How ClearBreach works
A structured 18–23 question wizard walks you through your breach. The rules engine evaluates every answer against applicable legislation and produces your full document set.
Answer questions about your breach
Data types involved, number of individuals affected, whether the breach was isolated or systemic, and your operating jurisdiction. Question count varies by province due to conditional routing.
The rules engine evaluates in real time
ClearBreach applies the Real Risk of Significant Harm (RROSH) test under PIPEDA, and equivalent thresholds under Alberta PIPA and BC PIPA. For cross-jurisdictional organizations, both tests run independently — producing two verdicts and a combined obligation set.
All required documents generated automatically
Every required document is produced from your answers — nothing to draft manually. Download and use immediately.
Up to seven documents. Zero drafting.
Every document required to respond to a Canadian privacy breach is generated automatically from your assessment answers. Three documents are always produced — up to four additional regulator reports are generated based on which obligations are triggered.
3 documents always generated · up to 4 additional conditional documents based on obligations triggered
Assessment Verdict Card
AlwaysFormal RROSH determination with score, verdict tier, and obligations triggered — the primary record of your assessment.
Internal Incident Record
AlwaysInternal documentation required for your compliance file. Includes full incident details, assessment results, and a response log.
Individual Notification Letter
AlwaysDraft notification to affected individuals — one section per applicable framework.
OPC PIPEDA Breach Report
ConditionalPre-drafted submission to the Office of the Privacy Commissioner of Canada. Generated when PIPEDA reporting obligations are triggered.
OIPC Alberta PIPA Report
ConditionalMirrors the official April 2024 OIPC Alberta form — Sections A through E. Generated when AB PIPA reporting obligations are triggered.
OIPC BC PIPA Report
ConditionalVoluntary report to the OIPC BC. Generated when BC PIPA obligations are identified.
AB PIPA Individual Notice
ConditionalSeparate individual notification meeting the minimum content requirements of PIPA Regulation s.19.1 (Alberta). Attachable to the OIPC AB submission.
Five-tier verdict system
The rules engine scores your breach across 100 points and assigns one of five verdict tiers. Each tier maps to a specific obligation set.
Jurisdiction coverage
PIPEDA
Federal private sector privacy legislation. Applies to all organizations operating across provincial borders or in non-PIPA provinces.
Alberta PIPA
Alberta's provincial privacy legislation. Applies to private sector organizations operating in Alberta.
BC PIPA
British Columbia's provincial privacy legislation. Applies to private sector organizations operating in BC.
Multi-jurisdiction assessment
PIPEDA, Alberta PIPA, and BC PIPA assessed simultaneously in one workflow. All applicable frameworks evaluated together, producing a single combined obligation set.
Out of scope: Quebec Law 25 (Law 25) and Ontario PHIPA are permanently outside ClearBreach scope and are not assessed.
Built for privacy
Breach details never leave your browser
Assessment answers are processed entirely client-side. Only anonymous metadata (verdict tier, province count, framework count) is recorded — never the breach details themselves.
Canadian data residency
Production infrastructure is hosted in Canada. Your organization data stays in Canada.
Not legal advice
ClearBreach produces a preliminary risk assessment to help you understand your obligations. Consult a privacy lawyer before submitting reports to regulators.
Ready to run your assessment?
Know what you owe. Know it now.
Get started — $399/yearMSP plans available. See pricing.