• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 3  
Decision Date Body
P2019-ND-044 Mar 4 2019 TALX Corporation and Honeywell International Inc., as reported by TALX Corporation
Summary: The organization discovered that one or more persons reset the PINs and accessed the online portal... [More]
P2019-ND-040 Mar 1 2019 Confederation Park Little League
Summary: A former volunteer with the organization did not delete or return a spreadsheet that contained the... [More]
P2019-ND-039 Feb 28 2019 Newegg Inc.
Summary: The organization believes an unauthorized party gained access to its network using malicious... [More]
P2019-ND-038 Feb 27 2019 Dufferin Construction Company, a division of CRH Canada Group Inc.
Summary: An employee notified the organization that he was able to access an electronic human resources... [More]
P2019-ND-037 Feb 19 2019 Goodlife Fitness Centres Inc.
Summary: The organization discovered an error in its membership database whereby some members inadvertently... [More]
P2019-ND-036 Feb 19 2019 Syncrude Canada Ltd.
Summary: A payroll file was misplaced during the onboarding process for a new hire. The incident affected... [More]
P2019-ND-035 Feb 19 2019 MediaQMI Inc.
Summary: The organization concluded that an unauthorized individual illegally obtained access to certain... [More]
P2019-ND-034 Feb 19 2019 RiverMend Health, LLC
Summary: The organization identified suspicious emails being sent from an employee's account. The... [More]
P2019-ND-033 Feb 19 2019 Gerlad J. Kugelmass Professional Corporation
Summary: The organization reported an intrusion to an email account that resulted in phishing emails being... [More]
P2019-ND-032 Feb 19 2019 Loblaw Companies Limited
Summary: Automated credential stuffing attacks occurred against web properties owned by the organization.... [More]
P2019-ND-030 Feb 19 2019 TALX Corporation and Allegis Group Inc., as reported by TALX Corporation
Summary: The organizations determined that an unauthorized person was able to successfully answer questions... [More]
P2019-ND-028 Feb 19 2019 Groupe Materiaux Godin and Materiaux Godin et Fils
Summary: A small black tote containing documents with the information at issue was stored in a residential... [More]
P2019-ND-027 Feb 19 2019 Syncrude Canada Ltd.
Summary: An employee of the organization reported that they had incorrect access permissions to an internal... [More]
P2019-ND-026 Mar 18 2019 CH Nursery Management Ltd., operating as Early Discoveries Nursery School
Summary: A class teacher binder disappeared while the organization's classrooms were used by another party.... [More]
P2019-ND-025 Feb 15 2019 PFSL Fund Management Ltd.
Summary: Tax receipts issued for estate accounts with multiple recipients - deceased, executors and... [More]
Page: of 3  
Loading... Please Wait