In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2018-ND-090||Jul 27 2018||Northbridge General Insurance Corporation|
|Summary: An employee in the organization's Toronto office received a phishing email from a known and trusted... [More]|
|P2018-ND-089||Jul 27 2018||IKEA Canada Limited Partnership|
|Summary: The organization received calls from 13 customers reporting that an alleged employee of the... [More]|
|P2018-ND-088||Jul 26 2018||TAWS Security|
|Summary: An employee of the organization sent an email to 17 employees asking them to complete attached... [More]|
|P2018-ND-087||Jul 26 2018||Imperial Oil Limited|
|Summary: The organization's loyalty program mobile application, which is hosted and managed externally by a... [More]|
|P2018-ND-086||Jul 18 2018||Sun Life Financial|
|Summary: An employee of the organization inadvertently sent a client a PDF file containing his own coverage... [More]|
|P2018-ND-085||Jul 18 2018||Write-On Stationery Supplies Inc.|
|Summary: The organization uses a third party service provider to host its ecommerce website. The service... [More]|
|P2018-ND-084||Jul 18 2018||Discovery Time Preschool Ltd.|
|Summary: One of the organization's emergency backpacks went missing. It is possible the backpack was... [More]|
|P2018-ND-083||Jul 17 2018||La Coop fédérée|
|Summary: The organization received a phishing email from a company that had an existing business... [More]|
|P2018-ND-082||Jul 16 2018||Roberts Hawaii, Inc.|
|Summary: The organization received reports from several customers of fraudulent charges appearing on their... [More]|
|P2018-ND-081||Jul 16 2018||R.C. Purdy Chocolates Ltd.|
|Summary: The organization uses a third-party company to provide e-commerce services. The service provider... [More]|
|P2018-ND-080||Jul 16 2018||Affy Tapple, LLC operating as Mrs. Prindables|
|Summary: The organization uses a third-party company to operate and maintain the technology for website and... [More]|
|P2018-ND-077||Jul 16 2018||SSAB Swedish Steel, Ltd.|
|Summary: The incident was the result of human error, whereby an employee attached to an email a document... [More]|
|P2018-ND-076||Jul 9 2018||Luxury Retreats|
|Summary: The organization learned that an unknown individual had gained access to an employee's corporate... [More]|
|P2018-ND-075||Jul 9 2018||The Coca-Cola Company|
|Summary: The organization was informed by US law enforcement officials that a former US-based employee of a... [More]|
|P2018-ND-074||Jul 6 2018||Snap-on Incorporated|
|Summary: A third party security provider alerted the organization to suspicious activity. An investigation... [More]|
Copyright 2018 OIPC. All rights reserved.