• Contact Us
  • Site Map
  • Privacy Policy

Breach Notification Decisions

In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 52  
Decision Date Body
P2018-ND-169 Dec 14 2018 Pleasant Solutions Inc.
Summary: The organization's CEO found a USB keylogger on his computer. An investigation found that an... [More]
P2017-ND-167 Dec 22 2017 Avenue Living (2014) LP
Summary: An employee accessed the organization's server after hours through a personal device and stole... [More]
P2016-ND-70 Dec 23 2016 Springfield, Inc. (d/b/a Springfield Armory)
Summary: The organization determined that an unauthorized person or persons gained access to the web server... [More]
P2015-ND-80 Dec 23 2015 U.S. Fund for UNICEF
Summary: The organization discovered unauthorized access to one of its servers. Contact and credit card... [More]
P2014-ND-56 May 20 2014 Internap Inc.
Summary: The organization's computer systems were hacked but it could not confirm whether personal... [More]
P2013-ND-58 May 20 2014 C.S.T. Consultants Inc.
Summary: An education savings plan application was emailed in error and not recovered. Personal information,... [More]
P2012-ND-34 Jan 7 2013 ConocoPhillips Canada (North) Limited
Summary: An employee's house was broken into and a workbag was stolen. Personal information of 11 university... [More]
P2011-ND-043 Nov 1 2011 Aaron's Inc.
Summary: One of the organization's franchisee stores in Fresno, California was burglarized. Among the stolen... [More]
P2010-ND-011 Nov 30 2010 Speech-Language Pathologist (SLP) Jillian Rowsell
Summary: Two laptops were stolen from a speech pathologist's office. One of the stolen laptops contained an... [More]
P2018-ND-168 Dec 14 2018 Microtel Inn & Suites
Summary: Guests staying at one of the organization's locations entered a storage room and stole paper... [More]
P2017-ND-166 Dec 15 2017 RS Energy Group Canada, Inc. and RS Energy Group, Inc.
Summary: An individual located in Africa gained unauthorized access to the email account of the... [More]
P2016-ND-69 Dec 23 2016 Real Estate Council of Alberta
Summary: During a system upgrade, a technical error occurred that allowed individual real estate... [More]
P2015-ND-79 Dec 23 2015 Auburn University
Summary: One of the organization's servers was compromised resulting in unauthorized access to personal... [More]
P2014-ND-55 Apr 15 2014 Heyrock Chartered Accountants
Summary: A USB (backup) drive was stolen from the organization's office. The drive contained sensitive... [More]
P2013-ND-52 May 20 2014 BPS Diamond Sports Corporation
Summary: Certain computer systems were hacked. The server was an asset of a company that had been purchased... [More]
Page: of 52  
Loading... Please Wait