Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Alberta: OIPC publishes 2022 PIPA breach report
The Office of the Information and Privacy Commissioner of Alberta ('OIPC') announced, on 27 July 2022, that it had published, on the same date, a report analysing approximately 2,000 privacy breaches of the Personal Information Protection Act, SA 2003 c P-6.5 ('PIPA') that were reported in Alberta from 2010-2011 to 2020-2021. In particular, the OIPC noted that the main reason for notification to affected individuals was unauthorised access to personal information caused by a compromised electronic information system (e.g. the installation of malware or ransomware).
Additionally, the OIPC explained that the report offers guidance to organisations for establishing whether there is a real risk of significant harm to any individual as a result of a privacy breach, and lists the main criteria used by the OIPC to decide whether there was a real risk of significant harm.
Lastly, the OIPC outlined that the report analyses several aspects relating to privacy breaches, including:
- how long it usually took organisations to discover privacy breaches;
- how long it usually took organisations to notify individuals and report to the OIPC;
- the types of harm;
- the types of personal information; and
- the reporting industries.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
