Decisions

Canadian Privacy Decisions

The comprehensive archive of Canadian privacy decisions from federal, provincial, and territorial commissioners — with AI-summarized plain-language summaries for every decision.

1,016 decisions matching

Jurisdiction

Federal (Canada)Ontario British Columbia Alberta Saskatchewan Manitoba Quebec Nova Scotia New Brunswick Prince Edward Island Newfoundland and Labrador

Governing law

Outcome

OIC Order (ATIA s.36.1, binding)Well-founded Well-founded & resolved Well-founded & conditionally resolved Well-founded & unresolved Not well-founded Action warranted s.6.1 Application Granted (refusal authorized)s.6.1 Application Denied (must respond)Settled Resolved Early-resolved Discontinued Withdrawn Declined to investigate No jurisdiction

Decision Type

Orders Final Reports Systemic Investigations

Sort

Default: publication date

Index date

Browse by Year

2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1987

British Columbia

Subscribers only

Freedom of Information and Protection of Privacy Act

F17-20 — BC OIPC order 1937

Subscribe to access British Columbia decisions.

Unlock this jurisdiction →

British Columbia

Subscribers only

Freedom of Information and Protection of Privacy Act

F17-19 — BC OIPC order 1936

Subscribe to access British Columbia decisions.

Unlock this jurisdiction →

Ontario

Subscribers only

Freedom of Information and Protection of Privacy Act

Order PO-3723

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

Ontario

Subscribers only

Municipal Freedom of Information and Protection of Privacy Act

Order MO-3429

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

Federal (Canada)Personal Information Protection and Electronic Documents ActResolved

Apr 26, 2017Incident case summary #2017-001· Indexed Apr 12, 2026

Incident case summary #2017-001: Multiple breach incidents as a result of password reuse

Office of the Privacy Commissioner of Canada

This report details three incidents in 2017 where Canadian organizations experienced data breaches due to password reuse by their customers. In each case, attackers used login credentials obtained from unrelated breaches to access customer accounts. The Office of the Privacy Commissioner of Canada found the organizations' responses to be appropriate, including actions like password resets, enhanced security measures, and customer notifications, and encouraged other organizations to adopt similar preventative strategies.

Official ↗

Newfoundland and Labrador

Subscribers only

Access to Information and Protection of Privacy Act, 2015

A-2017-011 — Royal Newfoundland Constabulary

Subscribe to access Newfoundland and Labrador decisions.

Unlock this jurisdiction →

Prince Edward Island

Subscribers only

Freedom of Information and Protection of Privacy Act

FI-17-006 — Department of Family and Human Services

Subscribe to access Prince Edward Island decisions.

Unlock this jurisdiction →

Ontario

Subscribers only

Personal Health Information Protection Act

PHIPA DECISION 44

Subscribe to access Ontario decisions.

Unlock this jurisdiction →