Decisions

Canadian Privacy Decisions

The comprehensive archive of Canadian privacy decisions from federal, provincial, and territorial commissioners — with AI-summarized plain-language summaries for every decision.

1,474 decisions matching

Jurisdiction

Federal (Canada)Ontario British Columbia Alberta Saskatchewan Manitoba QuebecIn Progress Nova Scotia New Brunswick Prince Edward Island Newfoundland and Labrador

Governing law

Outcome

OIC Order (ATIA s.36.1, binding)Well-founded Well-founded & resolved Well-founded & conditionally resolved Well-founded & unresolved Not well-founded Action warranted s.6.1 Application Granted (refusal authorized)s.6.1 Application Denied (must respond)Settled Resolved Early-resolved Discontinued Withdrawn Declined to investigate No jurisdiction

Decision Type

Orders Final Reports Systemic Investigations

Sort

Default: publication date

Index date

Browse by Year

2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1987

Quebec

Subscribers only

Act respecting access to documents held by public bodies and the protection of personal information

Décision 1028636-S — Ville de Laval

Subscribe to access Quebec decisions.

Unlock this jurisdiction →

Alberta

Subscribers only

Freedom of Information and Protection of Privacy Act

FOIP2025-36 — City of Medicine Hat

Subscribe to access Alberta decisions.

Unlock this jurisdiction →

Alberta

Subscribers only

Freedom of Information and Protection of Privacy Act

FOIP2025-37 — City of Medicine Hat

Subscribe to access Alberta decisions.

Unlock this jurisdiction →

Alberta

Subscribers only

Freedom of Information and Protection of Privacy Act

FOIP2025-38 — City of Medicine Hat

Subscribe to access Alberta decisions.

Unlock this jurisdiction →

Alberta

Subscribers only

Freedom of Information and Protection of Privacy Act

FOIP2025-39 — City of Medicine Hat

Subscribe to access Alberta decisions.

Unlock this jurisdiction →

Alberta

Subscribers only

Freedom of Information and Protection of Privacy Act

FOIP2025-40 — City of Medicine Hat

Subscribe to access Alberta decisions.

Unlock this jurisdiction →

Ontario

Subscribers only

Municipal Freedom of Information and Protection of Privacy Act

Order MO-4731

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

2025 QCCAI 390 — Bell Mobilité inc. and BCE INC.

Quebec

Subscribers only

Act respecting the protection of personal information in the private sector

2025 QCCAI 390 — Bell Mobilité inc. and BCE INC.

Subscribe to access Quebec decisions.

Unlock this jurisdiction →

Newfoundland and Labrador

Subscribers only

Access to Information and Protection of Privacy Act, 2015

A-2025-048 — Memorial University

Subscribe to access Newfoundland and Labrador decisions.

Unlock this jurisdiction →

Alberta

Subscribers only

Freedom of Information and Protection of Privacy Act

FOIP2025-D-01

Subscribe to access Alberta decisions.

Unlock this jurisdiction →

British Columbia

Subscribers only

Freedom of Information and Protection of Privacy Act

Order Ministry of Attorney General

Subscribe to access British Columbia decisions.

Unlock this jurisdiction →

Ontario

Subscribers only

Freedom of Information and Protection of Privacy Act

Order PO-4767

Subscribe to access Ontario decisions.

Unlock this jurisdiction →

Federal (Canada)Personal Information Protection and Electronic Documents ActWell-founded & conditionally resolved

Dec 1, 2025PIPEDA Findings #2025-004· Indexed Apr 12, 2026

PIPEDA Findings #2025-004: Investigation into the privacy practices of Staples Canada ULC related to electronic devices to be resold as part of its Openbox program

Staples Canada ULC

This investigation examined Staples Canada's practices concerning the removal of personal information from returned laptops resold through its Openbox program. The Office of the Privacy Commissioner of Canada (OPC) found that Staples had deficiencies in its policies, procedures, and employee training regarding data wiping. Specifically, the OPC determined that Staples did not consistently ensure full data sanitization according to manufacturer guidelines, leading to residual personal information being found on some devices. Staples agreed to implement corrective measures, including updating procedures, enhancing training, and engaging third-party spot checks.

Official ↗

2025 QCCAI 384 — Ministère de la Sécurité publique (Sûreté du Québec)

Quebec

Subscribers only

Act respecting access to documents held by public bodies and the protection of personal information

2025 QCCAI 384 — Ministère de la Sécurité publique (Sûreté du Québec)

Subscribe to access Quebec decisions.

Unlock this jurisdiction →

Newfoundland and Labrador

Subscribers only

Access to Information and Protection of Privacy Act, 2015

A-2025-047 — Department of Justice and Public Safety

Subscribe to access Newfoundland and Labrador decisions.

Unlock this jurisdiction →

Outcome Notes

Federal rulings come from two regulators with different statutory authority — outcome filters cover both.

OIC Order (ATIA s.36.1, binding) — Since June 2019 (Bill C-58) the Information Commissioner can issue binding orders requiring disclosure or reconsideration. Enforceable after 31/41 business days unless reviewed by the Federal Court (s.41).

Well-Founded — finding that the complaint is well-founded. For OIC: ATIA s.37(1)(a) finding (may be paired with a s.36.1 order). For OPC: Privacy Act s.35(1) / PIPEDA s.13(1) advisory finding — recommendations only, no binding order-making power. Includes well-founded, well-founded & resolved, well-founded & conditionally resolved, well-founded & unresolved.

Not Well-Founded — no contravention found.

s.6.1 Application— the OIC's response to a head's application for authorization to refuse a frivolous, vexatious, or bad-faith access request. Granted = institution may refuse; Denied = institution must respond.

Settled / Resolved / Early-resolved — OPC matter resolved during or before formal findings without a contravention finding.

Declined to investigate / No jurisdiction — Procedural close (Privacy Act s.34, PIPEDA discretion, or scope outside the Acts).

References: ATIA s.36.1 · OPC disposition definitions

About This Archive

Breach of Privacy is the one-stop archive for Canadian privacy decisions from federal, provincial, and territorial commissioners. Each decision includes an AI-generated plain-language summary. Always verify against the official source document.

Canadian Privacy Decisions

Décision 1028636-S — Ville de Laval

FOIP2025-36 — City of Medicine Hat

FOIP2025-37 — City of Medicine Hat

FOIP2025-38 — City of Medicine Hat

FOIP2025-39 — City of Medicine Hat

FOIP2025-40 — City of Medicine Hat

Order MO-4731

2025 QCCAI 390 — Bell Mobilité inc. and BCE INC.

A-2025-048 — Memorial University

FOIP2025-D-01

Order Ministry of Attorney General

Order PO-4767

PIPEDA Findings #2025-004: Investigation into the privacy practices of Staples Canada ULC related to electronic devices to be resold as part of its Openbox program

Quick View

PIPEDA Findings #2025-004: Investigation into the privacy practices of Staples Canada ULC related to electronic devices to be resold as part of its Openbox program

2025 QCCAI 384 — Ministère de la Sécurité publique (Sûreté du Québec)

A-2025-047 — Department of Justice and Public Safety

Filters