Policy & Statement
Primary Care Toolkit for Family Physicians
The College of Family Physicians of Canada
The federal Personal Information Protection and Electronic Documents Act (PIPEDA) sets out ten privacy principles that apply to Canadian organizations that engage in commercial activities. Although the CFPC does not engage in commercial activities, it will endeavour to comply with these ten privacy principles on a voluntary basis.
The CFPC reviews this policy from time to time to ensure that it is relevant and remains current with changing laws and regulations. This policy is current as of the "Last revised " date set out above.
Definitions and Privacy Principles
"Personal information" includes all information about an identifiable individual, but does not include the name, title, business address or business telephone number of an employee of an organization.
"Commercial activity" means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.
In its efforts to protect the privacy of its members and non-members, the CFPC observes the following ten privacy principles:
1. Accountability: The CFPC is responsible for personal information under its control and designates an individual or individuals who are accountable for the organization's compliance with the following principles.
2. Identifying Purposes: The purpose for which personal information is collected is identified by the CFPC at or before the time the information is collected.
3. Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
4. Limiting Collection: The collection of personal information is limited to that which is necessary for the purposes identified by the CFPC. Information is collected by fair and lawful means.
5. Limiting Use, Disclosure and Retention: Personal information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information is retained only as long as necessary for the fulfillment of those purposes.
6. Accuracy: Personal information is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
7. Safeguards: Personal information is protected by security safeguards appropriate to the sensitivity of the information.
8. Openness: The CFPC makes readily available to individuals specific information about its policies and practices relating to the management of personal information.
9. Individual Access: Upon request, an individual is informed of the existence, use and disclosure of his or her personal information and is given access to that information. An individual is able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance: An individual is able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the CFPC's compliance with privacy legislation.
The CFPC collects uses and discloses personal information in accordance with current privacy legislation and this policy. The CFPC's Privacy Officer is accountable for compliance with this policy.
The CFPC staff is educated and reminded about this policy and the appropriate management of personal information.
2. Identifying Purposes
The CFPC identifies the purposes for which personal information is collected from members and non-members at or before the time of collection.
The CFPC ensures that members and non-members understand the reasons for collection and use of their personal information.
If the CFPC wishes to use personal information that it has collected for a purpose not previously identified, the CFPC identifies the new purpose and obtains the consent of members or non-members to use their information for that purpose, prior to use, unless the law requires the new purpose.
The CFPC obtains consent from members and non-members for the collection, use or disclosure of their personal information. Either written or oral consent is obtained for collecting, using and disclosing personal information. Implied consent is permitted for the ongoing use of personal information, consistent with the purposes for which it was collected.
The CFPC advises members and non-members that they may withdraw their consent to the use of their personal information at any time by notifying the CFPC's Privacy Officer, subject to legal or contractual restrictions and reasonable notice. The CFPC informs members and non-members of the implications of such withdrawal.
Members and non-members may instruct the CFPC not to disclose their names, addresses and other personal information to other organizations for the identified purposes.
4. Limiting Collection
The CFPC collects only as much personal information as is required to provide its services to members and non-members.
5. Limiting Use, Disclosure and Retention
The CFPC does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of a member or non-member or as required by law.
The operating system for the CFPC website (www.toolkit.cfpc.ca) may automatically record some general information about visitors such as:
- The internal domain for visitors' internet service provider and the IP address of the computer accessing the website
- The type of browser visitors are using
- The type of operating system visitors are using
- The date and time of the visit to the website
- The web pages that visitors viewed on the website
- The previous website accessed by visitors (if linked to another site)
Use of Website Information
When Exiting the CFPC's Primary Care Toolkit Website
The CFPC retains personal information only as long as necessary for the fulfillment of the identified purposes. The CFPC destroys, erases or makes anonymous personal information that is no longer required to fulfill the identified purposes.
The CFPC creates and maintains personal information records using the most accurate information available to it.
The CFPC updates personal information as required.
The CFPC takes reasonable measures to ensure that personal information is kept safe from loss or theft, unauthorized access, use, copying, disclosure or modification. A higher level of protection is used to safeguard more sensitive information. The measures the CFPC takes to ensure the security of personal information include:
- Physical security of our premises
- Restriction of staff access to files on a "need to know " basis
- Fireproof and locked file cabinets
- Undertakings by all staff to comply with our policy
- Deployment of technological safeguards like security software, encryption and firewalls to prevent hacking or unauthorized computer access
- Internal password and security policies
- Regular audits of our procedures and measures to ensure that they are properly administered and that they remain effective and appropriate.
If the CFPC transfers personal information to a third party for processing, the CFPC uses contractual or other means to ensure that the third party affords an appropriate level of protection to such information during its processing.
The CFPC disposes of personal information with care to prevent unauthorized parties from gaining access to the information.
This policy is available to members and non-members whose personal information is collected by the CFPC. This policy can be obtained by visiting the CFPC's Primary Care Toolkit website (www.toolkit.cfpc.ca) or contacting the CFPC's Privacy Officer.
The CFPC will, upon request, give members and non-members information about the existence, use and disclosure of their personal information, and access to that information.
Members whose personal information has been collected by the CFPC may access their own information in the "Member Profile " of the "Members Only " area on the CFPC website.
Members and non-members may challenge the accuracy and completeness of their personal information and notify the CFPC's Membership Department if any changes are required.
10. Challenging Compliance
The CFPC complies with applicable privacy legislation related to the management of personal information. Any questions or complaints about the CFPC's management of this information should be directed to the CFPC's Privacy Officer:
Ms. Verena Herten-Greaven
Director of Finance and Human Resources
The College of Family Physicians of Canada
2630 Skymark Avenue
Mississauga, Ontario L4W 5A4
Tel: 905.629.0900, ext. 420