CIO Strategy Council Advances National Standards for Responsible Data Sharing

OTTAWA, February 16, 2021 — Organizations have compelling reasons to share data, from improving operational efficiencies and reducing costs to generating new insights and sharpening decision-making. Failure to adhere to responsible data protection and sharing practices, however, can damage the company’s reputation and threaten its viability.

In response, the CIO Strategy Council’s Standards Policy Committee recently approved the development of three new Parts to a series of national standards concerning data governance. It tasked the Council’s Technical Committee on Data Governance to begin its work on developing these new Parts. The new Parts in development include:

1. Data Governance – Part 7: Operating model for responsible data stewardship (CAN/CIOSC 100-7) aims to specify minimum requirements for the architecture and governance of responsible data trusts, collaboratives, and cooperatives. It applies to the fiduciary stewardship, accountability, and management in the collection and exchange of data.
2. Data Governance – Part 8: Framework for Geo-Residency and Sovereignty (CAN/CIOSC 100-8) aims to specify the minimum requirements for organizations to protect data and assets that reside in foreign jurisdictions, while taking advantage of global technology ecosystems.
3. Data Governance – Part 9: Zero Copy Integration (CAN/CIOSC 100-9) aims to specify implementation methods for zero copy integration, sharing, and exchange of data.

Interested parties are welcome to join the Council’s Technical Committee on Data Governance, comprised of 200+ thought leaders, policy makers, regulators, industry leaders, academics, and civil society representatives from coast-to-coast-to-coast.

Last year, the Technical Committee published national standards and specifications including:

1. Data governance – Part 1: Data protection of digital assets (CAN/CIOSC 100-1) specifies minimum requirements for the data protection of all digital assets at-rest, in-motion, and in-use across platforms (e.g., endpoints, mobile, cloud), facilitating secure sharing and collaboration across different IT systems within and between organizations.
2. Data governance – Part 2: Third party access to data (CAN/CIOSC 100-2) specifies minimum requirements and a set of privacy controls for third-party access to data. This Standard applies to all organizations, including public and private companies, government entities, and not-for-profit organizations.
3. Data governance – Part 4: Specification for Scalable Remote Access Infrastructure (CIOSC/PAS 100-4) provides a vendor-agnostic framework and set of characteristics which, when adopted, enable the secure and rapid scale-up of the infrastructure needed to support remote work requirements.