Changes

GC Enterprise Architecture/Framework (view source)

Revision as of 11:05, 6 October 2020

361 bytes removed , 11:05, 6 October 2020

→‎Use and share data openly in an ethical, privacy-centric and secure manner

Line 57: Line 57:

* Contribute to and align with enterprise and international data taxonomy and classification structures to manage, store, search and retrieve data

−

=== Use and share data openly in an ethical~~, privacy-centric~~ and secure manner ===

+

=== Use and share data openly in an ethical and secure manner ===

−

* Share data openly ~~(for example on Canada’s Open Data portal)~~ by default as per the Directive on Open Government and Digital Standards, while ~~adhering~~ to existing enterprise and international standards, including on data quality and ethics

+

* Share data openly by default as per the Directive on Open Government and Digital Standards, while respecting security and privacy requirements. Data shared should adhere to existing enterprise and international standards, including on data quality and ethics.

−

* Ensure data formatting aligns to existing enterprise and international standards on interoperability. Where none exist, develop data standards in the open with key subject matter experts~~, in consultation with the Enterprise Data Community of Practice~~

+

* Ensure data formatting aligns to existing enterprise and international standards on interoperability. Where none exist, develop data standards in the open with key subject matter experts.

−

* ~~~~Ensure that combined data does not risk identification or re-identification of personal information ~~– de-identification techniques should be considered prior to sharing personal information~~

+

* Ensure that combined data does not risk identification or re-identification of sensitive or personal information

−

=== ~~~~Design with privacy in mind for the collection, use and management of personal Information~~~~ ===

+

=== Design with privacy in mind for the collection, use and management of personal Information ===

−

* ~~~~Consult ~~the departmental~~ ATIP Office, ~~reference~~ the ~~Privacy Act and Access to Information Act for guidance~~ and application of the ~~policies.~~

+

* Consult your institution’s ATIP Office, for assistance with the interpretation and application of the ''Privacy Act'' and its related policy instruments

−

* ~~~~Determine if the initiative will be collecting, using, disclosing, retaining sharing and disposing personal information~~, which is any recorded information about an identifiable individual~~

+

* Determine if the initiative will be collecting, using, disclosing, retaining sharing and disposing personal information

−

* ~~~~Only collect personal information if it directly relates to the operation of the programs or activities~~~~

+

* Only collect personal information if it directly relates to the operation of the programs or activities

−

* ~~~~Notify individuals of the purpose for collection at the point of collection by including a privacy notice~~~~

+

* Notify individuals of the purpose for collection at the point of collection by including a privacy notice

−

* Design processes so personal information remains accurate, up-to-date and as complete as possible, and the ability to correct

+

* Personal information should be collected directly from individuals but can be from shared sources where permitted by the Privacy Act

−

* Personal information should be collected directly from individuals but can be from shared sources where permitted by the Privacy Act

+

* Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records

−

* ~~~~Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records~~~~

+

* Design access controls into all processes and across all architectural layers from the earliest stages of design to limit the use and disclosure of personal information

−

* ~~Conduct a Privacy Impact Assessment (PIA) to identify and mitigate privacy risks for new or substantially modified programs when personal information is identified~~

+

* Design processes so personal information remains accurate, up-to-date and as complete as possible and can be corrected if required

−

* Perform Algorithmic Impact Assessment (AIA) to support risk mitigation activities when deploying an automated decision system as per Directive on Automated Decision Making

+

* De-identification techniques should be considered prior to sharing personal information

−

* Design access controls into all processes and across all architectural layers from the earliest stages of design to limit use ~~to “need to know” and~~ disclosure of, and ~~access~~ to personal information~~~~

+

* In collaboration with your ATIP officials, determine if a Privacy Impact Assessment (PIA) is required to identify and mitigate privacy risks for new or substantially modified programs that impact the privacy of individuals

−

* ~~~~Establish procedures to address privacy breaches so they can be reported ~~to the ATIP Office~~ and ~~measures~~ to ~~contain, and manage the breach~~ efficiently ~~and effectively~~

+

* Establish procedures to identify and address privacy breaches so they can be reported quickly and responded to efficiently within your institution

== Application Architecture ==

Floyd.pushelberg

586

edits