• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 2  
Decision Date Body
P2018-ND-027 Feb 5 2018 Canadian Tire Corporation Limited
Summary: The organization previously reported that routine monitoring of the organization's security system... [More]
P2018-ND-026 Feb 5 2018 London Drugs Ltd.
Summary: A customer's laptop, which was being serviced by the organization's technicians, was stolen from an... [More]
P2018-ND-025 Feb 5 2018 Pentair Aquatic Eco Systems, Inc.
Summary: The organization identified unauthorized computer code was added to the checkout page of its online... [More]
P2018-ND-023 Feb 5 2018 Primerica Financial Services (Canada) Ltd.
Summary: A representative of the organization met with a client to discuss investment opportunities. The... [More]
P2018-ND-022 Jan 30 2018 Vari Tech Systems Inc.
Summary: The organization found that an unsecured folder residing on the organization's servers was... [More]
P2018-ND-021 Jan 31 2018 FastHealth Corporation
Summary: The organization identified suspicious code on a server. It was determined that an unauthorized... [More]
P2018-ND-019 Jan 29 2018 Imperial Oil Limited
Summary: The organization learned that its loyalty program website, which is hosted by a vendor, was... [More]
P2018-ND-015 Jan 26 2018 Rosewood Hotel Group
Summary: The organization was notified by its third party service provider that an unauthorized third party... [More]
P2018-ND-014 Jan 12 2018 Stewart & Stevenson Canada Inc.
Summary: The organization learned from a police service that unauthorized third parties were in possession... [More]
P2018-ND-013 Jan 11 2018 BC Investment Management Corp.
Summary: An employee of the organization had his vehicle broken into and a work-issued portable electronic... [More]
P2018-ND-012 Jan 11 2018 Joyent, Inc.
Summary: The organization learned that an unauthorized party obtained certain data maintained on the... [More]
P2018-ND-011 Jan 10 2018 Field LLP
Summary: The organization learned that two binders of materials relating to a lawsuit fell out of the trunk... [More]
P2018-ND-010 Jan 8 2018 Combat Brands LLC
Summary: In follow up to breach decision P2017-ND-65, the organization discovered that malware had not been... [More]
P2018-ND-009 Jan 5 2018 YWCA Calgary
Summary: Papers were inadvertently placed in one of the organization's general recycling bins, rather than... [More]
P2018-ND-008 Jan 4 2018 Servus Credit Union Ltd.
Summary: A personal financial statement of a member of the organization was obtained by the member's... [More]
Page: of 2  
Loading... Please Wait