• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 2  
Decision Date Body
P2017-ND-30 Feb 2 2017 B. Lane, Inc. d/b/a Fashion to Figure
Summary: The organization discovered that malware was installed on it website, which was managed by a third... [More]
P2017-ND-29 Feb 2 2017 Sun Life Assurance Company of Canada
Summary: The organization mailed investment confirmation notices. Some recipients received investment... [More]
P2017-ND-28 Feb 1 2017 Matson Navigation Company and Horizon Lines
Summary: An external hard drive containing personal information was shipped from China to Tacoma,... [More]
P2017-ND-27 Jan 31 2017 Direct Energy Marketing Limited and Direct Energy Regulated Services
Summary: The organization was notified by the Office of the Information and Privacy Commissioner that a... [More]
P2017-ND-26 Jan 30 2017 Brandeis University
Summary: The organization discovered that two university computers were stolen from the registrar's office.... [More]
P2017-ND-25 Jan 30 2017 Manulife Financial
Summary: The organization found that unknown individuals purchased personal information from an employee of... [More]
P2017-ND-23 Jan 30 2017 Scott Builders Inc.
Summary: The organization discovered an unauthorized user was logged on to its web-based computer system and... [More]
P2017-ND-22 Jan 30 2017 Scripps Networks, LLC
Summary: The organization discovered an intruder may have had access to, and potential acquisition of, some... [More]
P2017-ND-21 Jan 30 2017 Equitable Life of Canada
Summary: An incorrect address was entered into the organization's administration system for a certificate... [More]
P2017-ND-20 Jan 30 2017 Muji USA, Ltd.
Summary: The organization believes that an unauthorized third party used malware to infiltrate its online... [More]
P2017-ND-19 Jan 30 2017 Peter Michael Winery
Summary: The organization was notified by its e-commerce vendor that an unauthorized third party breached... [More]
P2017-ND-18 Jan 30 2017 EyeBuyDirect, Inc.
Summary: The organization's website was accessed by hackers using a Russian IP address. The incident... [More]
P2017-ND-15 Jan 9 2017 Future Values Estate and Financial Planning
Summary: An email was sent to a client's correct email address, but also copied to an incorrect email... [More]
P2017-ND-14 Jan 9 2017 Duck Inn Daycare and Out of School Care
Summary: The organization’s emergency backpack was lost or stolen at an outside event, and the backpack was... [More]
P2017-ND-13 Jan 9 2017 New England College of Optometry
Summary: The organization learned that a former employee had stolen and used some credit card numbers... [More]
Page: of 2  
Loading... Please Wait