In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2017-ND-30||Feb 2 2017||B. Lane, Inc. d/b/a Fashion to Figure|
|Summary: The organization discovered that malware was installed on it website, which was managed by a third... [More]|
|P2017-ND-29||Feb 2 2017||Sun Life Assurance Company of Canada|
|Summary: The organization mailed investment confirmation notices. Some recipients received investment... [More]|
|P2017-ND-28||Feb 1 2017||Matson Navigation Company and Horizon Lines|
|Summary: An external hard drive containing personal information was shipped from China to Tacoma,... [More]|
|P2017-ND-27||Jan 31 2017||Direct Energy Marketing Limited and Direct Energy Regulated Services|
|Summary: The organization was notified by the Office of the Information and Privacy Commissioner that a... [More]|
|P2017-ND-26||Jan 30 2017||Brandeis University|
|Summary: The organization discovered that two university computers were stolen from the registrar's office.... [More]|
|P2017-ND-25||Jan 30 2017||Manulife Financial|
|Summary: The organization found that unknown individuals purchased personal information from an employee of... [More]|
|P2017-ND-23||Jan 30 2017||Scott Builders Inc.|
|Summary: The organization discovered an unauthorized user was logged on to its web-based computer system and... [More]|
|P2017-ND-22||Jan 30 2017||Scripps Networks, LLC|
|Summary: The organization discovered an intruder may have had access to, and potential acquisition of, some... [More]|
|P2017-ND-21||Jan 30 2017||Equitable Life of Canada|
|Summary: An incorrect address was entered into the organization's administration system for a certificate... [More]|
|P2017-ND-20||Jan 30 2017||Muji USA, Ltd.|
|Summary: The organization believes that an unauthorized third party used malware to infiltrate its online... [More]|
|P2017-ND-19||Jan 30 2017||Peter Michael Winery|
|Summary: The organization was notified by its e-commerce vendor that an unauthorized third party breached... [More]|
|P2017-ND-18||Jan 30 2017||EyeBuyDirect, Inc.|
|Summary: The organization's website was accessed by hackers using a Russian IP address. The incident... [More]|
|P2017-ND-15||Jan 9 2017||Future Values Estate and Financial Planning|
|Summary: An email was sent to a client's correct email address, but also copied to an incorrect email... [More]|
|P2017-ND-14||Jan 9 2017||Duck Inn Daycare and Out of School Care|
|Summary: The organization’s emergency backpack was lost or stolen at an outside event, and the backpack was... [More]|
|P2017-ND-13||Jan 9 2017||New England College of Optometry|
|Summary: The organization learned that a former employee had stolen and used some credit card numbers... [More]|
Copyright 2017 OIPC. All rights reserved.