At the College of Nurses of Ontario (“CNO”), your privacy is of great importance to us. CNO is committed to the protection of the personal information of anyone who shares their information with us. This includes members of the public, current nurse members, past nurse members, nurse applicants, website visitors and other individuals whose personal information is entrusted to CNO.

Please note that this Privacy Policy replaces the former Privacy Code. Where you see the term “Privacy Code”, please refer to this document.

Policy Contents:

Accountability for Your Privacy

CNO takes full responsibility for the protection of personal information, including personal health information it collects. Personal information and personal health information is collected and managed under the general authority of the Regulated Health Professions Act, 1991, S.O. 1991, c. 18 (the “RHPA”); the Nursing Act, 1991, S.O. 1991, c. 32; their regulations; and CNO’s by-laws. In fulfilling its mandate as a regulatory body, CNO follows the privacy best practice principles contained in the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96.

CNO has an appointed Privacy Officer who oversees information handling practices and CNO’s Privacy Office. The Privacy Officer’s duties include:

  • Developing and reviewing internal procedures to protect personal information;
  • Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
  • Ensuring all inquiries and complaints relating to privacy are appropriately handled; and
  • Ensuring the appropriate contractual commitments are in place for third-party service providers with whom CNO shares personal information.

Personal Information & How We Collect It

‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes your name, contact information, birth date, educational background, or work history as well as any sensitive information such as financial or health data. Personal information does not include aggregate information that cannot be linked to a specific individual.

Personal health information is Identifying information about an individual in oral or recorded form that relates to health care, health history, providers, eligibility, payments, or coverage.

Personal Information and personal health information will be referred to as ‘Personal Information’ for the duration of this policy.

CNO collects personal information with your knowledge and consent in several ways, for example:

  • We collect personal information from members of the public when they inform us of concerns about a nurse’s practice or conduct or submit a ‘Make a Complaint’ form;
  • We collect personal information from nurse members and applicants through application and renewal forms, and member learning plans and assessments.
  • We collect personal information about nurse members and applicants from records provided by third parties. For example, with your authorization, licensing exam providers and educational institutions provide personal information to CNO.

There are instances where CNO has the legal authority to obtain records and collect, use, and disclose personal information and personal health information without consent. For example, we may do this in the course of a professional conduct investigation, or to protect the interests or safety of the public.

We identify when information may be provided optionally and when it is necessary in order to fulfill our obligations as a regulatory health college. Your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of a notice to withdraw consent, we will inform you of the consequences of withdrawing your consent, which may include the inability to remain a member of CNO.

Using Your Information

To fulfill our mandate and duties under the RHPA, we use personal information for the following purposes:

  • To maintain the public register: The “Find a Nurse” service is available to the public at https://registry.cno.org/;
  • To assess conformance to entry-to-practice competencies;
  • To assess eligibility for registration, membership renewal or reinstatement;
  • To respond to requests for examination accommodation;
  • To process applications and process payments;
  • To assess members’ continued competence through CNO’s Quality Assurance Program;
  • To enforce standards of practice and conduct;
  • To address risks to the public when alerted that there is a concern about a nurse’s practice or conduct.);
  • To verify one’s identity and respond to requests or specific inquiries;
  • To carry out CNO’s operations, including selecting members for appointment to committees and contacting potential volunteers and focus group participants;
  • To support all activities of Council and Committee members;
  • To inform you about CNO initiatives or important updates;
  • For data analytics and to compile aggregate statistics for internal reporting purposes;
  • To assess and manage risk, including detecting and preventing fraud or error; and
  • To meet auditing, legal and regulatory processes, and requirements.

Sharing Your Information

CNO takes all reasonable steps to protect the interest of individuals when disclosing personal information. We do not disclose personal information for purposes other than those for which it was collected unless you have provided consent to do so or if we are required/permitted by law to disclose the information.

When CNO is notified about a nurse’s practice or conduct, we contact the nurse to inform them of the complaint. We may be required/permitted by law to disclose a limited amount of personal information without explicit consent.

CNO members may consent to releasing their name, email and/or mailing address to the following external parties:

  • Educational institutions conducting research in nursing;
  • Entities providing information on continuing education opportunities; and
  • Nursing organizations (for example, unions and professional associations).

Without your explicit consent, we also share your personal information with:

  • Government entities as required for specific programs such as the federal Canadian Institute for Health Information Nursing Database, the Ontario Ministry of Health’s Health Professions Database and eHealth Ontario; and
  • Third-party service providers who assist us in fulfilling our mandate, including outsourced IT partners.

