Changes

no edit summary
Line 35: Line 35:     
== Information Architecture ==
 
== Information Architecture ==
Information architecture best practices and principles aim to support the needs of a business service and business capability orientation. To facilitate effective sharing of data and information across Government, information architectures should be designed to reflect a consistent approach to data, such as the adoption of federal and international standards. Information architecture should also reflect responsible data management, information management and governance practices, including the source, quality, interoperability, and associated legal and policy obligations related to the data assets. Information architectures should also distinguish between personal and non-personal data and information. For example, the collection, use, sharing (disclosure), and management of personal information must respect the requirements of the ''Privacy Act'' and its related policies.  
+
Information architecture best practices and principles aim to support the needs of a business service and business capability orientation. To facilitate effective sharing of data and information across Government, information architectures should be designed to reflect a consistent approach to data, such as the adoption of federal and international standards. Information architecture should also reflect responsible data management, information management and governance practices, including the source, quality, interoperability, and associated legal and policy obligations related to the data assets. Information architectures should also distinguish between personal and non-personal data and information, as the collection, use, sharing (disclosure), and management of personal information must respect the requirements of the ''Privacy Act'' and its related policies.  
    
=== Collect data to address the needs of the users and other stakeholders ===
 
=== Collect data to address the needs of the users and other stakeholders ===
Line 60: Line 60:  
* Only collect personal information if it directly relates to the operation of the programs or activities
 
* Only collect personal information if it directly relates to the operation of the programs or activities
 
* Notify individuals of the purpose for collection at the point of collection by including a privacy notice
 
* Notify individuals of the purpose for collection at the point of collection by including a privacy notice
* Personal information should be collected directly from individuals but can be from shared sources where permitted by the Privacy Act  
+
* Personal information should be, wherever possible, collected directly from individuals but can be from other sources where permitted by the Privacy Act  
 
* Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records
 
* Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records
 
* Design access controls into all processes and across all architectural layers from the earliest stages of design to limit the use and disclosure of personal information
 
* Design access controls into all processes and across all architectural layers from the earliest stages of design to limit the use and disclosure of personal information