How ClearBreach works
Canadian privacy law places identical obligations on a two-person clinic and a two-thousand-person corporation. Most small businesses and professional practices face those obligations without a privacy officer or legal team to navigate them. ClearBreach applies the legal interpretation for you — answer questions about your situation and receive every required document automatically.
Answer questions about your breach, your compliance program, or a planned project. ClearBreach generates every report, policy, and assessment Canadian privacy law requires — built on OPC and OIPC published guidance.
Breach assessment
Guided RROSH evaluation across PIPEDA, Alberta PIPA, and BC PIPA. Up to seven documents generated automatically — RROSH verdict, internal incident record, individual notification letter, and regulator reports for OPC, OIPC Alberta, and OIPC BC.
Annual compliance assessment
Gap identification across ten compliance areas. Generates a personalized policy and procedure document set — privacy policy, complaint handling procedure, and privacy management program documentation.
Privacy impact assessment
Structured PIA wizard for new projects, systems, or data uses. Walks your organization through the assessment and produces a completed PIA document ready to retain or file with your regulator.
Compliance guides
Free step-by-step guides covering proactive obligations under PIPEDA, Alberta PIPA, and BC PIPA — privacy officer designation, complaint handling, PIAs, and the legislative requirements under each jurisdiction.
Breach assessment
A structured 18–23 question wizard walks you through your breach. The rules engine evaluates every answer against applicable legislation and produces your full document set.
Answer questions about your breach
Data types involved, number of individuals affected, whether the breach was isolated or systemic, and your operating jurisdiction. Question count varies by province due to conditional routing.
The rules engine evaluates in real time
ClearBreach applies the Real Risk of Significant Harm (RROSH) test under PIPEDA, and equivalent thresholds under Alberta PIPA and BC PIPA. For cross-jurisdictional organizations, both tests run independently — producing two verdicts and a combined obligation set.
All required documents generated automatically
Every required document is produced from your answers — nothing to draft manually. Download and use immediately.
Up to seven documents. Zero drafting.
Every document required to respond to a Canadian privacy breach is generated automatically from your assessment answers. Three documents are always produced — up to four additional regulator reports are generated based on which obligations are triggered.
3 documents always generated · up to 4 additional conditional documents based on obligations triggered
Assessment Verdict Card
AlwaysFormal RROSH determination with score, RROSH verdict (BELOW_RROSH or RROSH), and obligations triggered — the primary record of your assessment.
Internal Incident Record
AlwaysInternal documentation required for your compliance file. Includes full incident details, assessment results, and a response log.
Individual Notification Letter
AlwaysDraft notification to affected individuals — one section per applicable framework.
OPC PIPEDA Breach Report
ConditionalPre-drafted submission to the Office of the Privacy Commissioner of Canada. Generated when PIPEDA reporting obligations are triggered.
OIPC Alberta PIPA Report
ConditionalMirrors the official April 2024 OIPC Alberta form — Sections A through E. Generated when AB PIPA reporting obligations are triggered.
OIPC BC PIPA Report
ConditionalVoluntary report to the OIPC BC. Generated when BC PIPA obligations are identified.
AB PIPA Individual Notice
ConditionalSeparate individual notification meeting the minimum content requirements of PIPA Regulation s.19.1 (Alberta). Attachable to the OIPC AB submission.
Binary RROSH verdict
The rules engine scores your breach across 100 points and returns a binary verdict: BELOW_RROSH or RROSH. This mirrors the legal standard — Canadian privacy legislation requires reporting when a real risk of significant harm exists, not when risk exceeds an arbitrary tier level.
Jurisdiction coverage
PIPEDA
Federal private sector privacy legislation. Applies to all organizations operating across provincial borders or in non-PIPA provinces.
Alberta PIPA
Alberta's provincial privacy legislation. Applies to private sector organizations operating in Alberta.
BC PIPA
British Columbia's provincial privacy legislation. Applies to private sector organizations operating in BC.
Multi-jurisdiction assessment
PIPEDA, Alberta PIPA, and BC PIPA assessed simultaneously in one workflow. All applicable frameworks evaluated together, producing a single combined obligation set.
Out of scope: Quebec Law 25 is permanently outside ClearBreach scope and is not assessed.
Built for privacy
Breach details never leave your browser
Assessment answers are processed entirely client-side. Only anonymous metadata (verdict tier, province count, framework count) is recorded — never the breach details themselves.
Canadian data residency
Production infrastructure is hosted in Canada. Your organization data stays in Canada.
Grounded in Canadian law
Assessment logic is built on the text of PIPEDA, Alberta PIPA, and BC PIPA and published OPC and OIPC guidance. ClearBreach produces a preliminary risk assessment — not a legal opinion. Engage a privacy lawyer before submitting reports to regulators.
Why most privacy compliance resources require expertise to use →
Compliance guides
Alongside the assessment workflows, ClearBreach publishes practical step-by-step guides covering proactive privacy obligations under PIPEDA, Alberta PIPA, and BC PIPA — privacy officer designation, complaint handling procedures, privacy impact assessments, and the legislative requirements under each jurisdiction.
Browse compliance guides →Annual compliance assessment
An annual structured assessment maps your organization's privacy practices across ten compliance areas — accountability and governance, privacy policy, consent and collection, retention and disposal, security safeguards, access and correction, training and awareness, service provider management, incident management, and CASL compliance — and generates a personalized policy and procedure document set tailored to your organization's size, sector, and jurisdiction.
Documents generated: privacy policy, complaint handling procedure, and privacy management program documentation. Each area is scored independently and the assessment returns an overall status tier — On Track, Needs Attention, or At Risk. All documents are produced in your browser from your assessment answers.
Privacy impact assessment
A structured wizard walks your organization through a Privacy Impact Assessment for new projects, systems, or data uses — identifying privacy risks before implementation and producing a completed PIA document ready to retain or file with your regulator.
Ready to run your assessment?
Know what you owe. Know it now.
Get started — $799/yearMSP plans available. See pricing.