514
edits
Changes
GC Enterprise Architecture/Framework/DataGuide (view source)
Revision as of 10:17, 26 February 2021
, 10:17, 26 February 2021no edit summary
=== Use and share data openly in an ethical and secure manner ===
=== Use and share data openly in an ethical and secure manner ===
* share data openly by default as per the ''Directive on Open Government and Digital Standards'', while respecting security and privacy requirements; data shared should adhere to existing enterprise and international standards, including on data quality and ethics
* share data openly by default as per the ''Directive on Open Government and Digital Standards'', while respecting security and privacy requirements; data shared should adhere to existing enterprise and international standards, including on data quality and ethics
<b>How to achieve:</b>
* Summarize how the architecture supports sharing data openly by default as per Directive on Open Government and Digital Standards given:
* Existing ESDC and GC data standards and policies
* International data standards; and the Privacy Act,
* Fitness for purpose
* Ethics
<b>Tools:</b>
* Data Foundation – Implement (Leverage the standard definition)
* Data Catalogue
* Benefits Knowledge Hub
* Data Lake (growth)
* Data Science and Machine Platform
* Theoretical Foundation
* EDRM (Conceptual and Logical)
* Business Glossary
* Departmental Data Strategy
* ensure data formatting aligns to existing enterprise and international standards on interoperability; where none exist, develop data standards in the open with key subject matter experts
* ensure data formatting aligns to existing enterprise and international standards on interoperability; where none exist, develop data standards in the open with key subject matter experts
<b>How to achieve:</b>
* Summarize how the architecture utilises existing enterprise and international data standards
* Summarize how the architecture has developed any data standards through open collaboration with key subject matter experts and the Enterprise Data Community of Practice.
<b>Tools:</b>
* Data Standards
* NIEM
* OpenData
* National Address Register
* Reference Data Repository
* ensure that combined data does not risk identification or re‑identification of sensitive or personal information
* ensure that combined data does not risk identification or re‑identification of sensitive or personal information
<b>How to achieve:</b>
* Summarize how the architecture ensures the aggregation and combing of data does not pose a risk to information sensitivity or personal information
=== Design with privacy in mind for the collection, use and management of personal Information ===
=== Design with privacy in mind for the collection, use and management of personal Information ===
* ensure alignment with guidance from appropriate institutional ATIP Office with respect to interpretation and application of the ''Privacy Act'' and related policy instruments
* ensure alignment with guidance from appropriate institutional ATIP Office with respect to interpretation and application of the ''Privacy Act'' and related policy instruments
<b>How to achieve:</b>
* Describe how the architecture aligns to guidance of the ATIP Office around personal information regulatory framework; policy framework; and consent directives
* assess initiatives to determine if personal information will be collected, used, disclosed, retained, shared, and disposed
* assess initiatives to determine if personal information will be collected, used, disclosed, retained, shared, and disposed
<b>How to achieve:</b>
* Has the initiative assessed if personal information will be collected, used, disclosed, retained, shared, and disposed
* only collect personal information if it directly relates to the operation of the programs or activities
* only collect personal information if it directly relates to the operation of the programs or activities
<b>How to achieve:</b>
* Summarize how the architecture ensures the personal information collected is directly required to the operational of the programs or activities
* notify individuals of the purpose for collection at the point of collection by including a privacy notice
* notify individuals of the purpose for collection at the point of collection by including a privacy notice
<b>How to achieve:</b>
* Does the solution’s privacy notice provide the purpose for collecting this personal information
* Does the solution provide a privacy notice at the point of personal information collection
* personal information should be, wherever possible, collected directly from individuals but can be from other sources where permitted by the ''Privacy Act''
* personal information should be, wherever possible, collected directly from individuals but can be from other sources where permitted by the ''Privacy Act''
<b>How to achieve:</b>
* Does the architecture collect personal information directly from the individual
* If no, what personal information is collect form other sources and does it comply with the Privacy Act and the consent directive of the source
<b>Tools:</b>
* Target State Architecture
* Interim State Architecture
* personal information must be available to facilitate Canadians’ right of access to and correction of government records
* personal information must be available to facilitate Canadians’ right of access to and correction of government records
<b>How to achieve:</b>
* Summarize how the architecture facilitates Canadian's right to access their personal information records
* Summarize how the architecture facilitates Canadian's right to correct their personal information records
<b>Tools:</b>
* Target State Architecture
* Interim State Architecture
* design access controls into all processes and across all architectural layers from the earliest stages of design to limit the use and disclosure of personal information
* design access controls into all processes and across all architectural layers from the earliest stages of design to limit the use and disclosure of personal information
<b>How to achieve:</b>
* Summarize how the architecture limits the use and disclosure of personal information in accordance to the privacy legislative; policy frameworks and consent directives
* design processes so personal information remains accurate, up‑to‑date and as complete as possible, and can be corrected if required
* design processes so personal information remains accurate, up‑to‑date and as complete as possible, and can be corrected if required
<b>How to achieve:</b>
* Summarize how the architecture ensures personal information remains accurate
* Summarize how the architecture ensures personal information remains up-to-date
* Summarize how the architecture ensures personal information remains complete as possible
* Summarize how the architecture ensures personal information can be corrected if required
<b>Tools:</b>
* Non Functional Requirements
* FUnctional Requirements
* de‑identification techniques should be considered prior to sharing personal information
* de‑identification techniques should be considered prior to sharing personal information
<b>How to achieve:</b>
* Outline the de-identification techniques used by the architecture in sharing personal information
* in collaboration with appropriate institutional ATIP Office, determine if a Privacy Impact Assessment (PIA) is required to identify and mitigate privacy risks for new or substantially modified programs that impact the privacy of individuals
* in collaboration with appropriate institutional ATIP Office, determine if a Privacy Impact Assessment (PIA) is required to identify and mitigate privacy risks for new or substantially modified programs that impact the privacy of individuals
* establish procedures to identify and address privacy breaches so they can be reported quickly and responded to efficiently to appropriate institutional ATIP Office
<b>How to achieve:</b>
* Describe how the architecture addresses the recommendations of the PIA
* If not all recommendations of the PIA are being addressed, outline how the business will address any residual risks of the PIA
* establish procedures to identify and address privacy breaches so they can be reported quickly and responded to efficiently to appropriate institutional ATIP Office
<b>How to achieve:</b>
* Are procedures established to identify and address privacy breaches
* Summarize how the architecture enables/supports these procedures
<b>Tools:</b>
* Business Process Model
@fr|
@fr|