• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 9  
Decision Date Body
P2018-ND-132 Sep 27 2018 Ebbs, Roberts, Head & Daw Inc.
Summary: The organization believes a phishing attack may have been the cause of a compromise to its... [More]
P2018-ND-131 Sep 27 2018 LÍLLÉbaby
Summary: The organization had unauthorized installation of malware on its e-commerce web platform, which may... [More]
P2018-ND-130 Sep 27 2018 CDN Controls Ltd.
Summary: The organization received a telephone call from a former employee alleging that his dates of... [More]
P2018-ND-128 Sep 27 2018 Universal Rail Systems
Summary: During a routine payroll systems upgrade, a new system folder provided by a third party vendor was... [More]
P2018-ND-127 Sep 26 2018 Northbridge General Insurance Corporation and Federated Insurance Company of Canada
Summary: An employee of the organization received a phishing email from a known and trusted business partner... [More]
P2018-ND-126 Sep 26 2018 Quality Credit Services Limited (doing business as Quality Credit Reporting)
Summary: The organization was retained by the affected individuals to provide credit reports in connection... [More]
P2018-ND-125 Sep 26 2018 Bombas, LLC
Summary: The organization had malware in its third party e-commerce platform used for payment card... [More]
P2018-ND-124 Sep 17 2018 McAfee Ireland Ltd.
Summary: The organization offers a computer support service through a vendor. The organization was made... [More]
P2018-ND-123 Sep 17 2018 CIBC World Markets, a reported by Canadian Imperial Bank of Commerce
Summary: The organization learned that one of its vendors was contacted by an unknown third party using an... [More]
P2018-ND-122 Sep 17 2018 Alpha Industries, Inc.
Summary: The organization learned that its third party digital commerce platform provider had experienced an... [More]
P2018-ND-121 Sep 4 2018 FastHealth Corporation
Summary: The organization received a report from law enforcement indicating that an unauthorized third party... [More]
P2018-ND-120 Sep 4 2018 Feld Entertainment, Inc.
Summary: The organization identified suspicious email activity related to a phishing email sent to certain... [More]
P2018-ND-119 Sep 4 2018 Sun Life Assurance Company of Canada
Summary: An advisor with the organization left a bag containing 12 insurance contracts in a locked car at... [More]
P2018-ND-118 Sep 4 2018 Envision Property Management Ltd.
Summary: Thieves broke in to the group mailbox at a residential condominium property the organization... [More]
P2018-ND-117 Aug 13 2018 Rail Europe SAS (France)
Summary: The organization found that an attacker was able to gain access to the organization's front-end web... [More]
Page: of 9  
Loading... Please Wait