In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2019-ND-067||May 17 2019||Servus Credit Union Ltd.|
|Summary: An unauthorized individual was able to successfully access two different member’s accounts. The... [More]|
|P2019-ND-066||May 17 2019||Servus Credit Union Ltd.|
|Summary: An unauthorized individual was able to successfully access a member’s account and update... [More]|
|P2019-ND-060||May 7 2019||Vistara Conway, Registered Psychologist|
|Summary: A vehicle was stolen, along with a client file lock-box. The incident affected approximately 16... [More]|
|P2019-ND-059||May 6 2019||HSBC lnvestDirect, a division of HSBC Securities (Canada) Inc.|
|Summary: A client contacted the organization to complain that his T4RSP and annual report had been sent to... [More]|
|P2019-ND-058||May 6 2019||Canon Medical Systems Canada Limited|
|Summary: The organization believed that persons who historically had authorized access to the organization’s... [More]|
|P2019-ND-057||May 6 2019||ACTIVE Network|
|Summary: The organization determined that an unauthorized third party used customer credentials to access... [More]|
|P2019-ND-056||May 6 2019||Sun Life Assurance Company of Canada|
|Summary: Due to an administrative error, a group plan member was able to access another group member's... [More]|
|P2019-ND-055||May 6 2019||Westlake Chemical Corporation (formerly Westlake Management Services, Inc.)|
|Summary: Due to an administrative error, a benefits group plan member was able to access another group... [More]|
|P2019-ND-054||May 6 2019||SMS Equipments Inc.|
|Summary: An employee disclosed to a hiring manager that an external job candidate failed a drug test. The... [More]|
|P2019-ND-053||May 3 2019||Acquis Consulting Group, LLC|
|Summary: An employee email account was accessed by an unauthorized actor. The incident affected two... [More]|
|P2019-ND-052||May 3 2019||Last Callum Corp.|
|Summary: A home was broken into and a purse, containing a notebook that contained payroll information, was... [More]|
|P2019-ND-051||May 2 2019||GoldSilver, LLC|
|Summary: An unauthorized individual obtained access to a database containing certain customer records, and... [More]|
|P2019-ND-050||May 1 2019||Servus Credit Union Ltd.|
|Summary: An unauthorized individual was granted access to a member's account over the phone via poor... [More]|
|P2019-ND-049||May 1 2019||Steele’s Transfer Ltd. and Steele’s Total Logistics Ltd. o/s Steele’s Transportation Group|
|Summary: The organization was subject to a ransomware attack. The organization found that the threat actor's... [More]|
|P2019-ND-048||May 1 2019||Tapestry Music Ltd.|
|Summary: The organization's IT consultant confirmed that threat actors attacked website plugins, which... [More]|
Copyright 2019 OIPC. All rights reserved.