Protection of privacy
The ºÚÁÏÉç collects, uses, and discloses personal information in accordance with the Health Professions Act (HPA), Freedom of Information and Protection of Privacy Act (FIPPA), and other applicable legislation.
FOI menu
Privacy notice
The ºÚÁÏÉç is committed to protecting the privacy of our registrants, applicants, employees, members of the public who entrust us to investigate their complaints, and any other individuals with whom the ºÚÁÏÉç interacts.
This privacy notice is intended to inform you about our practices regarding the collection, use, and disclosure of personal information in our custody and under our control in accordance with our internal policies and procedures.
The chief legal counsel is the delegated head for the ºÚÁÏÉç under FIPPA. As the delegated head, the chief legal counsel provides leadership in the development and implementation of the ºÚÁÏÉç’s privacy management program. This work includes developing policies and procedures and being a resource to the university community by providing advice and training on protection of privacy and access to information.
In carrying out these responsibilities, the chief legal counsel works with privacy officer in the management of the operations of the access to information and privacy functions.
The ºÚÁÏÉç collects personal information to fulfill its mandate under the HPA. When we collect personal information, we explain why we are collecting the information and our legal authority for doing so.
The ºÚÁÏÉç will normally collect personal information directly from the individual whom the personal information is about; however, we may collect personal information indirectly from other sources in limited circumstances where such collection is authorized by FIPPA or another enactment.
When you send information by post or electronic means to the ºÚÁÏÉç, or complete an electronic or paper form that includes identifying information about you, a record of this information is kept so that the ºÚÁÏÉç can respond to you. We may keep a copy of your letter and/or information which you have supplied and a copy of the ºÚÁÏÉç's response as a record of the correspondence with you.
The ºÚÁÏÉç recognizes and respects users’ needs for privacy and security while they visit the ºÚÁÏÉç website. When you visit the ºÚÁÏÉç website, the following information is collected:
- browser type
- internet service provider (ISP) name
- IP address
- time of access
- pages accessed
Some portions of the ºÚÁÏÉç website may distribute small pieces of information (cookies) to web browsers to assist you when you return to specific areas on the site. If you have concerns about cookies, you can change your web browser settings not to accept this information, or display warning messages.
The ºÚÁÏÉç only uses and discloses personal information in its custody or under its control to fulfill its mandate under the HPA, and is done so in accordance with the HPA, FIPPA, and other applicable enactments or policies.
The ºÚÁÏÉç retains personal information collected from individuals in accordance with the FIPPA and the ºÚÁÏÉç’s records classification, retention and disposition policy. Personal information that is used to make a decision about an individual will be maintained for a minimum of one year.
The ºÚÁÏÉç makes every reasonable effort to ensure that personal information is accurate and complete.
If you are a registrant and would like access or make a correction to your personal information, please log in to your online account. It is your responsibility to contact us, pursuant to section 2-1 of the ºÚÁÏÉç Bylaws, to provide your current contact information or contact us if your information needs to be updated. It is also your responsibility, pursuant to , to report any new charges and convictions of a relevant or specific offence(s) to the ºÚÁÏÉç.
If you are a member of the public, please contact the privacy officer.
A correction request must be in writing. Correction requests will only be considered if they are about factual errors or omissions.
You may request a copy of your personal information that is in the ºÚÁÏÉç’s custody or under our control. To do this, you must contact us in writing. Please direct your request to the privacy officer using the contact details below.
If we believe your request may involve someone else’s personal information, or information protected under FIPPA, we may require you to make a formal request under FIPPA for access to your information.
Before disclosing your personal information, we will require you to verify your identity, so we can be sure that you are the individual whose information is being requested. This helps ensure we protect information in our custody and do not disclose your personal information to unauthorized persons.
The ºÚÁÏÉç takes reasonable security measures to protect the personal information that is in our custody and under our control.
We may update this notice from time to time to reflect changes to our information practices. We will post any changes to this page.
