At the College of Nurses of Ontario (“CNO”), your privacy is of great importance to us. CNO is committed to the protection of the personal information of anyone who shares their information with us. This includes members of the public, current nurse members, past nurse members, nurse applicants, website visitors and other individuals whose personal information is entrusted to CNO.
- Accountability for Your Privacy
- Personal Information and How We Collect It
- Using Your Information
- Our Website Practices
- Sharing Your Information
- Keeping Your Information Safe
- Accessing Your Personal Information
- How Long We Keep Your Information
- Our Privacy Complaint and Breach Management Process
- External Links and Social Media
- Changes to this Policy
- Getting in Touch
CNO takes full responsibility for the protection of personal information. Personal information is collected and managed under the general authority of the Regulated Health Professions Act, 1991, S.O. 1991, c. 18 (the “RHPA”); the Nursing Act, 1991, S.O. 1991, c. 32; their regulations; and the CNO’s by-laws. In fulfilling its mandate as a regulatory body, CNO respects the privacy best practice principles contained in the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96.
CNO has appointed a Privacy Officer who oversees information-handling practices and CNO’s privacy management program. The Privacy Officer’s duties include:
- Developing and, on a regular basis, reviewing the implementation of internal procedures to protect personal information;
- Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
- Ensuring all inquiries and complaints relating to privacy are appropriately handled; and
- Ensuring the appropriate contractual commitments are in place for third-party service providers with whom CNO shares personal information.
‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes your name, contact information, birth date, educational background or work history as well as any sensitive information such as financial or health data. Personal information does not include aggregate information that cannot be linked to a specific individual.
CNO collects personal information with your knowledge and consent in several ways, for example:
- We collect personal information from members of the public when they inform us of concerns about a nurse’s practice or conduct or submit a Make a Complaint form;
- We collect personal information from nurse members and applicants through application and renewal forms, and member learning plans and assessments.
- We collect personal information about nurse members and applicants from records provided by third parties. For example, with your authorization, licensing exam providers and educational institutions provide personal information to CNO.
There are instances where CNO has the legal authority to obtain records and collect, use and disclose personal information and personal health information without consent. For example, we may do this in the course of a professional conduct investigation, or to protect the interests or safety of the public.
We identify when information may be provided optionally and when it is necessary in order to fulfill our obligations as a regulatory health college. Your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of a notice to withdraw consent, we will inform you of the consequences of withdrawing your consent, which may include the inability to remain a member of CNO.
We collect and use personal information for the following specific purposes:
- To maintain the public register: The “Find a Nurse” service is available to the public at https://registry.cno.org/;
- To assess conformance to entry-to-practice competencies;
- To assess eligibility for registration, membership renewal or reinstatement;
- To respond to requests for examination accommodation;
- To process applications and process payments;
- To assess members’ continued competence through CNO’s Quality Assurance Program;
- To enforce standards of practice and conduct;
- To address risks to the public when alerted that there is a concern about a nurse’s practice or conduct. (There may be contexts in which CNO collects and uses personal health information to fulfill our mandate and duties under the RHPA);
- To verify one’s identity and respond to requests or specific inquiries;
- To carry out CNO’s operations, including selecting members for appointment to committees and contacting potential volunteers and focus group participants;
- To support all activities of Council and Committee members;
- To inform you about CNO initiatives or important updates;
- For data analytics and to compile aggregate statistics for internal reporting purposes;
- To assess and manage risk, including detecting and preventing fraud or error; and
- To meet auditing, legal and regulatory processes, and requirements.
When you use visit CNO’s website, we automatically receive and record information on our server logs from your browser or mobile platform, including the date and time of your visit, your IP address, unique device identifier, browser type and other device information (such as your operating system version and mobile network provider). By setting cookies, CNO is able to enhance a user’s on-line experience (e.g. once you are logged in to the member portal, you are able to move between webpages without having to re-enter your credentials). You can disable cookies through your website browser, but this may affect your user experience.
CNO makes no effort to personally identify you based on your visit to our site unless we must do so for the protection of the public or for an on-going investigation.
