Changes

<!-- NAV end -->

<!-- NAV end -->

<i><h3> This is a draft copy of the proposed updates to the GC EA standards </h3></i>

<i><h3> This is a draft copy of the proposed updates to the GC EA standards </h3></i>

<b>Data Storage</b>

<b>Data Storage</b>

* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i></u>

* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i>

* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I></u> and <I><u>legislation such as</I></u> the Privacy Act

* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I> and <I><u>legislation such as</I> the Privacy Act

* <I><u>Retain data for the minimum time necessary.</u></I> Follow existing retention and disposition schedules

* <I><u>Retain data for the minimum time necessary.</u></I> Follow existing retention and disposition schedules

* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability

* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability

<b>Data Sharing</b>

<b>Data Sharing</b>

* Data should be shared openly by default as per the Directive on Open Government <I><u>while taking into consideration existing laws and regulations the safeguarding of security and the privacy of data, while permitting free and open access</I></u>

* Data should be shared openly by default as per the Directive on Open Government <I><u>while taking into consideration existing laws and regulations the safeguarding of security and the privacy of data, while permitting free and open access</I>

* Ensure government-held data can be combined with data from other sources enabling interoperability and interpretability through for internal and external use

* Ensure government-held data can be combined with data from other sources enabling interoperability and interpretability through for internal and external use

* Reduce existing data where possible

* Reduce existing data where possible

* Encourage data sharing and collaboration

* Encourage data sharing and collaboration

* <I><u>Validate or transform all external input before processing</I></u>

* <I><u>Validate or transform all external input before processing</I>

|}

|}

<b>Use Cloud first</b>

<b>Use Cloud first</b>

* Enforce this order of preference: Software as a Service (SaaS) first, then Platform as a Service (PaaS), and lastly Infrastructure as a Service (IaaS)

* Enforce this order of preference: Software as a Service (SaaS) first, then Platform as a Service (PaaS), and lastly Infrastructure as a Service (IaaS)

* Enforce this order of preference: Public cloud first, then Hybrid cloud, then Private cloud, and lastly non-cloud (on-premises) solutions

* Enforce this order of preference: Public cloud first, then Hybrid cloud, then Private cloud, and lastly non-cloud (on-premises) solutions

* Implement security measures to assure the protection of personal information

* Implement security measures to assure the protection of personal information

* Take into consideration the 7 foundational privacy design principles when designing services.

* Take into consideration the 7 foundational privacy design principles when designing services.

</i></u>

</I>

|}

|}