• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 10  
Decision Date Body
P2017-ND-142 Nov 6 2017 Aimbridge Hospitality Holdings, LLC
Summary: The organization was notified by its service provider that an unauthorized party obtained access to... [More]
P2017-ND-141 Oct 23 2017 Hyatt Hotels Corporation
Summary: The organization determined that there was unauthorized access to payment card information from... [More]
P2017-ND-140 Oct 23 2017 Desjardins Financial Security Insurance
Summary: An email was sent to an incorrect party having the same name as the subject of the information. The... [More]
P2017-ND-139 Oct 3 2017 Avis Budget Group, Inc.
Summary: The organization detected what it believes to have been a brute force or dictionary intrusion by an... [More]
P2017-ND-137 Oct 3 2017 Canadian Blood Services
Summary: A donor with the organization submitted a request to the organization's national contact centre for... [More]
P2017-ND-136 Oct 3 2017 Goldenvoice, LLC
Summary: Hackers obtained unauthorized accessed through the coachella.com website to certain databases... [More]
P2017-ND-135 Oct 3 2017 YWCA of Calgary
Summary: A caller phoned an employee of the organization's work number and was advised that the employee was... [More]
P2017-ND-134 Oct 2 2017 H&R Block Canada, Inc.
Summary: A client filled out a drop off form and provided documents to a local branch office of the... [More]
P2017-ND-133 Oct 2 2017 Geokinetics Inc.
Summary: An employee with the organization received an email that was purportedly a request from the... [More]
P2017-ND-132 Sep 15 2017 H&R Block Canada, Inc.
Summary: A client inquired about her 2014 tax file at a local branch office of the organization. The local... [More]
P2017-ND-131 Sep 14 2017 McDonald’s Restaurants of Canada Limited
Summary: The organization detected unusual activity on its web server environment that hosts the Canada... [More]
P2017-ND-130 Sep 11 2017 Best Western Plus Wine Country Hotel & Suites in West Kelowna, operated by 626498 Alberta Ltd.
Summary: A reservation clerk with the organization unknowingly opened a phishing email which caused malware... [More]
P2017-ND-129 Sep 5 2017 King Edward Child Care Society
Summary: A staff member left an emergency backpack containing a portable first aid kit and the information... [More]
P2017-ND-128 Sep 7 2017 Fareportal, Inc.
Summary: A now former employee of the organization emailed customers’ personal information from the... [More]
P2017-ND-127 Sep 5 2017 Millbourne Sports Plus Physiotherapy Clinic
Summary: The organization's clinic manager took home four patient charts in order to complete them in the... [More]
Page: of 10  
Loading... Please Wait