Line 139: |
Line 139: |
| Organizations should be able to adhere to ethical guidelines on data sharing to address and meet emerging standards and legislative requirements. It is an organization’s responsibility to apply transparency and to respect how data is used within the organization. Using and sharing data in an ethical manner can build trust between the public and the organization. Failing to prioritize privacy, security, consent, and ownership of data can negatively harm an organization’s reputation and credibility (and create the risk of extinction). To share data ethically and legally, an organization must request participants’ consent. How personal data will be used and shared must be communicated transparently to avoid misleading anyone. Furthermore, to keep data private and more generic for future sharing purposes, it can be anonymized by removing participant’s tombstone information such as name, address, and occupation. If data anonymization is considered, it is ideal to plan it during the collection phase. It is necessary to inform third party readers when data has been anonymized. This may be done by using markings in the text for contents that have been previously removed. Additionally, an original data repository copy should always be kept separately and secured to keep a record of all data that has been anonymized in the final product. Third party readers should have valid reasons and the right qualifications to access the original data to ensure data is treated in a careful manner. Data must not be shared when: there is a conflict of interest with the need to protect personal identities; when an organization does not have ownership of the data; and when releasing the data presents a security risk. | | Organizations should be able to adhere to ethical guidelines on data sharing to address and meet emerging standards and legislative requirements. It is an organization’s responsibility to apply transparency and to respect how data is used within the organization. Using and sharing data in an ethical manner can build trust between the public and the organization. Failing to prioritize privacy, security, consent, and ownership of data can negatively harm an organization’s reputation and credibility (and create the risk of extinction). To share data ethically and legally, an organization must request participants’ consent. How personal data will be used and shared must be communicated transparently to avoid misleading anyone. Furthermore, to keep data private and more generic for future sharing purposes, it can be anonymized by removing participant’s tombstone information such as name, address, and occupation. If data anonymization is considered, it is ideal to plan it during the collection phase. It is necessary to inform third party readers when data has been anonymized. This may be done by using markings in the text for contents that have been previously removed. Additionally, an original data repository copy should always be kept separately and secured to keep a record of all data that has been anonymized in the final product. Third party readers should have valid reasons and the right qualifications to access the original data to ensure data is treated in a careful manner. Data must not be shared when: there is a conflict of interest with the need to protect personal identities; when an organization does not have ownership of the data; and when releasing the data presents a security risk. |
| | | |
− | * share data openly by default as per the ''Directive on Open Government and Digital Standards'', while respecting security and privacy requirements; data shared should adhere to existing enterprise and international standards, including on data quality and ethics | + | * share data openly by default as per the ''Directive on [https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=28108 Open Government] and Digital Standards'', while respecting security and privacy requirements; data shared should adhere to existing enterprise and international standards, including on data quality and ethics |
| <b>How to achieve:</b> | | <b>How to achieve:</b> |
| * Summarize how the architecture supports sharing data openly by default as per Directive on Open Government and Digital Standards given: | | * Summarize how the architecture supports sharing data openly by default as per Directive on Open Government and Digital Standards given: |
Line 147: |
Line 147: |
| * Ethics | | * Ethics |
| <b>Tools:</b> | | <b>Tools:</b> |
− | * Data Foundation – Implement (Leverage the standard definition) | + | * Data Foundation – Implement (Leverage the standard definition) |
| * Data Catalogue | | * Data Catalogue |
| * Benefits Knowledge Hub | | * Benefits Knowledge Hub |
Line 159: |
Line 159: |
| * ensure data formatting aligns to existing enterprise and international standards on interoperability; where none exist, develop data standards in the open with key subject matter experts | | * ensure data formatting aligns to existing enterprise and international standards on interoperability; where none exist, develop data standards in the open with key subject matter experts |
| <b>How to achieve:</b> | | <b>How to achieve:</b> |
− | * Summarize how the architecture utilises existing enterprise and international data standards | + | * Summarize how the architecture utilises existing enterprise and international data standards |
| * Summarize how the architecture has developed any data standards through open collaboration with key subject matter experts and the Enterprise Data Community of Practice. | | * Summarize how the architecture has developed any data standards through open collaboration with key subject matter experts and the Enterprise Data Community of Practice. |
| <b>Tools:</b> | | <b>Tools:</b> |
Line 170: |
Line 170: |
| * ensure that combined data does not risk identification or re‑identification of sensitive or personal information | | * ensure that combined data does not risk identification or re‑identification of sensitive or personal information |
| <b>How to achieve:</b> | | <b>How to achieve:</b> |
− | * Summarize how the architecture ensures the aggregation and combing of data does not pose a risk to information sensitivity or personal information | + | * Summarize how the architecture ensures the aggregation and combing of data does not pose a risk to information sensitivity or personal information |
| | | |
| | | |