In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2017-ND-46||Mar 9 2017||United on Whyte Pastoral Charge|
|Summary: The organization experienced a break-in and a laptop was stolen from a locked office. The laptop... [More]|
|P2017-ND-45||Mar 8 2017||Safe for Home Products LLC d/b/a Naturepedic|
|Summary: The organization learned that encrypted malware was placed on its website. The malware copied... [More]|
|P2017-ND-44||Mar 7 2017||H & R Block Canada, Inc.|
|Summary: A customer was inadvertently handed an envelope that contained a tax return summary of another... [More]|
|P2017-ND-43||Mar 6 2017||College of Physicians and Surgeons of Alberta|
|Summary: The organization's practice visitor realized a CD storing patient information was missing. Despite... [More]|
|P2017-ND-42||Mar 6 2017||car2go Canada Ltd.|
|Summary: The organization found there had been a brute force attack against its system whereby unauthorized... [More]|
|P2017-ND-41||Mar 6 2017||MicroDAQ.com Ltd.|
|Summary: The organization learned that a third party embedded malware onto its ecommerce website that... [More]|
|P2017-ND-40||Mar 6 2017||Shutterstock Music Canada ULC dba Premium Beat|
|Summary: The organization became aware of unauthorized access to its database through a vulnerability in a... [More]|
|P2017-ND-39||Mar 6 2017||EVO Payments International Corp. - Canada|
|Summary: Another company informed the organization that one of its former employees had accessed an... [More]|
|P2017-ND-37||Mar 1 2017||Gianni Pezzente Professional Corporation|
|Summary: A vehicle was broken into and a backpack was stolen. The backpack contained tax returns and may... [More]|
|P2017-ND-35||Feb 24 2017||Loblaw Companies Limited|
|Summary: The organization confirmed member accounts had been targeted by threat actors operating in the dark... [More]|
|P2017-ND-33||Feb 21 2017||The Topps Company, Inc.|
|Summary: Malware was installed on the organization's website and the intruder(s) may have accessed the... [More]|
|P2017-ND-32||Feb 21 2017||Marin Software Incorporated|
|Summary: An unauthorized individual sent an email requesting employee payroll information and 2016 W-2... [More]|
|P2017-ND-31||Feb 7 2017||United Farmers of Alberta Co-operative Limited|
|Summary: The organization received an email from an unauthorized individual requesting that an email address... [More]|
|P2017-ND-30||Feb 2 2017||B. Lane, Inc. d/b/a Fashion to Figure|
|Summary: The organization discovered that malware was installed on it website, which was managed by a third... [More]|
|P2017-ND-29||Feb 2 2017||Sun Life Assurance Company of Canada|
|Summary: The organization mailed investment confirmation notices. Some recipients received investment... [More]|
Copyright 2017 OIPC. All rights reserved.