ClearBreach

How ClearBreach works

Canadian privacy law places identical obligations on a two-person clinic and a two-thousand-person corporation. Most small businesses and professional practices face those obligations without a privacy officer or legal team to navigate them. ClearBreach applies the legal interpretation for you — answer questions about your situation and receive every required document automatically.

Answer questions about your breach, your compliance program, or a planned project. ClearBreach generates every report, policy, and assessment Canadian privacy law requires — built on OPC and OIPC published guidance.

Breach assessment

Guided RROSH evaluation across PIPEDA, Alberta PIPA, and BC PIPA. Up to seven documents generated automatically — RROSH verdict, internal incident record, individual notification letter, and regulator reports for OPC, OIPC Alberta, and OIPC BC.

Annual compliance assessment

Gap identification across ten compliance areas. Generates a personalized policy and procedure document set — privacy policy, complaint handling procedure, and privacy management program documentation.

Privacy impact assessment

Structured PIA wizard for new projects, systems, or data uses. Walks your organization through the assessment and produces a completed PIA document ready to retain or file with your regulator.

Compliance guides

Free step-by-step guides covering proactive obligations under PIPEDA, Alberta PIPA, and BC PIPA — privacy officer designation, complaint handling, PIAs, and the legislative requirements under each jurisdiction.

Breach assessment

A structured 18–23 question wizard walks you through your breach. The rules engine evaluates every answer against applicable legislation and produces your full document set.

01

Answer questions about your breach

Data types involved, number of individuals affected, whether the breach was isolated or systemic, and your operating jurisdiction. Question count varies by province due to conditional routing.

02

The rules engine evaluates in real time

ClearBreach applies the Real Risk of Significant Harm (RROSH) test under PIPEDA, and equivalent thresholds under Alberta PIPA and BC PIPA. For cross-jurisdictional organizations, both tests run independently — producing two verdicts and a combined obligation set.

03

All required documents generated automatically

Every required document is produced from your answers — nothing to draft manually. Download and use immediately.

Up to seven documents. Zero drafting.

Every document required to respond to a Canadian privacy breach is generated automatically from your assessment answers. Three documents are always produced — up to four additional regulator reports are generated based on which obligations are triggered.

See a sample Verdict Card →

3 documents always generated · up to 4 additional conditional documents based on obligations triggered

1.

Assessment Verdict Card

Always

Formal RROSH determination with score, RROSH verdict (BELOW_RROSH or RROSH), and obligations triggered — the primary record of your assessment.

2.

Internal Incident Record

Always

Internal documentation required for your compliance file. Includes full incident details, assessment results, and a response log.

3.

Individual Notification Letter

Always

Draft notification to affected individuals — one section per applicable framework.

4.

OPC PIPEDA Breach Report

Conditional

Pre-drafted submission to the Office of the Privacy Commissioner of Canada. Generated when PIPEDA reporting obligations are triggered.

5.

OIPC Alberta PIPA Report

Conditional

Mirrors the official April 2024 OIPC Alberta form — Sections A through E. Generated when AB PIPA reporting obligations are triggered.

6.

OIPC BC PIPA Report

Conditional

Voluntary report to the OIPC BC. Generated when BC PIPA obligations are identified.

7.

AB PIPA Individual Notice

Conditional

Separate individual notification meeting the minimum content requirements of PIPA Regulation s.19.1 (Alberta). Attachable to the OIPC AB submission.

Binary RROSH verdict

The rules engine scores your breach across 100 points and returns a binary verdict: BELOW_RROSH or RROSH. This mirrors the legal standard — Canadian privacy legislation requires reporting when a real risk of significant harm exists, not when risk exceeds an arbitrary tier level.

BELOW_RROSHNo real risk of significant harm identified. No statutory reporting or notification obligations triggered. Retain this assessment as your internal breach record.
RROSHReal risk of significant harm identified. Regulatory reporting and individual notification obligations apply under each framework that returned this verdict.

Jurisdiction coverage

PIPEDA

Federal private sector privacy legislation. Applies to all organizations operating across provincial borders or in non-PIPA provinces.

Alberta PIPA

Alberta's provincial privacy legislation. Applies to private sector organizations operating in Alberta.

BC PIPA

British Columbia's provincial privacy legislation. Applies to private sector organizations operating in BC.

Multi-jurisdiction assessment

PIPEDA, Alberta PIPA, and BC PIPA assessed simultaneously in one workflow. All applicable frameworks evaluated together, producing a single combined obligation set.

Out of scope: Quebec Law 25 is permanently outside ClearBreach scope and is not assessed.

Built for privacy

Breach details never leave your browser

Assessment answers are processed entirely client-side. Only anonymous metadata (verdict tier, province count, framework count) is recorded — never the breach details themselves.

Canadian data residency

Production infrastructure is hosted in Canada. Your organization data stays in Canada.

Grounded in Canadian law

Assessment logic is built on the text of PIPEDA, Alberta PIPA, and BC PIPA and published OPC and OIPC guidance. ClearBreach produces a preliminary risk assessment — not a legal opinion. Engage a privacy lawyer before submitting reports to regulators.

Why most privacy compliance resources require expertise to use →

Compliance guides

Alongside the assessment workflows, ClearBreach publishes practical step-by-step guides covering proactive privacy obligations under PIPEDA, Alberta PIPA, and BC PIPA — privacy officer designation, complaint handling procedures, privacy impact assessments, and the legislative requirements under each jurisdiction.

Browse compliance guides →

Annual compliance assessment

An annual structured assessment maps your organization's privacy practices across ten compliance areas — accountability and governance, privacy policy, consent and collection, retention and disposal, security safeguards, access and correction, training and awareness, service provider management, incident management, and CASL compliance — and generates a personalized policy and procedure document set tailored to your organization's size, sector, and jurisdiction.

Documents generated: privacy policy, complaint handling procedure, and privacy management program documentation. Each area is scored independently and the assessment returns an overall status tier — On Track, Needs Attention, or At Risk. All documents are produced in your browser from your assessment answers.

Privacy impact assessment

A structured wizard walks your organization through a Privacy Impact Assessment for new projects, systems, or data uses — identifying privacy risks before implementation and producing a completed PIA document ready to retain or file with your regulator.

Ready to run your assessment?

Know what you owe. Know it now.

Get started — $799/year

MSP plans available. See pricing.