The College is committed to protecting your privacy. We seek to use best practices in holding any personal information we collect. We collect, use and disclose personal information in accordance with our province's Health Professions Act (HPA),
Freedom of Information and Protection of Privacy Act (FIPPA) and other applicable legislation.
Some of the information on our Register is publicly available under
Section 22(1) of the HPA and section 3.05 of the
College Bylaws, some of which can be viewed through our
Nurse Verification Service. This Privacy Statement does not cover that information.
We have people who are responsible for making sure we comply with privacy legislation. Our Registrar/Chief Executive Officer is ultimately accountable for the College's compliance with
If you have questions about our privacy practices, please contact our
back to top
We collect personal information, and where applicable use or disclose that personal information, from our registrants (or “nurses”), people who apply for registration as a nurse (or “applicants”), and other individuals who interact with the College, to:
Contact nurses about our programs or activities, and to obtain nurses' feedback on them.
Obtain opinions and feedback from nurses on nursing regulatory issues
In the course of College operation and administration, we share personal information with these organizations for the following purposes:
1. The B.C. Ministry of Health for the
BC Provider Registry System, who uses nurses' information:
2. A nurse's employer, where required by
Part 4 of the BC Criminal Records Review Act.
Canadian Institute for Health Information (CIHI), who use nurses' information:
4. Other health profession regulators who refer their applicants to
NCAS when they require an applicant to undergo a competency assessment.
5. Third party assessors, employers or educational institutions, when we require an applicant for NP registration to undergo
6. Service providers and contractors contracted to provide services to the College that require them to handle personal information (including service providers for NCAS and CAP). These service providers and contractors agree in writing to protect personal information and comply with FIPPA. The College's contract language is based on language provided by B.C.'s Office of the Chief Information Officer.
Furthermore, we will also share a nurse’s contact information with the following organizations for those nurses who give their consent:
Association of Registered Nurses of British Columbia (ARNBC), for the purpose of receiving newsletters and other communications from them; and
Canadian Nurses Association (CNA) for the purpose of receiving newsletters and other communications (such as Canadian Nurse Magazine) from them.
We share the following information with the
Canadian Nurses Protective Society (CNPS), for the purpose of the administration of CNPS’ professional liability protection program; such sharing is authorized by sections 21 and 22 of the Health Professions Act and sections 33.1(1)(c) and (l) of FIPPA: registrant name, identification number, professional designation, business address, business telephone number and registration status dates.
We do not share registrant e-mail addresses with CNPS unless registrants give their consent for this (for the purpose of receiving information about upcoming CNPS risk management webinars, presentations or workshops and for the purpose of the administration of CNPS’ professional liability protection program).
We also collect information from non-registrants. We explain the reasons when we collect the information.
We only collect personal information from nurses and others when allowed to by law, or with the person's consent.
When we need to collect personal information about someone, we usually get the information directly from that person. We will collect personal information from another source when we:
We only collect and use personal information that is needed to meet the purposes described above.
For credit and debit card payments made to CRNBC, we designed our systems so that credit and debit card information is collected directly on our behalf by our payment processor, Moneris Solutions. We do not collect or store any credit or debit card information ourselves. Any credit or debit card information that CRNBC receives by mail, email or fax will be destroyed without being processed.
We only share nurses' and applicants' personal information with the organizations listed above, unless authorized or required by law or court order, or with the individuals' consent. When we send invitations to participate in third-party research or surveys, we do not share any personal information with that outside organization.
We keep personal information used to make a decision about an individual for a minimum of one year. Other personal information may be kept for longer, for example if required by law for financial records.
The personal information we collect and use is generally stored only in Canada. We however may occasionally use US-based systems and service providers as permitted under
section 33.1(1)(l) of FIPPA. Personal Information stored outside Canada may be accessible to authorities in those jurisdictions according to the law of those jurisdictions.
When personal information no longer needs to be retained, it is destroyed or deleted. Paper containing personal information is shredded on-site by a service provider that provides a certificate of destruction. Personal information in online electronic form is deleted from our information systems.
The CRNBC website uses "cookies", which is an Internet-wide protocol used on almost every website. Cookies are files containing an identifier that are sent by our web server to your web browser, stored in your browser, and returned to us each time your browser requests a page from our server. This identifier does not contain personal information. We use temporary session cookies where registrants need to log into our website. We use Google Analytics for public portions of our website, which uses long-term (persistent) cookies to create reports about the use of our website.
We make every reasonable effort to ensure that personal information is accurate and complete. We may contact you for an update if we become aware that your information is inaccurate.
It is your responsibility to contact us if your information needs to be updated. Nurses are required by
section 17 of the BC Criminal Records Review Act to report any new charges and convictions to the College that are
relevant to their registration.
To update or access your personal information or request a correction of an error or omission:
Members of the public
We are using reasonable security measures to protect the personal information we have collected, such as but not limited to physical and logical access controls, regular application of vendor-issued system updates, and regular monitoring of personal information access logs. These measures are intended to prevent:
an unauthorized person from accessing the information, or
When you connect and interact with CRNBC’s online services (such as the My Professional Plan web app), our IT systems automatically create, collect and record some technical information about those activities. These activity records, also known as metadata, are a necessary and critical element in managing and maintaining the security and integrity of all modern IT systems used by organizations such as CRNBC. For example, an email address you use to connect and interact with our online services may be one piece of information recorded in metadata. This technical information allows CRNBC to, for example, keep track of which connections made it through our system firewall and identify whether a connection was allowed somewhere it was not supposed to be allowed. This helps us meet our obligations to protect the personal information of all of our system users, whether or not you are a CRNBC registrant.
All information provided to CRNBC by registrants or other individuals may be stored temporarily in our system backups, for the purposes of business continuity and disaster recovery. Our system backups are permanently and securely deleted on a regular basis.
Access to the activity records stored in our systems and to our system backups is restricted. Staff of CRNBC program departments are not authorized to have access to system activity records or system backups. Access is available to CRNBC’s legal advisors, Privacy Officer and authorized IT staff and IT providers only, on a need-to-know basis, as necessary to provide you with user support or for purposes related to matters such as: installing, implementing, maintaining, repairing, trouble shooting or upgrading our IT system or system equipment; data or operational recovery following a system or equipment failure; or, other matters related to maintaining information security and confidentiality in our systems and networks or continuity of our business operations. CRNBC’s legal advisors, Privacy Officer, IT staff and IT providers are bound by their legal obligations to maintain the confidentiality of information in CRNBC’s systems, in accordance with applicable laws and CRNBC’s information management and security policies in force from time to time. However, despite these security and confidentiality arrangements, it is possible that CRNBC and its IT service providers may from time to time be compelled to disclose system activity records or system backups, by court order or as otherwise required in accordance with applicable laws.
back to top
We may update this notice from time to time to reflect changes to our information practices. We'll post any changes to this page and, if the changes are significant, we will provide a more prominent notice (including email notification if appropriate). We'll also keep prior versions of this Privacy Notice in an archive for your review.
We encourage you to periodically review our Privacy Notice for the latest information on our privacy practices and to contact us if you have any questions or concerns.
You may send your privacy-related questions, concerns or complaints to our Privacy Officer.
If our Privacy Officer is unable to resolve the concern, you may also write to the Information and Privacy Commissioner of British Columbia.
back to top