• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 4  
Decision Date Body
P2017-ND-50 Apr 1 2017 World Learning Center
Summary: A laptop owned by a faculty member of the organization's School of International Training Study... [More]
P2017-ND-48 Apr 10 2017 prAna
Summary: The organization detected that an unauthorized third party may have obtained access to the servers... [More]
P2017-ND-47 Apr 10 2017 CIBC Wood Gundy Financial Services Inc.
Summary: An envelope intended to be mailed to clients was mailed to the clients' former address. The... [More]
P2017-ND-46 Mar 9 2017 United on Whyte Pastoral Charge
Summary: The organization experienced a break-in and a laptop was stolen from a locked office. The laptop... [More]
P2017-ND-45 Mar 8 2017 Safe for Home Products LLC d/b/a Naturepedic
Summary: The organization learned that encrypted malware was placed on its website. The malware copied... [More]
P2017-ND-44 Mar 7 2017 H & R Block Canada, Inc.
Summary: A customer was inadvertently handed an envelope that contained a tax return summary of another... [More]
P2017-ND-43 Mar 6 2017 College of Physicians and Surgeons of Alberta
Summary: The organization's practice visitor realized a CD storing patient information was missing. Despite... [More]
P2017-ND-42 Mar 6 2017 car2go Canada Ltd.
Summary: The organization found there had been a brute force attack against its system whereby unauthorized... [More]
P2017-ND-41 Mar 6 2017 MicroDAQ.com Ltd.
Summary: The organization learned that a third party embedded malware onto its ecommerce website that... [More]
P2017-ND-40 Mar 6 2017 Shutterstock Music Canada ULC dba Premium Beat
Summary: The organization became aware of unauthorized access to its database through a vulnerability in a... [More]
P2017-ND-39 Mar 6 2017 EVO Payments International Corp. - Canada
Summary: Another company informed the organization that one of its former employees had accessed an... [More]
P2017-ND-37 Mar 1 2017 Gianni Pezzente Professional Corporation
Summary: A vehicle was broken into and a backpack was stolen. The backpack contained tax returns and may... [More]
P2017-ND-36 Mar 1 2017 Acer Service Corporation
Summary: The organization discovered that during the testing and roll out of the organization's ecommerce... [More]
P2017-ND-35 Feb 24 2017 Loblaw Companies Limited
Summary: The organization confirmed member accounts had been targeted by threat actors operating in the dark... [More]
P2017-ND-34 Feb 22 2017 Walmart Canada Corp.
Summary: One of the organization's service providers suffered a security compromise on its website, which in... [More]
Page: of 4  
Loading... Please Wait