Be good data stewards
Be good data stewards
On this page
What is being good data stewards?
Being good data stewards means managing and protecting data responsibly, ensuring its accuracy, privacy, and security throughout its lifecycle. It involves being transparent about how data is used, maintaining its quality, and adhering to relevant laws, policies, and ethical standards. Good data stewardship also includes making data accessible and usable for those who need it while safeguarding it against misuse, including ensuring that non-sensitive data is made open, accessible and usable to the public in alignment with open government principles.
Why is this important?
Good data stewardship is crucial to achieving interoperability, building public trust and ensuring that personal and sensitive information is handled responsibly. It also enables the government to make informed decisions and deliver reliable and effective digital services. This foundation is essential for maintaining the integrity and security of digital interactions with Canadians.
How to do it
These are suggested steps on how to be good data stewards. Depending on where you’re at in your process, you might not need to follow every step.
Discover
- Know and understand your obligations. Know and understand the obligations your product needs to meet when collecting, using, storing, sharing, retaining and disposing of personal and sensitive information, in particular those related to privacy and security requirements.
- Know what constitutes personal and sensitive information. Understand what constitutes personal and sensitive information so that you know later how it must be managed.
- Determine the security classification. Determine the security classification of the information you will be collecting.
- Determine the data that can be made accessible. Identify what non-sensitive data can be made openly accessible.
- Establish the purpose of the collection. Clearly define and communicate the specific reasons for which you’ll be collecting data, ensuring they align with your product’s goals. This will help you be more transparent with users about how their data will be used.
- Establish a data management plan. Establish a data management plan that covers every phase of the data life cycle, including the collection, validation, storage, use, access, sharing and archiving of personal information.
- Establish a risk management plan. Establish a risk management plan and ensure that it includes metrics to measure ethical principles around data collection, use, storage, retention and disposition.
Build
- Use an Enterprise Information Management (EIM) solution. Use an appropriate EIM solution for effective data management.
- Document the data you collect. At every step of the development process, have comprehensive documentation of all decisions made related to data stewardship. Do this by using tools like metadata repositories, glossaries, or logs.
- Document your decisions. Keep track of your decisions regarding which data can be made open. Make sure to include appropriate metadata to make open data usable and accessible.
- Limit data collection. Minimize the amount of data collected and only gather what is necessary for service delivery.
- Reuse data. When possible, reuse data through data sharing agreements.
- Build for transparency. After going live, anyone should be able to get answers about how their data is being collected, used and stored. Be prepared to provide that information and enable users to get it easily.
Test
- Store personal information securely. Design and implement secure data storage solutions that protect your user’s data. Ensure that it aligns with the applicable policies.
- Obtain user’s consent. Ensure you have obtained the user’s informed consent before collecting, using, storing and disposing of individual’s personal information. Use consent forms that are easy for users to understand.
- Ensure oversight. Ensure governance and oversight bodies review your product to make sure it remains compliant with policies and no harm is being caused.
Monitor and iterate
- Regularly review your data management practices. Regularly review and update your data management practices to reflect evolving standards, regulations, and emerging threats.
- Regularly perform audits. Review the relevancy of your data and ensure that the data you collect remains relevant to the original purpose for which it was collected. Document your findings, identify any discrepancies, and take corrective actions promptly, while maintaining transparency with your users and stakeholders about the audit process and outcomes.
- Foster a culture of responsibility. Foster a culture of responsibility by enabling team members to prioritize data stewardship and understand their role in protecting data integrity and privacy.
Resources
Principles
- Transparency
- Accountability
- Privacy and confidentiality
- Data quality
- Security
- Accessibility
- Regulatory compliance
Consideration
- Consult with your organization’s information management (IM) and data management experts
Tools and resources
Practical resources to help you through your processes.
- An introduction to data standards and metadata
- Information management basics
- Guidance for data quality
- Guidance on assessing metadata needs
- Guidance on Preparing Information Sharing Agreements Involving Personal Information
- Guidance on metadata life cycle management
- Guidance on prescribing metadata reference standards
- Data quality toolkit
- Government of Canada Data Competency Framework
- Templates for privacy and consent notices
- Information and records management standard (English only)
Case studies
Talent
- Legal expertise
- Data management and governance
- Privacy expertise
- Data analysts and scientists
- Communication and change management
GC policy instruments
GC Communities and Training
Help us improve
This work is iterative, and we will continue to improve on it based on your feedback.
Share your thoughts and suggestions by email: servicedigital-servicesnumerique@tbs-sct.gc.ca
Page details
- Date modified: