Line 28: |
Line 28: |
| Departments should consider the following: | | Departments should consider the following: |
| | | |
− | *Posting of information on external tools and web services will likely divulge the origin of the | + | *Posting of information on external tools and web services will likely divulge the origin of the information; |
− | information; | + | *All information posted on the internet, regardless of the amount of time it is available, is effectively permanently recorded. There are no control provisions for any information once posted; |
− | *All information posted on the internet, regardless of the amount of time it is available, is effectively | + | *The nature of external tools and web services like social networking sites makes them appealing targets for malicious exploitation. These sites are |
− | permanently recorded. There are no control provisions for any information once posted; | + | inherently prone to malicious users providing links to malware content that can propagate to a department’s infrastructure; |
− | *The nature of external tools and web services like social networking sites makes them appealing | + | *Content on external tools such as Trello, Slack etc. may be stored on servers located outside Canada thus the content along with associated user metadata |
− | targets for malicious exploitation. These sites are inherently prone to malicious users providing links to | + | can be monitored by non-Canadian and /or third party products, services or businesses; |
− | malware content that can propagate to a department’s infrastructure; | + | *Everything that is shared using external tools and web services could be subject to Access to Information and Privacy (ATIP). Public servants must ensure that information related to the mandate of the organisation and/or contains decisions on government activities is properly captured and managed, following information management best practices; and |
− | *Content on external tools such as Trello, Slack etc. may be stored on servers located outside Canada | + | *Public servants are encouraged to verify data retention requirements when using external tools, in accordance with the TBS Policy on Information Management. Some externally provided tools will retain your information even after you have deactivated your account |
− | thus the content along with associated user metadata can be monitored by non-Canadian and /or | |
− | third party products, services or businesses; | |
− | *Everything that is shared using external tools and web services could be subject to Access to | |
− | Information and Privacy (ATIP). Public servants must ensure that information related to the mandate | |
− | of the organisation and/or contains decisions on government activities is properly captured and | |
− | managed, following information management best practices; and | |
− | *Public servants are encouraged to verify data retention requirements when using external tools, in | |
− | accordance with the TBS Policy on Information Management. Some externally provided tools will | |
− | retain your information even after you have deactivated your account | |
| | | |
| ==Heading 3== | | ==Heading 3== |