In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2018-ND-155||Nov 23 2018||YWCA of Calgary|
|Summary: An employee sent an email to human resources about changes to a current employee's work schedule... [More]|
|P2018-ND-154||Nov 23 2018||Casper Sleep Inc.|
|Summary: The organization found that an error in server configuration exposed customers' past order details... [More]|
|P2018-ND-153||Nov 23 2018||Mertex Canada Ltd.|
|Summary: An employee sent an email to two other employees; however, the email contained compensation... [More]|
|P2018-ND-152||Nov 23 2018||Hudson's Bay Company|
|Summary: The organization's third party service provider reported that an unauthorized third party was able... [More]|
|P2018-ND-151||Nov 23 2018||Sun Life Assurance Company of Canada|
|Summary: An employee of the organization emailed a pre-filled beneficiary designation form to a client with... [More]|
|P2018-ND-150||Nov 16 2018||Trisotech Computer Consulting Services Inc.|
|Summary: The organization discovered it had paid a fraudulent invoice and an unauthorized party may have... [More]|
|P2018-ND-149||Nov 16 2018||SMS Equipment Inc.|
|Summary: The organization believes a notebook may have been stolen. The incident affected 37 Alberta... [More]|
|P2018-ND-148||Nov 15 2018||Kids U Inc. (Walden)|
|Summary: The organization's office was broken into, and a television, printer and laptop were stolen. The... [More]|
|P2018-ND-147||Nov 15 2018||NAL Resources Management Limited|
|Summary: The organization reported that three accounts had been breached, including one which contained... [More]|
|P2018-ND-145||Nov 15 2018||Plant Therapy, Inc.|
|Summary: The organization's third party web platform provider discovered malware had been installed. The... [More]|
|P2018-ND-144||Nov 14 2018||Ivari Canada ULC|
|Summary: The organization mailed a letter to a doctor's office, but the address was incomplete and the... [More]|
|P2018-ND-143||Nov 14 2018||1st Choice Savings and Credit Union Ltd.|
|Summary: An employee of the organization inadvertently sent an email with PDF attachments to a non-employee.... [More]|
|P2018-ND-142||Nov 14 2018||Nordstrom, Inc.|
|Summary: A contract worker accessed employee data and uploaded the data onto a USB key in violation of the... [More]|
|P2018-ND-141||Nov 14 2018||Tyrell Inc. o/a Zentrum|
|Summary: The organization's website was accessed by an unknown third party. The third party downloaded... [More]|
|P2018-ND-140||Nov 14 2018||Civeo (Civeo Services Employees LP)|
|Summary: Employees of the organization responded to a phishing email resulting in email accounts being... [More]|
Copyright 2018 OIPC. All rights reserved.