In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2019-ND-040||Mar 1 2019||Confederation Park Little League|
|Summary: A former volunteer with the organization did not delete or return a spreadsheet that contained the... [More]|
|P2019-ND-039||Feb 28 2019||Newegg Inc.|
|Summary: The organization believes an unauthorized party gained access to its network using malicious... [More]|
|P2019-ND-038||Feb 27 2019||Dufferin Construction Company, a division of CRH Canada Group Inc.|
|Summary: An employee notified the organization that he was able to access an electronic human resources... [More]|
|P2019-ND-037||Feb 19 2019||Goodlife Fitness Centres Inc.|
|Summary: The organization discovered an error in its membership database whereby some members inadvertently... [More]|
|P2019-ND-036||Feb 19 2019||Syncrude Canada Ltd.|
|Summary: A payroll file was misplaced during the onboarding process for a new hire. The incident affected... [More]|
|P2019-ND-035||Feb 19 2019||MediaQMI Inc.|
|Summary: The organization concluded that an unauthorized individual illegally obtained access to certain... [More]|
|P2019-ND-034||Feb 19 2019||RiverMend Health, LLC|
|Summary: The organization identified suspicious emails being sent from an employee's account. The... [More]|
|P2019-ND-033||Feb 19 2019||Gerlad J. Kugelmass Professional Corporation|
|Summary: The organization reported an intrusion to an email account that resulted in phishing emails being... [More]|
|P2019-ND-032||Feb 19 2019||Loblaw Companies Limited|
|Summary: Automated credential stuffing attacks occurred against web properties owned by the organization.... [More]|
|P2019-ND-030||Feb 19 2019||TALX Corporation and Allegis Group Inc., as reported by TALX Corporation|
|Summary: The organizations determined that an unauthorized person was able to successfully answer questions... [More]|
|P2019-ND-028||Feb 19 2019||Groupe Materiaux Godin and Materiaux Godin et Fils|
|Summary: A small black tote containing documents with the information at issue was stored in a residential... [More]|
|P2019-ND-027||Feb 19 2019||Syncrude Canada Ltd.|
|Summary: An employee of the organization reported that they had incorrect access permissions to an internal... [More]|
|P2019-ND-026||Mar 18 2019||CH Nursery Management Ltd., operating as Early Discoveries Nursery School|
|Summary: A class teacher binder disappeared while the organization's classrooms were used by another party.... [More]|
|P2019-ND-025||Feb 15 2019||PFSL Fund Management Ltd.|
|Summary: Tax receipts issued for estate accounts with multiple recipients - deceased, executors and... [More]|
|P2019-ND-024||Feb 15 2019||AGF Investments Inc.|
|Summary: A cheque sent from the organization to fulfill a redemption request was mailed to the affected... [More]|
Copyright 2019 OIPC. All rights reserved.