EA Assessments Questions
This is a DRAFT COPY of the proposed list of questions for the GC EA Assessment Framework. It is a work IN PROGRESS, and has not undergone any review.
Collect data to address the needs of the stakeholders
- Adopt a needs-based approach to data collection
- Do your data collection processes include an assessment of existing data assets (e.g. as documented in a data inventory and/or catalogue) to minimize redundancy and duplication?
- Collect only the minimum set of data needed to support a policy, program, service, or other function fulfill the business service
- Do you have a mechanism or process in place to ensure that all data collected can be tied to a specific business need (e.g. a policy, program, service, or other operational need) so that you are able to identify excess data?
- Reuse existing data assets and only acquire new data if required
- Do your data collection processes include an assessment of existing data assets (e.g. as documented in a data inventory and/or catalogue) to facilitate data reuse?
- Do you have a process or mechanism in place to assess and control the quality of existing data assets being considered for reuse?
- Do you have a process or mechanism in place to ensure that any reuse of existing data assets complies with privacy and other applicable laws and policies?
- Ensure your data collection methodology, including third party sources, yields high quality data
- Do you have a process or mechanism in place to assess and control the quality of data collected?
Manage data strategically and responsibly
- Define and establish clear roles, responsibilities, and accountabilities for data management
- Do you have a framework or policy that sets out your organization’s data governance structure? At a minimum, the structure would list key data roles in the organization (e.g. steward, custodian, analyst, scientist) and define the responsibilities and decision-making authorities associated with each of them.
- Identify and document the lineage of your data assets.
- Does your data inventory document any information about the lineage of existing data assets? If so, through what process is lineage determined and tracked over time? If not, is this information tracked anywhere else?
- Define retention and disposition schedules and perform regular disposition activities (I’m not sure about the last bit: are disposition activities necessarily regular and, if so, according to whose timetable? What is LAC’s GC policy on this?)
- Do you have a mechanism or process in place to ensure that retention and disposition schedules are determined (at least provisionally) for data collected? This is particularly relevant in the case of personal data, where timelines are set by the Privacy Act.
- Ensure information and data are managed to enable interoperability, reuse and sharing to the greatest extent possible within and with other across departments across the in government to avoid duplication and maximize utility, while respecting security and privacy requirements
- For what data domains and attributes have you developed reference and master data standards?
- To what extent does your organization adhere to existing enterprise-level standards for data?
- What is the percentage of data shared through information sharing agreements?
- To what extent is the data you share with other GC organizations interoperable?
- Do you have a process in place to evaluate whether a certain data need can be addressed by requesting data from a GC organization as opposed to collecting it?
- Contribute to and/or aligned to Enterprise Data taxonomy and classification structures to manage, store, search and retrieve information and data in all formats (I am uncertain about the reasoning here: is it to ‘manage, store, search, and retrieve’? It seems too broad to be relevant to architecture in particular.)
- For what data domains and/or attributes have you developed reference and master data standards?
- For what data domains and/or attributes have you supported the development of enterprise-wide data standards?
Use and share data openly in an ethical and secure manner
- Ensure data formatting aligns to existing enterprise and international standards. Where none exist, develop standards in the open with key subject matter experts, in consultation with the Enterprise Data Community of Practice.
- Data should be shared openly by default as per the Directive on Open Government and Digital Standards, while adhering to existing enterprise and international standards, including on quality or fitness for purpose.
- Do you have a process or mechanism in place to release data assessed for its public value?
- What is the percentage of collected and generated data assets that is released or made available to the public?
- Ensure that combined data does not risk identification or re-identification of sensitive or personal information
- Do you have a risk assessment process or mechanism in place to ensure that combining two or more datasets does not risk compromising the privacy and security of individuals by exposing sensitive or personal information?