In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2017-ND-142||Nov 6 2017||Aimbridge Hospitality Holdings, LLC|
|Summary: The organization was notified by its service provider that an unauthorized party obtained access to... [More]|
|P2017-ND-141||Oct 23 2017||Hyatt Hotels Corporation|
|Summary: The organization determined that there was unauthorized access to payment card information from... [More]|
|P2017-ND-140||Oct 23 2017||Desjardins Financial Security Insurance|
|Summary: An email was sent to an incorrect party having the same name as the subject of the information. The... [More]|
|P2017-ND-139||Oct 3 2017||Avis Budget Group, Inc.|
|Summary: The organization detected what it believes to have been a brute force or dictionary intrusion by an... [More]|
|P2017-ND-137||Oct 3 2017||Canadian Blood Services|
|Summary: A donor with the organization submitted a request to the organization's national contact centre for... [More]|
|P2017-ND-136||Oct 3 2017||Goldenvoice, LLC|
|Summary: Hackers obtained unauthorized accessed through the coachella.com website to certain databases... [More]|
|P2017-ND-135||Oct 3 2017||YWCA of Calgary|
|Summary: A caller phoned an employee of the organization's work number and was advised that the employee was... [More]|
|P2017-ND-134||Oct 2 2017||H&R Block Canada, Inc.|
|Summary: A client filled out a drop off form and provided documents to a local branch office of the... [More]|
|P2017-ND-133||Oct 2 2017||Geokinetics Inc.|
|Summary: An employee with the organization received an email that was purportedly a request from the... [More]|
|P2017-ND-132||Sep 15 2017||H&R Block Canada, Inc.|
|Summary: A client inquired about her 2014 tax file at a local branch office of the organization. The local... [More]|
|P2017-ND-131||Sep 14 2017||McDonald’s Restaurants of Canada Limited|
|Summary: The organization detected unusual activity on its web server environment that hosts the Canada... [More]|
|P2017-ND-130||Sep 11 2017||Best Western Plus Wine Country Hotel & Suites in West Kelowna, operated by 626498 Alberta Ltd.|
|Summary: A reservation clerk with the organization unknowingly opened a phishing email which caused malware... [More]|
|P2017-ND-129||Sep 5 2017||King Edward Child Care Society|
|Summary: A staff member left an emergency backpack containing a portable first aid kit and the information... [More]|
|P2017-ND-128||Sep 7 2017||Fareportal, Inc.|
|Summary: A now former employee of the organization emailed customers’ personal information from the... [More]|
|P2017-ND-127||Sep 5 2017||Millbourne Sports Plus Physiotherapy Clinic|
|Summary: The organization's clinic manager took home four patient charts in order to complete them in the... [More]|
Copyright 2017 OIPC. All rights reserved.