Live DeskCanadian privacy decisions — federal, provincial, and territorial.

Canadian Privacy Decisions

Canadian Privacy Decisions

The comprehensive archive of Canadian privacy decisions from federal, provincial, and territorial commissioners — with AI-summarized plain-language summaries for every decision.

20,153 decisions in archive

Sign in to search

Jurisdiction

Federal (Canada)Ontario British Columbia Alberta Saskatchewan Manitoba QuebecIn Progress Nova Scotia New Brunswick Prince Edward Island Newfoundland and Labrador

Governing law

Outcome

OIC Order (ATIA s.36.1, binding)Well-founded Well-founded & resolved Well-founded & conditionally resolved Well-founded & unresolved Not well-founded Action warranted s.6.1 Application Granted (refusal authorized)s.6.1 Application Denied (must respond)Settled Resolved Early-resolved Discontinued Withdrawn Declined to investigate No jurisdiction

Decision Type

Orders Final Reports Systemic Investigations

Sort

Default: publication date

Browse by Year

2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1987

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-03986· Indexed Jun 1, 2026

Health Canada, 5825-03986

The OIC ordered Health Canada to provide a complete response to the access request no later than 36 business days following the date of the final report..

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-03984· Indexed Jun 1, 2026

Health Canada, 5825-03984

The OIC ordered Health Canada to provide a complete response to the access request no later than 36 business days following the date of the final report..

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-03729· Indexed Jun 1, 2026

Health Canada, 5825-03729

The OIC ordered Health Canada to provide a complete response to the access request no later than 60 business days following the date of the final report..

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-03049· Indexed Jun 1, 2026

Privy Council Office, 5825-03049

The OIC ordered Privy Council Office to provide a complete response to the access request no later than 60 days following the date of the final report..

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-03048· Indexed Jun 1, 2026

Privy Council Office, 5825-03048

The OIC ordered Privy Council Office to provide a complete response to the access request no later than 36 business days following the date of the final report..

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-02380· Indexed Jun 1, 2026

Privy Council Office, 5825-02380

The OIC ordered Privy Council Office to provide a complete response to the access request no later than 60 business days following the date of the final report..

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-02379· Indexed Jun 1, 2026

Privy Council Office, 5825-02379

The OIC ordered Privy Council Office to provide a complete response to the access request no later than 60 day days following the date of the final report..

Federal (Canada)Access to Information ActOIC Order (ATIA s.36.1, binding)

Mar 25, 20265825-02378· Indexed Jun 1, 2026

Privy Council Office, 5825-02378

The OIC ordered Privy Council Office to provide a complete response to the access request no later than May 22..

Federal (Canada)Personal Information Protection and Electronic Documents ActDiscontinued

Mar 25, 2026· Indexed May 6, 2026

Compliance Letter to the Office of the Privacy Commissioner of Canada (“OPC”) By Nova Scotia Power

Nova Scotia Power

This compliance letter concerns a privacy breach at Nova Scotia Power that began around March 19, 2025. A malware attack allowed a threat actor to access and exfiltrate sensitive customer information, including names, contact details, financial information, and SINs, affecting approximately 375,000 current and 540,000 former customers. Nova Scotia Power has committed to specific actions, including deleting customer SINs and undergoing an external security assessment, to address the breach. Upon the Commissioner's satisfaction with these commitments, the investigation will be discontinued.

Flag of Ontario

Ontario

Subscribers only

Municipal Freedom of Information and Protection of Privacy Act

Order MO-4784 - 2026-03-25

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

Flag of Ontario

Ontario

Subscribers only

Freedom of Information and Protection of Privacy Act

Order PO-4802 - 2026-03-25

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

Flag of Ontario

Ontario

Subscribers only

Freedom of Information and Protection of Privacy Act

Order PO-4803 - 2026-03-25

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

Flag of Ontario

Ontario

Subscribers only

Freedom of Information and Protection of Privacy Act

Order PO-4804 - 2026-03-25

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

Federal (Canada)Privacy ActWell-founded

Mar 24, 2026· Indexed Jun 5, 2026

Unauthorized Disclosure of Employee Personal Information in CBSA’s Information Management System

Canada Border Services Agency (CBSA)

An employee of the Canada Border Services Agency (CBSA) complained that their personal information was inadvertently disclosed to colleagues due to improperly set folder permissions in the CBSA's information management system, Apollo. The CBSA confirmed the contravention of section 8 of the Privacy Act. While the CBSA took steps to correct the issue and improve practices, it did not commit to mandatory, trackable training for managing permissions, leading the OPC to find the complaint well-founded but unresolved.

2026 QCCAI 130 — Tribunal administratif du logement

Quebec

Subscribers only

Act respecting access to documents held by public bodies and the protection of personal information

2026 QCCAI 130 — Tribunal administratif du logement

Subscribe to access Quebec decisions.

Unlock this jurisdiction →

Outcome Notes

Federal rulings come from two regulators with different statutory authority — outcome filters cover both.

OIC Order (ATIA s.36.1, binding) — Since June 2019 (Bill C-58) the Information Commissioner can issue binding orders requiring disclosure or reconsideration. Enforceable after 31/41 business days unless reviewed by the Federal Court (s.41).

Well-Founded — finding that the complaint is well-founded. For OIC: ATIA s.37(1)(a) finding (may be paired with a s.36.1 order). For OPC: Privacy Act s.35(1) / PIPEDA s.13(1) advisory finding — recommendations only, no binding order-making power. Includes well-founded, well-founded & resolved, well-founded & conditionally resolved, well-founded & unresolved.

Not Well-Founded — no contravention found.

s.6.1 Application— the OIC's response to a head's application for authorization to refuse a frivolous, vexatious, or bad-faith access request. Granted = institution may refuse; Denied = institution must respond.

Settled / Resolved / Early-resolved — OPC matter resolved during or before formal findings without a contravention finding.

Declined to investigate / No jurisdiction — Procedural close (Privacy Act s.34, PIPEDA discretion, or scope outside the Acts).

References: ATIA s.36.1 · OPC disposition definitions

About This Archive

Breach of Privacy is the one-stop archive for Canadian privacy decisions from federal, provincial, and territorial commissioners. Each decision includes an AI-generated plain-language summary. Always verify against the official source document.