The College of Family Physicians of Canada Policy Statement
The federal Parliament has passed the Personal Information Protection and Electronic Documents Act (PIPEDA), which sets out ten privacy principles that apply to all Canadian organizations engaged in commercial activities.
This policy describes how the CFPC collects, uses and discloses personal information. In some provinces, separate provincial privacy legislation imposes obligations on not-for-profit organizations like the provincial chapters. Each provincial chapter is required to develop its own policy to meet the standards of applicable provincial law.
The CFPC reviews this policy annually, at a minimum, to ensure that it is relevant and remains current with changing laws and regulations. This policy is current as of September 2012.
Definitions and Privacy Principles
“Personal information” includes all information about an identifiable individual, but does not include the name, title, business address or business telephone number of an employee of an organization.
“Commercial activity” means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.
In our effort to protect the privacy of our members and non-members, we observe the following ten privacy principles:
1. Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
3. Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
5. Limiting Use, Disclosure and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
8. Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
9. Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
The CFPC collects, uses and discloses personal information in accordance with current privacy legislation and this policy. The CFPC’s Privacy Officer is accountable for compliance with this policy.
The CFPC staff is educated and reminded about this policy and the appropriate management of personal information.
2. Identifying Purposes
The CFPC identifies the purposes for which personal information is collected from members and non-members at or before the time of collection.
The CFPC ensures that members and non-members understand the reasons for collection and use of their personal information.
If the CFPC wishes to use personal information that it has collected for a purpose not previously identified, the CFPC identifies the new purpose and obtains the consent of members or non-members to use their information for that purpose, prior to use, unless the law requires the new purpose.
The CFPC collects personal information to communicate with members and non-members about matters of interest to family physicians, and for the following purposes:
- Membership applications
- Membership maintenance and updates
- Mainpro+® maintenance and updates
- Certification Examinations in Family Medicine
- Examinations of Special Competence in Emergency Medicine
- CFPC Library services
- Canadian Family Physician journal distribution
- Family Medicine Forum registrations
- Self Learning ProgramTM and other courses provided by the CFPC
- National Physician Survey
- Scientific Research projects that are conducted or facilitated by the CFPC
- Payment of annual dues
- Donations to the Research and Education Foundation of the College of Family Physicians of Canada
- Recipients of Honours and Awards
- Website visits (see Website below)
The CFPC obtains consent from members and non-members for the collection, use or disclosure of their personal information. Either written or oral consent is obtained for collecting, using and disclosing personal information. Implied consent is permitted for the ongoing use of personal information, consistent with the purposes for which it was collected.
The CFPC advises members and non-members that they may withdraw their consent to the use of their personal information at any time by notifying the CFPC’s Privacy Officer, subject to legal or contractual restrictions and reasonable notice. The CFPC informs members and non-members of the implications of such withdrawal.
Members and non-members may instruct the CFPC not to disclose their names, addresses and other personal information to other organizations for the identified purposes.
4. Limiting Collection
The CFPC collects only as much personal information as is required to provide its services to members and non-members.
5. Limiting Use, Disclosure and Retention
The CFPC does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of a member or non-member or as required by law.
Special Uses and Disclosures of Personal Information
Examination Data Processing
The College provides family medicine program directors with a copy of the summary of the examination results that have been sent to each of their residents sitting the examination. If, for any reason, a resident does not wish this summary of his or her results to be released to his or her program director he or she must indicate this in writing to the College prior to thirty days after the writing of the examination.
The granting of the special designation CCFP (Certification from the College of Family Physician of Canada) to one of our members is public information, which is available through our College or through the provincial and territorial licensing/registration authorities.
Canadian Family Physician
Canadian Family Physician (CFP) uses the name, title, business name, mailing address, telephone and fax numbers, email address, professional qualifications and demographics in order to:
- Send the magazine to an individual.
- Fulfill circulation audit requirements.
- Renew/re-qualify an individual as a subscriber.
- Help direct editorial content to satisfy readers’ needs.
- Ensure advertisers they are reaching their targeted audience.
- Determine whether an individual qualifies for a complimentary subscription to CFP.
The Canadian Library of Family Medicine
CFPC Library Services may use personal information collected from members and non-members to respond to requests.
The CFPC shares information about its members with provincial licensing bodies, its provincial chapters, the Research and Education Foundation of the CFPC, and other health care related organizations as approved by the CFPC’s Board of Directors (e.g., CMA, CAPER, MCC).
For Non-member Mainpro+® Participants
The CFPC shares information about its non-member participants in the CFPC's CPD Mainpro+ program with provincial licensing bodies.
The CFPC may send mailings to its members on behalf of insurers, credit companies and other third parties who deal with us on behalf of our members.
Aggregate data may be shared with sponsors, potential sponsors and other parties to help them understand the CFPC members and their interests.
The operating system for the CFPC website (www.cfpc.ca) may automatically record some general information about visitors such as:
- The internal domain for visitors’ internet service provider and the IP address of the computer accessing the website.
- The type of browser visitors are using.
- The type of operating system visitors are using.
- The date and time of the visit to the website.
- The web pages that visitors viewed on the website.
- The previous website accessed by visitors (if linked to another site).
Use of Website Information
When Exiting the CFPC Website
The CFPC retains personal information only as long as necessary for the fulfillment of the identified purposes. The CFPC destroys, erases or makes anonymous personal information that is no longer required to fulfill the identified purposes.
Examination information collected and retained in hard copy format is kept in a secured place for a maximum of two years. Payment information collected and retained in hard copy format is kept in a secured place for a period of seven years.
The CFPC creates and maintains personal information records using the most accurate information available to it. The CFPC updates personal information as required.
The CFPC takes reasonable measures to ensure that personal information is kept safe from loss or theft, unauthorized access, use, copying, disclosure or modification. A higher level of protection is used to safeguard more sensitive information. The measures the CFPC takes to ensure the security of personal information include:
- Physical security of our premises.
- Restriction of staff access to files on a “need to know” basis.
- Fireproof and locked file cabinets.
- Undertakings by all staff to comply with our policy.
- Deployment of technological safeguards like security software, encryption and firewalls to prevent hacking or unauthorized computer access.
- Internal password and security policies.
- Regular audits of our procedures and measures to ensure that they are properly administered and that they remain effective and appropriate.
If the CFPC transfers personal information to a third party for processing, the CFPC uses contractual or other means to ensure that the third party affords an appropriate level of protection to such information during its processing.
The CFPC disposes of personal information with care to prevent unauthorized parties from gaining access to the information.
This policy is available to members and non-members whose personal information is collected by the CFPC. This policy can be obtained by visiting the CFPC website (www.cfpc.ca) or contacting the CFPC’s Privacy Officer.
The CFPC will, upon request, give members and non-members information about the existence, use and disclosure of their personal information, and access to that information.
Members whose personal information has been collected by the CFPC may access their own information in the “Member Profile” of the “Members Only” area on the CFPC website.
Members and non-members may challenge the accuracy and completeness of their personal information and notify the CFPC’s Membership Department if any changes are required.
10. Challenging Compliance
The CFPC complies with applicable privacy legislation related to the management of personal information. Any questions or complaints about the CFPC’s management of this information should be directed to the CFPC’s Privacy Officer:
Theresa E. Maguire-Garber
Executive Director, Corporate Services
The College of Family Physicians of Canada and the Research and Education Foundation
2630 Skymark Avenue
Mississauga, Ontario L4W 5A4
Tel: (905) 629 -0900, ext. 266