CNO takes all reasonable steps to protect the interest of individuals when disclosing personal information. We do not disclose personal information for purposes other than those for which it was collected. We may disclose personal information if you have provided consent to do so or we are required/permitted by law to disclose the information.
When a member of the public notifies CNO of their concerns about a nurse’s practice or conduct, we contact the nurse to inform them of the complaint. We may be required/permitted by law to disclose a limited amount of personal information without your explicit consent in order to address your complaint.
Nurse members are given the opportunity to consent to release (of their name and mailing address only) to the following external parties:
- Educational institutions conducting research in nursing;
- Entities providing information on continuing education opportunities; and
- Nursing organizations (for example, unions and professional associations).
Without your explicit consent, we also share your personal information with:
- Government entities as required for specific programs such as the federal Canadian Institute for Health Information Nursing Database, the Ontario Ministry of Health’s Health Professions Database and eHealth Ontario; and
- Third-party service providers who assist us in fulfilling our mandate, including outsourced IT partners.
We take reasonable steps to ensure that any third-party service providers who we entrust with your personal information are reputable, and have safeguards in place to protect this information. In working with service providers, your personal information may be transferred to a foreign jurisdiction to be processed or stored. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.
CNO has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by CNO significantly reduce the likelihood of a data security breach.
Here are some examples of the security controls we have in place:
- Secure office premises with key card access;
- The use of encryption, such as a secure portal for document transfers and encrypted mobile devices;
- Robust authentication processes, including complex passwords;
- Limited access to personal information by employees who need the information to perform their work-related duties;
- The use of data centers with effective physical and logical data security controls;
- Requiring that third-party service providers contractually commit to protecting the personal information entrusted to them;
- Locked filing cabinets and a secure shredding practice for paper records; and
- Annual privacy and data security training for all employees to raise awareness of data protection responsibilities.
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your personal information. For example, ensure your member portal login credentials are not shared with anyone. CNO is not liable for any unauthorized access to your personal information that is beyond our reasonable control.
We make every effort to ensure that the personal information we hold is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time, and also request that it be corrected if there are any inaccuracies. To make an access request, complete the Request for Access to Personal Information Form. This form is also available through Customer Service or by contacting the Privacy Office. You will need to provide as much information as you can to help us process your request and locate the information you require.
If you need assistance in preparing your access request, please contact us and we would be pleased to help you. Upon request, CNO will also inform you of how your personal information has been or is being used, and who your personal information has been shared with.
CNO responds to access requests within 30 days unless an extension of time is required. However, there may be contexts where access is refused or only partial information is provided, for example, in the context of an on-going investigation or to avoid harm to another individual.
CNO retains personal information for as long as necessary to fulfill legal or business purposes and in accordance with our retention schedules. Once your information is no longer required by CNO to meet legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that information may be retained for a lengthier period of time due to an on-going investigation or legal proceeding, and that residual information may remain in back-ups for a period of time after its destruction date.
CNO takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy-related concerns to ensure that they are responded to in a timely and effective manner. CNO’s Privacy Office oversees the containment, investigation and corrective actions for all privacy breach situations.
We may offer links from our website to the sites of third parties who can provide services to you. CNO makes no representations as to such third parties’ privacy practices and we recommend that you review their privacy policies before providing your personal information to any such third parties.
CNO’s use of social media serves as an extension of our presence on the Internet and helps us build a positive brand image as well as provide useful information to the public. Social media account(s), such as CNO’s Facebook and Twitter accounts, are not hosted on CNO’s servers. Users who choose to interact with CNO via social media should read the terms of service and privacy policies of these services/platforms.
Any inquires, concerns or complaints regarding privacy should be directed to the College’s Privacy Officer at:
Director, Information Systems
College of Nurses of Ontario
101 Davenport Road
Tel: 416-928-0900 or 1-800-3875526 (toll-free in Canada), Ext. 7523
Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about CNO’s policies and practices or assist you with completing an access to information request. Keep in mind however that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way.
Thank you for continued trust in the College of Nurses of Ontario.