Data governance – Part 2: Third-party access to data
Scope:
Note: The ICS code of this Notice of Intent (originally published on February 6, 2024) was updated by the responsible SDO on September 10, 2024.
This Standard specifies minimum requirements for granting and controlling third-party access to data. This Standard applies to all organizations, including public and private companies, government entities, and not-for-profit organizations.
Project need:
Organizations are increasingly receiving data inputs from multiple sources and using many software and cloud storage platforms that need access to their data. This increases their exposure to the growing threat of supply chain attacks that target enterprise technology companies whose systems are used by hundreds of other organizations. With large amounts of information being exchanged, the risk of accidental privacy breaches also grows. There is a need to continue strengthening the robustness of requirements related to privacy controls for third-party access to data.
Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.
Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.