Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 13  
Decision Date Body
P2019-ND-201 Dec 16 2019 ABCU Credit Union Ltd.
Summary: An envelope containing a document that was intended to be sent to an address in Toronto was found... [More]
P2019-ND-200 Dec 16 2019 Moodys Gartner Tax Law LLP
Summary: Thieves stole a number of items from the organization's Calgary office, including a duffel bag... [More]
P2019-ND-199 Dec 16 2019 SGI Canada Insurance Services Ltd.
Summary: An independent adjuster, working on behalf of the organization, had a briefcase stolen from the... [More]
P2019-ND-198 Dec 16 2019 Citrix Systems Canada Inc.
Summary: The organization discovered cyber criminals gained network access and removed files from the... [More]
P2019-ND-197 Dec 16 2019 SNC-Lavalin Inc.
Summary: The organization discovered that an unknown and unauthorized third party gained access to the... [More]
P2019-ND-196 Dec 16 2019 Young Women's Christian Association of Banff
Summary: A client's file was lost after a staff member was updating the file. The incident affected one... [More]
P2019-ND-195 Dec 16 2019 Lancaster Archery Supply, Inc.
Summary: Certain payment card information of customers on the organization's websites was compromised. The... [More]
P2019-ND-194 Dec 13 2019 Standard Nutrition Canada Co., owned by Sollio Agriculture, a division of La Coop federee
Summary: An employee's email account was accessed by an unauthorized individual through a phishing scam... [More]
P2019-ND-193 Dec 13 2019 Vitalize, LLC
Summary: Unauthorized activity on the organization's systems was traced to a phishing email. The incident... [More]
P2019-ND-192 Dec 13 2019 Tacony Corporation
Summary: The organization confirmed that code inserted into its online store was capable of capturing... [More]
P2019-ND-191 Dec 13 2019 Emco Corporation
Summary: One of the organization's employees had their email account accessed by an unauthorized individual.... [More]
P2019-ND-190 Dec 13 2019 Cervus Equipment Corporation
Summary: An unauthorized individual gained access to one of the organization's employee email accounts. The... [More]
P2019-ND-189 Dec 13 2019 Haws Corporation
Summary: The organization experienced a ransomware attack and it was unable to conclude whether personal was... [More]
P2019-ND-188 Dec 13 2019 Teck Resources Limited
Summary: A recruiter for the organization inadvertently scanned six sets of interview notes and a resume,... [More]
P2019-ND-187 Dec 13 2019 Microsoft Corporation
Summary: A call centre support supervisor who worked for a company providing support services to the... [More]
Page: of 13  
Loading... Please Wait