Privacy-related questions, concerns and complaints
You may send your privacy-related questions, concerns or complaints to the privacy officer who is responsible for ensuring our compliance with this notice and with the appropriate privacy legislation.
Privacy Officer
300-669 Howe Street
Vancouver, BC V6C 0B4
privacy@cpsbc.ca
If the privacy officer is unable to resolve a complaint, you may submit it to:
Office of the Information and Privacy Commissioner
PO Box 9038, Stn Prov Govt
Victoria BC V8W 9A4
Privacy management program
Section 36.2 of FIPPA require the head of a public body to develop a privacy management program for the public body and to do so in accordance with the responsible for FIPPA.
The following is an overview of the ºÚÁÏÉç’s privacy management program.
Requirement: The head of a public body must designate an individual(s) to be responsible for being a point of contact for privacy-related matters such as privacy questions or concerns; supporting the development, implementation, and maintenance of privacy policies and/or procedures; and supporting the public body’s compliance with FIPPA.
For FIPPA purposes, the head of the ºÚÁÏÉç is the chief legal counsel. The registrar has delegated all of the duties of the head to the chief legal counsel, and has further designated the privacy officer to be responsible for being a point of contact for privacy-related matters such as privacy questions or concerns; supporting the development, implementation, and maintenance of privacy policies and/or procedures; and supporting the public body’s compliance with FIPPA.
Requirement: FIPPA requires public bodies to have a process for completing and documenting privacy impact assessments (PIAs) for all new systems, projects, programs, or activities. A PIA is a risk management and compliance review process used to identify and address potential privacy and security issues.
The ºÚÁÏÉç has implemented a risk-based approach to conducting PIAs. This process is managed by the records, information and privacy department under the direction of the head.
Requirement: FIPPA requires public bodies to have a documented process for responding to privacy complaints and breaches.
If an individual wishes to make a complaint to the ºÚÁÏÉç about privacy, they may email privacy@cpsbc.ca and include their name, contact information and the nature of the complaint.
The ºÚÁÏÉç investigates and responds to all complaints in accordance with the ºÚÁÏÉç’s privacy complaints process.
The process for investigating and responding to privacy breaches is set out in the ºÚÁÏÉç’s corporate policy on Protection of Privacy Policy and Procedures for Management of Personal Information.
Requirement: FIPPA requires public bodies to have privacy awareness and education activities to ensure employees are aware of their privacy obligations. These activities may be scaled to meet the volume and sensitivity of personal information in the custody or under the control of the of the public body and should be undertaken at timely and reasonable intervals.
The ºÚÁÏÉç provides privacy training to all new employees as part of their onboarding process. Targeted refresher training sessions are offered throughout the year in addition to mandatory annual all-staff training.
Requirements: FIPPA requires public bodies to make any privacy policies and any documented privacy processes or practices available to employees and where practicable, to the public.
The ºÚÁÏÉç has an updated collection of privacy policies and procedures available to employees and, where applicable, to the public.
Requirements: FIPPA requires public bodies to have method(s) to ensure that service providers are informed of their privacy obligations (e.g. awareness activities, contractual terms that address privacy obligations).
The ºÚÁÏÉç requires that any department that engages a service provider complies with the ºÚÁÏÉç’s corporate policy on Protection of Privacy Policy and Procedures for Management of Personal Information. Among these requirements is an obligation to conduct a PIA if personal information is involved, to sign a confidentiality agreement and privacy schedule, or any other agreement that the ºÚÁÏÉç deems appropriate.
Requirement: FIPPA requires public bodies to have a process for regularly monitoring the privacy management program and updating it as required, to ensure it remains appropriate to the public body’s activities and is compliant with FIPPA.
The ºÚÁÏÉç’s records, information and privacy department undertakes coordinated monitoring of the operationalization of this privacy management program and reports at least once a year to the senior management team on the effectiveness of the program and any changes that may be recommended.