Data governance for the delivery of community and human services

Designation Number:

CAN/DGSI 100-11

Standard Type:

National Standard of Canada - Domestic

Standard Development Activity:

New Standard

ICS code(s):

03.100.02 03.100.40 35.020 35.030

Status:

Proceeding to development

SDO Comment Period Start Date:

2023-05-16

SDO Comment Period End Date:

2023-06-07

Posted On:

2023-05-05

Scope:

This proposed standard aims to specify minimum requirements for the responsible and privacy-preserving collection, storage, use, and sharing of personal information by organizations delivering community and human services. Considerations are given to: ● client/beneficiary and donor data; ● data governance and management practices; ● privacy regulations and other applicable legislation; ● relevant ethical guidelines and practices; and ● requirements for service providers, funders, and technology vendors.

Project need:

Canada’s community and human service providers deliver services and support to vulnerable and at-risk individuals. The vast majority of these organizations collect and use some amount of client data. Some of this data is sensitive – such as participation in addiction treatment, a health diagnosis, or experience of violence. Beyond client information, many also collect financial donations by individuals. This financial support can be critical to their success. As community and human service providers adopt new technologies for client and donor management, this can multiply the amount of data under control of organizations and their vendors. This can pose serious new risks to privacy and security which may not be well understood: 1. Unauthorized use of client data can cause irreparable harm to clients, including reputational damage, trauma, exposure to identity theft and fraud. 2. If donor data is compromised, it can also result in a loss of donor confidence. 3. The reputation of the organization and the community and human service sector as a whole can be undermined as data breaches and other harms accumulate. 4. Further harm to more vulnerable populations, including Indigenous and racialized communities, who have been disproportionately impacted by data harm.

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.