Data Governance – Responsible Governance of Employee Data
Scope:
The proposed National Standard aims to specify minimum requirements for how employers collect, use, store, disclose, and dispose of employee-related data. This includes information about remuneration and benefits; records of web browsing, audio or video recordings, email, and other forms of communications; and employee data acquired or created by or on behalf of employers through platforms, devices, technologies, and vehicles used by employees. In this Standard, the term “employees” includes current, prospective, and former employees (full-time and part-time workers), contractors, and volunteers. The industry-agnostic Standard addresses data governance considerations with the aim of strengthening trust between employers and employees by ensuring employer openness and clarity about how, why, and when employee data is collected or used, and to whom it is disclosed. The Standard will also consider data that is analyzed by humans and processed by digital machines, as well as the concept and validity of employee consent. Data governance considerations include data collection; data use and reuse; data classification; data disclosure; data minimization; data retention and destruction; data security; data integrity; and data privacy.
Project need:
Various provincial and federal laws and regulations address aspects of employers’ privacy obligations, with certain industries and organizations subject to specific limits, requirements, or obligations. Apart from privacy obligations, however, no clear and consistent standard exists to address overall data governance. Clearly articulated requirements and guidance are necessary to create a governance framework for employee data that is comprehensive, attainable, and relevant to all jurisdictions and sectors, thereby ensuring consistent expectations and application. In addition, remote working and the proliferation of technological monitoring tools have increased concern about data security and exfiltration, and whether, under what circumstances, and with what limits employers should be allowed to track, monitor, or acquire information (directly or indirectly) about their employees’ physical locations, digital communications, and online activity. This Standard will operate as reasonable industry guidance for both employers and employees to have a consistent understanding of appropriate and inappropriate data collection, use, and management practices, and is applicable to and consistent with privacy laws in all Canadian jurisdictions.
Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.
Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.