Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 12  
Decision Date Body
P2019-ND-179 Nov 27 2019 Discovery Communications, LLC
Summary: The organization learned from a third party that certain folders stored in a cloud-based platform... [More]
P2019-ND-178 Nov 27 2019 Zero Technologies, LLC d/b/a Zero Water
Summary: The organization determined that a vulnerability existed on its website that permitted unauthorized... [More]
P2019-ND-177 Nov 27 2019 The Great-West Life Assurance Company
Summary: Due to an administrative error, a group plan member received a mailed letter addressed to him,... [More]
P2019-ND-176 Nov 27 2019 Conde Nast
Summary: An unauthorized person(s) gained access to certain systems of the organization's third party... [More]
P2019-ND-175 Nov 27 2019 A.T. Cross Company
Summary: The organization determined that information provided for purchases made on the website were... [More]
P2019-ND-174 Nov 26 2019 Servus Credit Union Ltd.
Summary: An impersonator was able to successfully access a member’s account by successfully answering... [More]
P2019-ND-173 Dec 11 2019 EMC Business Solutions LLP
Summary: The organization determined that a keylogger - a form of malware - was installed on its ecommerce... [More]
P2019-ND-172 Nov 26 2019 HP Restaurant Group
Summary: The organization determined it was possible that customer credit and debit card information for... [More]
P2019-ND-171 Nov 22 2019 American Rental Association
Summary: The organization discovered that malicious code was present on its website, which scraped certain... [More]
P2019-ND-170 Nov 22 2019 National Wildlife Federation
Summary: The organization found that a backend database hosted by a third party vendor was accessed without... [More]
P2019-ND-169 Nov 22 2019 Premiere Suites
Summary: One of the organization’s laptop computers was stolen. Despite company policy to the contrary,... [More]
P2019-ND-168 Nov 22 2019 T3 Micro, Inc.
Summary: The organization determined that it was the victim of a cyberattack that may have resulted in a... [More]
P2019-ND-167 Nov 20 2019 eHarmony, Inc.
Summary: An analyst with the organization was monitoring social media and found a video that had been... [More]
P2019-ND-166 Nov 20 2019 Canadian Tire Corporation
Summary: The organization reported that a threat actor used credentials compromised in previous breaches... [More]
P2019-ND-165 Nov 20 2019 Stuart Olson Inc., and its subsidiary Canem Systems Ltd.
Summary: The organization's IT systems and internal servers were subject to a ransomware attack. The... [More]
Page: of 12  
Loading... Please Wait