Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Alberta: OIPC publishes 2022 PIPA breach report
The Office of the Information and Privacy Commissioner of Alberta ('OIPC') announced, on 27 July 2022, that it had published, on the same date, a report analysing approximately 2,000 privacy breaches of the Personal Information Protection Act, SA 2003 c P-6.5 ('PIPA') that were reported in Alberta from 2010-2011 to 2020-2021. In particular, the OIPC noted that the main reason for notification to affected individuals was unauthorised access to personal information caused by a compromised electronic information system (e.g. the installation of malware or ransomware).
Additionally, the OIPC explained that the report offers guidance to organisations for establishing whether there is a real risk of significant harm to any individual as a result of a privacy breach, and lists the main criteria used by the OIPC to decide whether there was a real risk of significant harm.
Lastly, the OIPC outlined that the report analyses several aspects relating to privacy breaches, including:
- how long it usually took organisations to discover privacy breaches;
- how long it usually took organisations to notify individuals and report to the OIPC;
- the types of harm;
- the types of personal information; and
- the reporting industries.