Take care of information and data

Protect users’ privacy

Privacy protections are crucial to preventing harm to users and maintaining trust in government services. To take a proactive and preventative approach to privacy: 

• Remember that a Privacy Impact Assessment must be completed prior to the release of every system, program or project and updated after any major changes
• Know when you are working with personal information and understand the legislation and policies that protect it 
• Begin addressing privacy concerns early and use good privacy practices to minimize harm to users 
• Consider Privacy by Design in planning and designing your service 
• Audit or review your privacy protections regularly 
• Ensure staff receive privacy training that supports them in identifying privacy considerations and risks relevant to their role  
• Contact your Ministry Privacy Officer if you need support or guidance

Make your service secure

Strong security practices are an essential part of creating trust in our services. Whatever the technical details of your service, using defensible security practices can help you defend it from threats. To secure your service: 

• Complete a Security Threat and Risk Assessment before your service goes live and update it throughout the service’s lifecycle 
• Consult ministry security experts early to predict security risks and concerns and plan to address them 
• Assess the sensitivity of information your system will use and decide on how to protect it 
• Practice good security hygiene by using essential security measures to address issues before they arise 
• Plan ahead to ensure you have the resources and support you will need to secure your service for its entire lifecycle 
• Review your security measures often and ensure they comply with government policies and standards  
• Check for new threats throughout your service’s lifecycle, using automated processes where appropriate 
• Have up-to-date documentation of the details of your system, relevant threats and measures in place to address them 

Manage data effectively

The foundation of a digital government is ethical, accurate accessible data. The way we manage data should make it easy to find, access and reuse. This in turn can improve service delivery and enable data-driven decision making. To manage data more effectively in your work: 

• Focus on making data more findable, accessible, interoperable and reusable 
• Plan how you will manage data for its entire lifecycle, from creation or collection to final disposition 
• Create and collect data using methods that reduce duplication and inefficiency  
• Document your data holdings, your team’s accountabilities for data management and your purpose for creating or collecting data  
• Have practices to assess, maintain and improve the quality of your data so it meets government and user needs 
• Capture appropriate metadata and use interfaces that support data interoperability by making it easy to exchange and reuse  
• Re-assess your data management practices often to build your team’s maturity and ensure legal and policy compliance  
• Use shared data services like the Data Catalogue and data sharing programs like the Data Innovation Program
• Ensure migration of data complies with the Redundant Source Information Schedule 

Alignment guide

The alignment guide is intended to be used with the supporting context of the related practice and resources. This guide provides examples of what the implementation of this practice may look like and defines a range of competence within the practice area.