Be good data stewards
Be good data stewards
On this page
What is being good data stewards?
Being good data stewards means managing and protecting data responsibly, ensuring its accuracy, privacy, and security throughout its lifecycle. It involves being transparent about how data is used, maintaining its quality, and adhering to relevant laws, policies, and ethical standards. Good data stewardship also includes making data accessible and usable for those who need it while safeguarding it against misuse.
Why is this important?
Good data stewardship is crucial to build public trust and ensure that personal and sensitive information is handled responsibly. It also enables the government to deliver reliable and effective digital services. This foundation is essential for maintaining the integrity and security of digital interactions with Canadians.
How to do it
These are suggested steps on how to be good data stewards. Depending on where you’re at in your process, you might not need to follow every step.
Discover
- Know and understand your obligations. Know and understand the obligations your product needs to meet when collecting, using, storing, retaining and disposing of personal and sensitive information.
- Know what constitutes personal and sensitive information. Understand what constitutes personal and sensitive information so that you know later how it must be managed.
- Determine the security classification. Determine the security classification of the information you will be collecting.
- Establish the purpose of the collection. Clearly define and communicate the specific reasons for which you’ll be collecting data, ensuring they align with your product’s goals. This will help you be more transparent with users about how their data will be used.
- Establish a data management plan. Establish a data management plan that covers every phase of the data lifecycle, including the collection, validation, storage, use, access, sharing and archiving of personal information.
- Establish a risk management plan. Establish a risk management plan and ensure that it includes metrics to measure ethical principles around data collection, use, storage, retention and disposition.
Build
- Document the data you collect. At every step of the development process, have comprehensive documentation of all decisions made related to data stewardship. Do this by using tools like metadata repositories, glossaries, or logs.
- Limit data collection. Minimize the amount of data collected and only gather what is necessary for service delivery.
- Reuse data. When possible, reuse data through data sharing agreements.
- Build for transparency. After going live, anyone should be able to get answers about how their data is being collected, used and stored. Be prepared to provide that information, and make it easy for users
Test
- Store personal information securely. Design and implement secure data storage solutions that protect your user’s data. Ensure that it aligns with the applicable policies.
- Obtain user’s consent. Ensure you have obtained the user’s informed consent before collecting, using, storing and disposing of individual’s personal information. Use consent forms that are easy for users to understand.
- Ensure oversight. Ensure governance and oversight bodies review your product to make sure it remains compliant with policies and no harm is being caused.
Monitor and iterate
- Regularly review your data management practices. Regularly review and update your data management practices to reflect evolving standards, regulations, and emerging threats.
- Regularly perform audits. Review the relevancy of your data and ensure that the data you collect remains relevant to the original purpose for which it was collected. Document your findings, identify any discrepancies, and take corrective actions promptly, while maintaining transparency with your users and stakeholders about the audit process and outcomes.
- Foster a culture of responsibility. Foster a culture of responsibility by enabling team members to prioritize data stewardship and understand their role in protecting data integrity and privacy.
Resources
Principles
- Transparency
- Accountability
- Privacy and confidentiality
- Data quality
- Security
- Accessibility
- Regulatory compliance
Consideration
- Consult with your organization’s information management (IM) and data management experts
Tools and resources
Practical resources to help you through your processes.
Case studies
Talent
- Legal expertise
- Data management and governance
- Privacy expertise
- Data analysts and scientists
- Communication and change management
GC policy instruments
Laws
Policies
Directives, guidelines and standards
GC Communities and Training
Communities of practice
- GC Digital community
- GC Data community
- GC information management (IM) group (only available on the Government of Canada network)
- GC Enterprise data community of practice
Training
- Courses on data (Available only on the Government of Canada network
- ESDC’s digital literacy program (Available only on the Government of Canada network)
Help us improve
This work is iterative, and we will continue to improve on it based on your feedback.
Share your thoughts and suggestions by email: servicedigital-servicesnumerique@tbs-sct.gc.ca
Page details
- Date modified: