In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2018-ND-058||May 8 2018||The Driving Force Inc., TDF Group Inc., Driving Force Investments Inc., 4505 Nunavut limited, Klondike Motors Inc., DF Western Inc. and The Driving Force Ltd.|
|Summary: The organization discovered an unauthorized forwarding rule attached to the mailbox of its... [More]|
|P2018-ND-057||May 7 2018||Red Deer Therapy|
|Summary: The organization was subject to a break and enter and robbery. The incident affected 20 Alberta... [More]|
|P2018-ND-056||May 7 2018||Grant Thornton Limited, acting as court-appointed Receiver for Western Precast Group Ltd.|
|Summary: The organization is acting as a court-appointed receiver for another organization. The organization... [More]|
|P2018-ND-055||May 7 2018||Lake Kennedy McCulloch CPAs|
|Summary: The organization identified a potential data security incident and discovered that its information... [More]|
|P2018-ND-054||May 7 2018||Municipal Media Inc.|
|Summary: The organization uploaded a list created from its subscriber data to an industry platform intending... [More]|
|P2018-ND-052||May 7 2018||Fareportal Inc.|
|Summary: The organization discovered that a now-former employee located in India was involved in diverting... [More]|
|P2018-ND-051||May 7 2018||Financial Literacy Counsel Inc.|
|Summary: Inbound emails sent to an employee of the organization were forwarded to unauthorized email... [More]|
|P2018-ND-050||Apr 23 2018||Ledcor Construction Limited|
|Summary: The organization provided T4 forms to 44 employees or former employees. Inadvertently, the... [More]|
|P2018-ND-049||Apr 18 2018||Avenue Living (2014) LP|
|Summary: This decision relates to P2017-ND-167. A former employee accessed the organization's server after... [More]|
|P2018-ND-048||Apr 11 2018||Foresters Financial, a trademark of The Independent Order of Foresters and its subsidiaries|
|Summary: The organization learned that some annual statements, which contained information about customers'... [More]|
|P2018-ND-047||Apr 9 2018||Peace Hills General Insurance Company|
|Summary: Internal mail intended for a branch office employee was inadvertently sent to an unauthorized... [More]|
|P2018-ND-046||Apr 9 2018||Bronson Nutritionals LLC|
|Summary: The organization identified malware designed to collect customers' payment card information on... [More]|
|P2018-ND-045||Apr 9 2018||Keegano Housing Cooperative Ltd.|
|Summary: The organization's Finance Committee met. In camera meeting minutes were inadvertently uploaded on... [More]|
|P2018-ND-044||Apr 9 2018||Manduka, LLC|
|Summary: An incident involving the unauthorized installation of malware on the organization's ecommerce web... [More]|
|P2018-ND-043||Mar 16 2018||Preferred Hotels & Resorts|
|Summary: The organization was notified by its third party reservation service provider that an unauthorized... [More]|
Copyright 2018 OIPC. All rights reserved.