The College of Family Physicians of Canada Policy Statement
The federal Personal Information Protection and Electronic Documents Act (PIPEDA) sets out 10 privacy principles that apply to Canadian organizations engaged in commercial activities. While the CFPC is not subject to PIPEDA, it endeavours to comply with PIPEDA’s 10 privacy principles on a voluntary basis.
This policy describes how the CFPC collects, uses, and discloses personal information. In some provinces, separate provincial privacy legislation imposes obligations on not-for-profit organizations like the provincial Chapters. Each provincial Chapter is required to develop its own policy to meet the standards of applicable provincial law.
The CFPC may make changes to this policy from time to time including to ensure that it is relevant and remains current with changing laws and regulations. This policy is current as of October 2019.
Definitions and Privacy Principles
“Personal information” includes all information about an identifiable individual, except that it should be noted that privacy laws generally do not apply to business contact information when it is collected, used or disclosed for the purposes of communicating or facilitating communication with an individual in relation to their employment, business or profession.
In our effort to protect the privacy of our members and NMMPs, we observe the following 10 privacy principles:
- Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
- Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
- Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
- Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
The CFPC collects, uses, and discloses personal information in accordance with this policy. The CFPC’s Privacy Officer is accountable for the CFPC’s compliance with this policy and is appointed by the CFPC’s Chief Executive Officer and Executive Director.
The CFPC staff is educated and reminded about this policy and the appropriate management of personal information.
How the CFPC uses personal information
The CFPC collects personal information to communicate with members and NMMPs about matters of interest to family physicians, and for the following purposes:
- Membership applications
- Membership maintenance and updates
- Mainpro+ maintenance and updates
- Certification Examinations in Family Medicine
- Examinations of Added Competence in Emergency Medicine
- To provide CFPC Library services
- Canadian Family Physician journal distribution (see below)
- Family Medicine Forum registrations
- Self LearningTM Program and other courses provided by the CFPC
- Canadian Physician Database Scientific Research projects that are conducted or facilitated by the CFP
- Payment of annual dues
- Donations to the CFPC’s Foundation for Advancing Family Medicine
- Recipients of Honours and Awards
- Website visits (see Website below)
- To market and promote the CFPC and its products, services, and benefits
- To send mailings to members on behalf of insurers’ credit companies and other third parties who deal with us on behalf of our members
Members and NMMPs may withdraw their consent to the collection, use, or disclosure of their personal information at any time by notifying the CFPC’s Privacy Officer, subject to legal or contractual restrictions and reasonable notice. The CFPC will inform members and NMMPs of the implications of such withdrawal.
Canadian Family Physician
Canadian Family Physician (CFP) uses name, title, business name, mailing address, telephone and fax numbers, email address, professional qualifications, and demographics in order to:
Send the magazine to an individual
Fulfill circulation audit requirements
Renew/requalify an individual as a subscriber
Help direct editorial content to satisfy readers’ needs
Ensure advertisers they are reaching their targeted audience
Determine whether an individual qualifies for a complimentary subscription to CFP
When Personal Information May Be Disclosed
Examination data processing
The College provides family medicine program directors with a copy of the summary of the examination results that have been sent to each of their residents sitting the examination. If, for any reason, a resident does not wish this summary of his or her results to be released to his or her program director he or she must indicate this in writing to the College within one week of completion of the examination.
The granting of the special designation CCFP (Certification in the College of Family Physician of Canada) to one of our members is public information, which is available through our College or through the provincial and territorial licensing/registration authorities.
Credit card information collected by the CFPC is submitted in encrypted format to the CFPC credit card merchant only for payment approval and processing. The CFPC is fully compliant with PCI (payment card industry) requirements.
The CFPC shares information about its members with provincial licensing bodies, its provincial Chapters, the CFPC’s Foundation for Advancing Family Medicine, and other health care related organizations as approved by the CFPC’s Board of Directors (e.g., Canadian Medical Association, Canadian Post-M.D. Education Registry, Medical Council of Canada).
The CFPC shares information about its NMMPs in the CFPC's continuing medical education/continuing professional development Mainpro+ program with provincial licensing bodies.
Personal information may be disclosed for other purposes with the individual’s consent or as permitted or required by law.
Aggregate data may be shared with sponsors, potential sponsors, and other parties to help them understand the CFPC members and their interests.
Website Use and Targeted Advertising
Browser software allows the disabling of cookie collection if users wish or may inform users when a cookie is being stored on a user’s hard drive. You may also be able to opt-out of a social media site’s targeted advertising program by adjusting your privacy or account settings.
The operating system for the CFPC website (www.cfpc.ca) may automatically record some general information about visitors such as:
- The internal domain for the visitor’s internet service provider and the IP address of the computer accessing the website
- The type of browser visitors are using
- The type of operating system visitors are using
- The date and time of the visit to the website
- The web pages that visitors viewed on the website
- The previous website accessed by visitors (if linked to another site)
Use of website information
When exiting the CFPC website
The CFPC obtains consent from members and NMMPs for the collection, use, or disclosure of their personal information, except where collection, use, or disclosure without consent is permitted or required by law. Consent may be expressed (e.g., orally or in writing) or implied (for example, when you provide information necessary for a service you have requested). You may provide your consent in some circumstances where notice has been provided to you about the CFPC’s intentions with respect to your personal information and you have not withdrawn your consent for an identified purpose, such as by using an “opt out” option provided, if any.
The CFPC retains personal information only as long as necessary for the fulfillment of the identified purposes. The CFPC destroys, erases, or makes anonymous personal information that is no longer required to fulfill the identified purposes.
Examination information collected (including content, candidate performance, and demographic data) is retained for an indefinite period in electronic encrypted format. Hard copies of unsuccessful candidate materials are retained in a secured location until success is achieved. Hard copies of successful candidate examination materials are shredded after three years.
Payment information collected and retained in hard copy format is kept in a secured place for a period of seven years.
The CFPC takes reasonable measures to protect personal information from loss or theft, or unauthorized access, use, copying, disclosure, or modification. The measures the CFPC takes to ensure the security of personal information include:
Physical security of our premises
Restriction of staff access to files on a “need to know” basis
Fireproof and locked file cabinets
Undertakings by all staff to comply with our policy
Deployment of technological safeguards like security software, encryption and firewalls to prevent hacking or unauthorized computer access
Internal password and security policies
Regular audits of our procedures and measures to ensure that they are properly administered and that they remain effective and appropriate
If the CFPC transfers personal information to a third party for processing, the CFPC uses contractual or other means to ensure that the third party affords an appropriate level of protection to such information during its processing.
The CFPC disposes of personal information with care to prevent unauthorized parties from gaining access to the information.
Access and Correction
The CFPC will, upon request, give members and NMMPs information about the existence, use, and disclosure of their personal information, and access to that information.
Members whose personal information has been collected by the CFPC may access their own information in the “Member Profile” of the “Members Only” area on the CFPC website.
Members and NMMPs may challenge the accuracy and completeness of their personal information and notify the CFPC’s Membership Department if any changes are required.
Questions and Contacting Us
The CFPC takes steps intended to ensure compliance with applicable privacy legislation related to the management of personal information. Any questions or complaints about the CFPC’s management of this information, or any requests to access or correct your personal information, should be directed to the CFPC’s Privacy Officer:
Executive Director, Corporate Services
The College of Family Physicians of Canada and Foundation for Advancing Family Medicine
2630 Skymark Avenue
Mississauga, Ontario L4W 5A4
Tel: 905-629-0900, ext. 266
Email [email protected]
Approved by the CFPC Board of Directors October 2019.