toronto office received a phishing email from a known and trusted... [More]
P2018-ND-089 Jul 27 2018 IKEA Canada Limited Partnership
Summary: The organization received calls from 13 customers reporting that an alleged employee of the... [More]
P2018-ND-088 Jul 26 2018 TAWS Security
Summary: An employee of the organization sent an email to 17 employees asking them to complete attached... [More]
P2018-ND-087 Jul 26 2018 Imperial Oil Limited
Summary: The organization's loyalty program mobile application, which is hosted and managed externally by a... [More]
P2018-ND-086 Jul 18 2018 Sun Life Financial
Summary: An employee of the organization inadvertently sent a client a PDF file containing his own coverage... [More]
P2018-ND-085 Jul 18 2018 Write-On Stationery Supplies Inc.
Summary: The organization uses a third party service provider to host its ecommerce website. The service... [More]
P2018-ND-084 Jul 18 2018 Discovery Time Preschool Ltd.
Summary: One of the organization's emergency backpacks went missing. It is possible the backpack was... [More]
P2018-ND-083 Jul 17 2018 La Coop fédérée
Summary: The organization received a phishing email from a company that had an existing business... [More]
P2018-ND-082 Jul 16 2018 Roberts Hawaii, Inc.
Summary: The organization received reports from several customers of fraudulent charges appearing on their... [More]
P2018-ND-081 Jul 16 2018 R.C. Purdy Chocolates Ltd.
Summary: The organization uses a third-party company to provide e-commerce services. The service provider... [More]
P2018-ND-080 Jul 16 2018 Affy Tapple, LLC operating as Mrs. Prindables
Summary: The organization uses a third-party company to operate and maintain the technology for website and... [More]
P2018-ND-077 Jul 16 2018 SSAB Swedish Steel, Ltd.
Summary: The incident was the result of human error, whereby an employee attached to an email a document... [More]
P2018-ND-076 Jul 9 2018 Luxury Retreats
Summary: The organization learned that an unknown individual had gained access to an employee's corporate... [More]
P2018-ND-075 Jul 9 2018 The Coca-Cola Company
Summary: The organization was informed by US law enforcement officials that a former US-based employee of a... [More]
P2018-ND-074 Jul 6 2018 Snap-on Incorporated
Summary: A third party security provider alerted the organization to suspicious activity. An investigation... [More]
Page: of 6  
Loading... Please Wait