Personal Information Protection Compliance
We require personal information from our registrants. We collect information to carry out the regulation of the practice of dental assisting, as defined in the Health Professions Act (HPA).
As a regulatory body, we must comply with the Personal Information Protection Act (PIPA). The purpose of PIPA is to recognize the right of the individual to have their personal information protected and the need of the organization to collect, use and disclose personal information for reasonable purposes.
Collection of Personal Information
We collect, use and disclose personal information for the purpose of regulating dental assisting, which includes conducting registrations, managing the continuing competence program, and conducting investigations regarding professional conduct. The information we collect includes names, contact information, educational information, payment information, as well as employment history and competence records. All information provided becomes part of a registrant’s record. At registration and renewal, individuals authorize us to collect, use and disclose personal information as required for reasonable matters including fulfillment of statutory requirements.
We collect information in text format, submitted by the registrants, through registration and renewal applications, by mail, fax, or electronic submission by email or through our website. Some contact and employer information is collected verbally, by telephone or in person. Registration records are maintained indefinitely, to ensure that a past registrant’s records can be accessed to fulfill our regulatory role.
Protection of Personal Information
Paper files are stored in locked filing cabinets which are only accessible to our staff, and are kept away from public view.
Our electronic records are maintained in an online system which is protected by authentication processes, with access available only to our staff or to the respective registrant. We secure your personal identifiable information on computer servers in a controlled, secure environment, protected from unauthorized access. When personal information (such as a credit card number) is transmitted, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Our employees are required to sign a confidentiality agreement and are held accountable for maintaining the security and confidentiality of all registrant information. We also require that all Council members, committee members, volunteers, service providers and consultants sign a privacy agreement.
When we destroy records, we shred paper files (using a secure shredding service), delete electronic records and discard and hardware using commonly accepted security standards.
We retain a security service; our premises are monitored at all times.
Collection and Use
Under the HPA, Dental Assistants Profession Regulation (DAPR) and our Bylaws, we will collect and use the following information:
Used to identify registrants, and for workplace demographics
- Canadian government issued identification to verify identity of applicant and/or legal name change
- full name (including former names)
- date of birth
Used to determine status, restrictions, authorization, and conditions
- date of initial registration
- the registrant’s unique registration number
- whether the registrant’s registration is restricted to a period of time (usually Dec 1 to Nov 30)
- any conditions imposed on the registrant’s practice permit (i.e. provisional)
- the status of the practice permit (i.e. registered, courtesy, suspended or cancelled)
- registrant status (active, leave of absence, student)
- advanced practice (orthodontic, preventive, probing, prosthodontic)
- restricted activity authorizations (practices)
- qualifications documentation (i.e. NDAEB certification, education, etc.)
- good character information including disciplinary order or criminal record
- whether the registrant is registered as a dental assistant in another jurisdiction (i.e. verification of standing)
- competence documentation (learning plans, verification of learning, practice hours – collected for a specific purpose, and then destroyed)
Used to contact registrant
- home address, home phone, mobile phone and email
Used to inform employer of cancelled or suspended status, competence program verification, and to contact registrants who can no longer be reached through their home information
- employment status, employer name, start and end dates, hours per week, work telephone and email
Used to determine status, restrictions, authorizations, and conditions
- school of training
- graduation date
- supporting documentation (educational credentials)
Used for historical information for award purposes
- positions held within the organization
- professional awards or honours
Other data collected through communications with registrants
- correspondence (letters received from a specific registrant, or sent by us to a specific registrant)
- consent form giving us permission to collect, use and disclose personal information
- login and security data for website access and identity verification (protected in secure environment, see our Protection of Personal Information Policy)
- payment information (credit card data sent by mail or fax is stored in secure location or destroyed by shredding, once the transaction has been successfully completed, or if in electronic format, protected by encryption)
Professional Conduct Information
Under the HPA, when we conduct an investigation in the area of professional conduct, information provided to an investigator is not used for any other purpose beyond the investigation. Information gathered under this process remains confidential. These documents are filed and maintained separately from registration records, and are only available as described in the HPA. For more information concerning confidentiality issues related to disciplinary actions, contact the Complaints Director.
- continuing competence information submitted by registrants is stored separately from professional conduct (discipline) files
- our staff involved in the professional conduct (discipline) process do not have access to the continuing competence files of members
- information obtained as a result of the Alternative Complaint Resolution process is confidential
- the Complaints Director does not have access to Alternative Complaint Resolution records
We disclose registrant information, only as needed to carry out the business of the College, to councillors, committee members and business affiliates, (i.e. for communication services and information technology support) all of which are required to sign a confidentiality agreement and are held accountable for maintaining the security and confidentiality of any information we provide to them. We may publish aggregate data but must ensure that it is impossible to identify individual registrants. Council members sign a consent document authorizing us to disclose their contact information.
Information disclosed upon general inquiry
Under the HPA, DAPR, and our Bylaws we will release the following information upon general inquiry:
- a regulated member’s full name
- a regulated member’s registration number
- Practice Permit status (Registered, Provisional, Cancelled or Suspended)
- registration period (whether the registrant’s registration is restricted to a period of time)
- any conditions/ restrictions on the practice permit
- authorized practice, whether the registrant is authorized to provide restricted activities/ advanced practices (skills)
- whether the regulated member has been subject to disciplinary action (inquiry referred to Complaints Director, information released according to and within legislative limitations)
Information disclosed to other organizations
We may exchange personal information on individuals with a number of groups, which includes but is not limited to the following:
Alberta Provider Directory (Government reporting)
This information is provided to the Alberta Government to enable it to conduct workplace demographics, initiatives and planning.
- registrant number
- reason for changing to non-regulated status
- date of birth
- registration credentials
- personal contact information
- school of training and graduation date
- dates of registration
Letters of Standing/Verification of Registration/Certificate of Professional Conduct
This information is provided to other regulatory bodies upon request from a registrant and/or a regulatory body:
- registrant number
- registration status history
- authorized practice (skills)
- disciplinary proceedings (if applicable)
- continuing competence audit status
- reason for cancellation/suspension (failure to renew, discipline, or by registrant request)
Individuals’ Access to Their Personal Information
PIPA requires that individuals have access to their personal information. A written request must be submitted to us, and we must respond to the request within 45 days. The request must identify if a copy of the paper record is being requested, or if the applicant wishes to examine the record. Should an individual wish to have copies of the personal information, then an administrative fee of $25 will be assessed. The individual that the information is about, or their authorized representative, may request access to the individual’s personal information. If access is not granted, reasons for the refusal must be provided, and the applicant must be advised of their right to request a decision review by the Privacy Commissioner.
Ongoing Monitoring and Evaluation
We monitor and revise Privacy Policies and Procedures on an ongoing basis. We protect your personal information by training staff on the importance of privacy and the confidentiality of personal information, and by appointing a Privacy Officer who ensures compliance with privacy legislation. Should you have any questions or concerns regarding these policies, contact the Privacy Officer.
Visit the following sites for more information on PIPA:
To view a copy of PIPA and the Regulations, visit the King’s Printer.