586
edits
Changes
Jump to navigation
Jump to search
Line 51:
Line 51: − + Line 60:
Line 60: − +
GC Enterprise Architecture/Framework (view source)
Revision as of 11:29, 6 October 2020
, 11:29, 6 October 2020→Design with privacy in mind for the collection, use and management of personal Information
=== Use and share data openly in an ethical and secure manner ===
=== Use and share data openly in an ethical and secure manner ===
* Share data openly by default as per the Directive on Open Government and Digital Standards, <u>while respecting security and privacy requirements.</u> Data shared should adhere to existing enterprise and international standards, including on data quality and ethics.
* Share data openly by default as per the Directive on Open Government and Digital Standards, while respecting security and privacy requirements. Data shared should adhere to existing enterprise and international standards, including on data quality and ethics.
* Ensure data formatting aligns to existing enterprise and international standards on interoperability. Where none exist, develop data standards in the open with key subject matter experts.
* Ensure data formatting aligns to existing enterprise and international standards on interoperability. Where none exist, develop data standards in the open with key subject matter experts.
* Ensure that combined data does not risk identification or re-identification of sensitive or personal information
* Ensure that combined data does not risk identification or re-identification of sensitive or personal information
* Only collect personal information if it directly relates to the operation of the programs or activities
* Only collect personal information if it directly relates to the operation of the programs or activities
* Notify individuals of the purpose for collection at the point of collection by including a privacy notice
* Notify individuals of the purpose for collection at the point of collection by including a privacy notice
* <u>Personal information should be collected directly from individuals but can be from shared sources where permitted by the Privacy Act</u>
* Personal information should be collected directly from individuals but can be from shared sources where permitted by the Privacy Act
* Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records
* Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records
* Design access controls into all processes and across all architectural layers from the earliest stages of design to limit the use and disclosure of personal information
* Design access controls into all processes and across all architectural layers from the earliest stages of design to limit the use and disclosure of personal information
