In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2018-ND-169||Dec 14 2018||Pleasant Solutions Inc.|
|Summary: The organization's CEO found a USB keylogger on his computer. An investigation found that an... [More]|
|P2017-ND-167||Dec 22 2017||Avenue Living (2014) LP|
|Summary: An employee accessed the organization's server after hours through a personal device and stole... [More]|
|P2016-ND-70||Dec 23 2016||Springfield, Inc. (d/b/a Springfield Armory)|
|Summary: The organization determined that an unauthorized person or persons gained access to the web server... [More]|
|P2015-ND-80||Dec 23 2015||U.S. Fund for UNICEF|
|Summary: The organization discovered unauthorized access to one of its servers. Contact and credit card... [More]|
|P2014-ND-56||May 20 2014||Internap Inc.|
|Summary: The organization's computer systems were hacked but it could not confirm whether personal... [More]|
|P2013-ND-58||May 20 2014||C.S.T. Consultants Inc.|
|Summary: An education savings plan application was emailed in error and not recovered. Personal information,... [More]|
|P2012-ND-34||Jan 7 2013||ConocoPhillips Canada (North) Limited|
|Summary: An employee's house was broken into and a workbag was stolen. Personal information of 11 university... [More]|
|P2011-ND-043||Nov 1 2011||Aaron's Inc.|
|Summary: One of the organization's franchisee stores in Fresno, California was burglarized. Among the stolen... [More]|
|P2010-ND-011||Nov 30 2010||Speech-Language Pathologist (SLP) Jillian Rowsell|
|Summary: Two laptops were stolen from a speech pathologist's office. One of the stolen laptops contained an... [More]|
|P2018-ND-168||Dec 14 2018||Microtel Inn & Suites|
|Summary: Guests staying at one of the organization's locations entered a storage room and stole paper... [More]|
|P2017-ND-166||Dec 15 2017||RS Energy Group Canada, Inc. and RS Energy Group, Inc.|
|Summary: An individual located in Africa gained unauthorized access to the email account of the... [More]|
|P2016-ND-69||Dec 23 2016||Real Estate Council of Alberta|
|Summary: During a system upgrade, a technical error occurred that allowed individual real estate... [More]|
|P2015-ND-79||Dec 23 2015||Auburn University|
|Summary: One of the organization's servers was compromised resulting in unauthorized access to personal... [More]|
|P2014-ND-55||Apr 15 2014||Heyrock Chartered Accountants|
|Summary: A USB (backup) drive was stolen from the organization's office. The drive contained sensitive... [More]|
|P2013-ND-52||May 20 2014||BPS Diamond Sports Corporation|
|Summary: Certain computer systems were hacked. The server was an asset of a company that had been purchased... [More]|
Copyright 2019 OIPC. All rights reserved.