New national standard for data governance published
May 26, 2020
The Chief Information Officers (CIO) Strategy Council has published a new national standard for data governance aimed at helping organizations operate securely, transparently and uniformly in the digital world.
The new National Standard of Canada for third-party access to data will enable organizations to create a “trust environment” for their third-party interactions and help secure their data assets, said Keith Jansa, executive director of the CIO Strategy Council, an Ottawa-based not-for-profit corporation.
“We’re developing these standards to help inform public policy and future regulation,” Jansa said in an interview. “It provides another tool in the toolbox for regulators and policymakers.”
Data integration and open collaboration require a trust environment where organizations, customers and the public can have the highest confidence that their data assets are secured from potential breaches, he explained. “This new National Standard of Canada (CAN/CIOSC 100-2) provides organizations the right set of controls to secure their third-party interactions.”
Jansa said having such consensus-based national standards would have helped resolve privacy and security concerns that dogged Sidewalk Labs’ proposed “smart city” development (cancelled by the company earlier this month) on Toronto’s waterfront.
Some regulations haven’t kept pace with technology change, which creates uncertainty in the marketplace about deploying new technologies, such as artificial intelligence, he said. Consensus-based national standards can address this uncertainty, including for projects requiring public support, he added.
Navdeep Bains praises new standard
The CIO Strategy Council’s new national standard, which applies to all organizations, including public and private companies, government entities, and not-for-profit organizations, specifies minimum requirements and a set of privacy controls for third-party access to data. The standard covers organizational and risk management, as well as control access and confidentiality.
The Standards Council of Canada has approved the national standard. While the standard is voluntary for organizations, government has the option of incorporating it and other standards being developed into future regulations and policies.
For example, Canada’s Digital Charter establishes principles to guide Ottawa’s work in updating federal legislation on electronic information and privacy.
“I’m pleased to see the CIO Strategy Council advance that work through the development of this national standard, offering businesses the guidelines and framework to ensure that their remote, third-party interactions, and the information shared in the process, are safe,” Navdeep Bains, minister of Innovation, Science and Industry, said in a statement.
The standard, available at no cost, was prepared by the CIO Strategy Council’s Technical Committee on Data Governance, comprised of more than 100 experts and thought leaders from industry, government, academia and civil society.
The council previously published a national standard on the ethical design and use of automated decision systems. Both it and the newly published standard are available here.
Jansa said the council has a third standard, for the data protection of digital assets, now being considered for approval by the Standards Council of Canada.
Also, in February the council received $818,000 over three years from Natural Resources Canada’s $2.42-million Cyber Security and Critical Energy Infrastructure Program to develop a series of cyber-security standards for Industrial Internet of Things devices in the North American electricity sector.