Background

CPD Home provides Australian registered medical specialists, international medical graduates, PGY2+ trainees and non-vocationally registered medical practitioners a CPD Program of Learning (CPD Program). CPD Home aims to provide a CPD Program that address a wide range of learning to meet the continuing professional development needs of its subscribers.

CPD Home is committed to supporting its subscribers to:

• undertake meaningful professional development
• meet their Continuing Professional Development (CPD) requirements under the Medical Board of Australia’s (MBA)’s Registration Standard: Continuing Professional Development (the Standard)
• easily demonstrate that they have done so should they be audited by the MBA.

Purpose

To outline provisions for protecting subscriber privacy.

Objective

To make clear how CPD Home will protect the privacy of its subscribers.

Scope

This policy applies to all subscribers to CPD Home.

Definitions

Please refer to the Glossary for definition(s) of terms that apply to this policy.

Policy

CPD Home collects personal information from persons enquiring about or applying for the CPD Home service. This may include subscribers, members of the public, journalists, government agencies and other organisations seeking information or comment about our services, visitors to our website, and individuals purchasing services from us and from our suppliers. CPD Home will do its utmost to protect any sensitive information collected in the process.

Personal information is collected directly and indirectly where required from individuals when they subscribe to or make contact with CPD Home. Personal information may include full name, contact details, payment details and may include other personal information (e.g. professional details). Information collected may be provided directly by you such as when completing a form, corresponding, or communicating with us (including in person, digitally, telephonically or electronically).

CPD Home may also collect personal information indirectly via publicly available sources such as websites, social media, directories and databases. Personal information may also be collected indirectly while providing a service or managing a complaint. This may include via authorised representatives of the individual; CPD activity supporting documents; CPD Home staff or service providers; regulatory bodies authorities and bodies, professional or specialist societies or associations. We also collect information about subscribers’ use of the service, such as CPD activity completions or views.

Use and storage of personal information

CPD Home uses this information to:

• verify your eligibility to access the services of the CPD Home and any applicable discounts
• inform you about the services, learning, products, events and publications we provide
• provide you with CPD Home services
• enable the CPD tracking software to assist you to manage your CPD activities and reporting
• improve our services, for example, to understand which learning topics are popular or to support website improvements for subscribers
• communicate with you about your CPD compliance
• report your compliance status to the Medical Board of Australia to meet the Standard’s framework.

We store your information in electronic systems housed in the Cloud under our control. We take appropriate steps to protect the security of the information we hold about you, including protections against unauthorised access, virus or other electronic intrusions, fire, theft or loss. We require any contracted providers of IT services to do the same.

Our staff are bound by strict requirements regarding the protection of the privacy of the information we collect and hold about you. We or any contracted providers of IT services may use servers, systems and cloud computing providers outside of Australia. Our contracts with them require them to protect the privacy of your information when held on these servers and/or using cloud computing. Our contractors are also required to comply with the Privacy Act 1988 (Cth).

Use of personal information for direct marketing

Australian privacy law limits the use of personal information for direct marketing of goods and services. We use your personal information to keep you informed about CPD Home services, products, events and publications.

Where we send you direct marketing material about our services, we provide you with a means to advise us that you no longer wish to receive some or all of this material.

If at any time you have a concern about direct marketing material you have received from us, or you wish to change your preferences in relation to receipt of future material, please contact us at enquiries@cpdhome.org.au

Information updates or amendments

CPD Home subscribers can easily update their information by visiting www.cpdhome.org.au or by contacting the CPD Home team by emailing enquiries@cpdhome.org.au.

Information held

Under the Privacy Act 1988 (Cth), you have rights of access to personal information we hold about you. These rights also include correction of any errors in this information. Should you wish to access this information, please contact us at enquiries@cpdhome.org.au. Unless the access you request will require special steps or significant resources, there will be no charge for providing you with this access.

Information sent overseas

In addition to the use from time to time of data storage and cloud providers, we may provide deidentified data to overseas bodies. For example, we may provide deidentified data on the uptake of specific CPD activities to a certified learning provider which could be based overseas.

Retaining personal information

We generally keep your personal information active for as long as is reasonably required to enable us to meet your needs. We keep subscriber records and other personal information on file to enable us to undertake statistical and historical analysis and reporting. As part of our data security, we regularly backup and archive our electronic databases.

Non-subscriber information will be retained for up to 7 years.

Suspected or known data breach

If we suspect or know there has been a data breach, in line with the Australian Information Commissioner’s guide for managing and responding to data breaches, we will act to:

• Contain – the breach to prevent any further compromise of personal information
• Assess – the situation to determine how the breach occurred and evaluate the risks, including any potential harm to affected individuals, and where possible take remedial action to reduce any risk of harm
• Notify – individuals and the Commissioner, as may be required, and in a manner deemed appropriate
• Review – the incident and take action to prevent further breaches.

If you would like further information regarding how we collect, store, use or disclose your personal information, or have any issues or concerns, please contact CPD Home by emailing enquiries@cpdhome.org.au.

Related Documents / Legislation

The following documents are related to this policy.

1. Privacy Act 1988
2. Office of the Australian Information Commissioner – Data breach preparation and response A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth)

Appendices

1. Glossary

Version Tracking

Appendix 1

Glossary