In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2018-ND-043||Mar 16 2018||Preferred Hotels & Resorts|
|Summary: The organization was notified by its third party reservation service provider that an unauthorized... [More]|
|P2018-ND-042||Mar 5 2018||OnePlus Technology Co., Ltd.|
|Summary: The organization reported experiencing suspected credit card fraud and believed that their... [More]|
|P2018-ND-041||Mar 5 2018||Christian Credit Union Ltd.|
|Summary: An employee of the organization sent a fax to an incorrect number. When the organization did not... [More]|
|P2018-ND-039||Mar 2 2018||Alberta Hospitality Safety Association|
|Summary: The organization uses a service provider to provide e-commerce services enabling the organization's... [More]|
|P2018-ND-038||Mar 2 2018||Aramark Entertainment Services (Canada) Inc., a subsidiary of Aramark Canada Ltd.|
|Summary: An employee with the organization sent an email to 49 new employees regarding an upcoming training... [More]|
|P2018-ND-036||Feb 28 2018||CWC Energy Services Corp.|
|Summary: A courier package containing the organization’s documents was stolen from the courier’s depot. The... [More]|
|P2018-ND-035||Feb 28 2018||Apple Inc.|
|Summary: An employee with the organization’s service provider attempted to misuse the personal information... [More]|
|P2018-ND-034||Feb 28 2018||Aesop Canada Inc.|
|Summary: One of the organization's credit card issuers notified the organization that it had noticed... [More]|
|P2018-ND-033||Feb 28 2018||LiveGlam, Inc.|
|Summary: The organization discovered that its website was subject to an attack and confirmed that an... [More]|
|P2018-ND-032||Feb 28 2018||W.W. Grainger Inc.|
|Summary: A laptop was stolen from a vehicle belonging to an employee of the organization. There was personal... [More]|
|P2018-ND-031||Feb 28 2018||Goldec Hamm's Manufacturing Ltd.|
|Summary: A building on the organization's property was broken into and paperwork was stolen. The incident... [More]|
|P2018-ND-030||Feb 28 2018||Uber B.V.|
|Summary: The organization provided a copy of a notification form that it had submitted to the Dutch Data... [More]|
|P2018-ND-028||Feb 16 2018||Four Seasons Hotels Limited|
|Summary: The organization was notified by its service provider that an unauthorized party gained access to... [More]|
|P2018-ND-027||Feb 5 2018||Canadian Tire Corporation Limited|
|Summary: The organization previously reported that routine monitoring of the organization's security system... [More]|
|P2018-ND-026||Feb 5 2018||London Drugs Ltd.|
|Summary: A customer's laptop, which was being serviced by the organization's technicians, was stolen from an... [More]|
Copyright 2018 OIPC. All rights reserved.