In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2018-ND-027||Feb 5 2018||Canadian Tire Corporation Limited|
|Summary: The organization previously reported that routine monitoring of the organization's security system... [More]|
|P2018-ND-026||Feb 5 2018||London Drugs Ltd.|
|Summary: A customer's laptop, which was being serviced by the organization's technicians, was stolen from an... [More]|
|P2018-ND-025||Feb 5 2018||Pentair Aquatic Eco Systems, Inc.|
|Summary: The organization identified unauthorized computer code was added to the checkout page of its online... [More]|
|P2018-ND-023||Feb 5 2018||Primerica Financial Services (Canada) Ltd.|
|Summary: A representative of the organization met with a client to discuss investment opportunities. The... [More]|
|P2018-ND-022||Jan 30 2018||Vari Tech Systems Inc.|
|Summary: The organization found that an unsecured folder residing on the organization's servers was... [More]|
|P2018-ND-021||Jan 31 2018||FastHealth Corporation|
|Summary: The organization identified suspicious code on a server. It was determined that an unauthorized... [More]|
|P2018-ND-019||Jan 29 2018||Imperial Oil Limited|
|Summary: The organization learned that its loyalty program website, which is hosted by a vendor, was... [More]|
|P2018-ND-015||Jan 26 2018||Rosewood Hotel Group|
|Summary: The organization was notified by its third party service provider that an unauthorized third party... [More]|
|P2018-ND-014||Jan 12 2018||Stewart & Stevenson Canada Inc.|
|Summary: The organization learned from a police service that unauthorized third parties were in possession... [More]|
|P2018-ND-013||Jan 11 2018||BC Investment Management Corp.|
|Summary: An employee of the organization had his vehicle broken into and a work-issued portable electronic... [More]|
|P2018-ND-012||Jan 11 2018||Joyent, Inc.|
|Summary: The organization learned that an unauthorized party obtained certain data maintained on the... [More]|
|P2018-ND-011||Jan 10 2018||Field LLP|
|Summary: The organization learned that two binders of materials relating to a lawsuit fell out of the trunk... [More]|
|P2018-ND-010||Jan 8 2018||Combat Brands LLC|
|Summary: In follow up to breach decision P2017-ND-65, the organization discovered that malware had not been... [More]|
|P2018-ND-009||Jan 5 2018||YWCA Calgary|
|Summary: Papers were inadvertently placed in one of the organization's general recycling bins, rather than... [More]|
|P2018-ND-008||Jan 4 2018||Servus Credit Union Ltd.|
|Summary: A personal financial statement of a member of the organization was obtained by the member's... [More]|
Copyright 2018 OIPC. All rights reserved.