McLeod Law



All fields are required.

The convenience of two offices (downtown and south Calgary) makes it easier to meet with your lawyers.

Calgary South

300, 14505 Bannister Road SE
Calgary, AB T2X 3J3

Get Directions

Calgary Downtown

Manulife Place
500, 707 - 5 Street SW
Calgary, AB T2P 1V8

Get Directions


Practice Areas


2022 Personal Information Privacy Breach Report Released

| Download PDF

The Office of the Information and Privacy Commissioner (OIPC) recently released a report (Report) analyzing privacy “breaches” (as defined in the Report) in Alberta over the last decade, showing some interesting trends: 

  • The percentage of decisions per year finding breaches with real risk of serious harm (RROSH) requiring notification under the Personal Information Protection Act (Alberta) (PIPA) swelled from 40% (2010-2011) to 80% (2020-2021).

% of ROSH

  • The most common type of breach involving RROSH has changed from Loss (50% in 2010-2011; 13% in 2020-2021) to Unauthorized Access (25% in 2010-2011; 69% in 2020-2021).

 Types of Breach

  • The most common cause of breach involving RROSH has shifted from Theft (45% in 2010-2011; 10% in 2020-2021) to Compromised Electronic Information System.

 Cause of Breach

  • The most prevalent risk of harm involving RROSH breaches has remained Identity Theft (33% in 2010-2011; 24% in 2020-2021) with Fraud as a close second (25% in 2010-2011; 23% in 2020-2021).

 Prevalent risk of harm

OIPC’s Report suggests that the most common breaches have shifted from unintentional or non-malicious loss of information to intentional or malicious unauthorized access of information.

Organizations are obligated by PIPA to protect personal information in their custody or control by making reasonable security arrangements against breaches.

In the event of a breach, an organization with personal information under its control must, without unreasonably delay, notify the OIPC where a reasonable person would consider that, as a result of the breach, there exists a RROSH.

Organizations should regularly review and update their privacy and data policies to ensure compliance with privacy legislation and engage professionals immediately upon discovery of a breach.

If you have any questions, please do not hesitate to contact any of our Privacy & Cybersecurity lawyers.

Practice Areas

View More Resources

Sign up to receive news and updates.