We take reasonable steps to ensure that any third-party service providers who we entrust with your personal information are reputable and have safeguards in place to protect this information. In working with service providers, your personal information may be transferred to a foreign jurisdiction to be processed or stored. Additionally, such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.

Our Website Practices

When you visit CNO’s website, we automatically receive and record information on our server logs from your browser or mobile platform, including the date and time of your visit, your IP address, unique device identifier, browser type and other device information (such as your operating system version and mobile network provider) via cookies. By setting cookies, CNO is able to enhance a user’s online experience (e.g. once you are logged in to the member portal, you are able to move between webpages without having to re-enter your credentials). You can disable cookies through your website browser, but this may affect your user experience.

The information we collect when you visit CNO’s website helps us analyze and improve the performance of our digital services. CNO uses Google Analytics for web statistical analysis. If you wish, you may opt-out of being tracked by Google Analytics by disabling or refusing the cookies; by disabling JavaScript within your browser; or by using the Google Analytics Opt-Out Browser Add-On.

CNO makes no effort to personally identify you based on your visit to our site unless we must do so for the protection of the public or for an on-going investigation.

Keeping Your Information Safe

CNO has implemented physical, organizational, and technical security measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by CNO significantly reduce the likelihood of a data security breach.

Here are some examples of the security controls we have in place:

  • Secure office premises with key card access;
  • The use of encryption, such as a secure portal for document transfers and encrypted mobile devices;
  • Robust authentication processes, including multi-factor authentication and complex passwords;  
  • Limited access to personal information by employees who need the information to perform their work-related duties;
  • The use of data centers with effective physical and logical data security controls;
  • Requiring third-party service providers contractually commit to protecting the personal information entrusted to them;
  • Locked filing cabinets, secure printing and shredding bins for paper records; and
  • Annual privacy and data security training for all employees to raise awareness of data protection responsibilities.

Further, we recommend that you do your part in protecting yourself from unauthorized access to your personal information. For example, ensure your member portal login credentials are not shared with anyone. CNO is not liable for any unauthorized access to your personal information that is beyond our reasonable control.

Accessing Your Personal Information

You can make a written request for access to your personal information at any time, and also request that it be corrected if there are any inaccuracies. To make an access request, complete the Request for Access to Personal Information Form. This form is also available through Customer Service or by contacting the Privacy Office. You will need to provide as much information as you can to help us process your request and locate the information you require.

If you need assistance in preparing your access request, please contact us and we would be pleased to help you. Upon request, CNO will also inform you of how your personal information has been or is being used, and who your personal information has been shared with.

CNO responds to access requests within 30 days unless an extension of time is required. However, there may be circumstances where access is refused or only partial information is provided, for example, in the context of an on-going investigation or to avoid harm to another individual.

How Long We Keep Your Information

CNO retains personal information for as long as necessary to fulfill legal or business purposes and in accordance with our retention schedules. Once your information is no longer required by CNO to meet legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that information may be retained for a lengthier period of time due to an on-going investigation or legal proceeding, and that residual information may remain in back-ups for a period of time after its destruction date.

Our Privacy Complaint and Breach Management Process

CNO takes privacy complaints very seriously and has a procedure in place for managing any privacy-related concerns to ensure that they are responded to in a timely and effective manner. CNO’s Privacy Officer oversees the containment, investigation and corrective actions for all privacy breaches and incident.

External Links and Social Media

We may offer links from our website to the sites of third parties who can provide services to you. CNO makes no representations as to such third parties’ privacy practices and we recommend that you review their privacy policies before providing your personal information to any such third parties.

CNO’s use of social media serves as an extension of our presence on the Internet and helps us build a positive brand image as well as provide useful information to the public. Social media account(s), such as CNO’s Facebook and Twitter accounts, are not hosted on CNO’s servers. Users who choose to interact with CNO via social media should read the terms of service and privacy policies of these services/platforms.

Updates to this Policy

We may update this Privacy Policy from time to time to better reflect our current personal information handling practices and encourage you to review this document frequently. The “Last Updated” date at the bottom of this Privacy Policy indicates when changes to this policy were published and are thus in force.

Getting in Touch

Any inquires, concerns or complaints regarding privacy should be directed to CNO’s Privacy Office at:

Privacy Office
College of Nurses of Ontario
101 Davenport Road
Toronto, ON
M5R 3P1
Tel: 416-928-0900 or 1-800-3875526 (toll-free in Canada), Ext. 7633
privacyofficer@cnomail.org

Thank you for your continued trust in the College of Nurses of Ontario.

 Last reviewed February 24, 2022