Receiving Organizations must comply with specific terms and conditions, and are provided with best practices to protect confidential information.
For additional guidance, Receiving Organizations can contact their Statistics Canada representative or consult the frequently asked questions.
Templates for complying with certain reporting obligations are also made available to receiving organizations.
Table of contents
- Obligations and duties
- Best practices
- Frequently asked questions
- Data Custodian templates
- For more information
Obligations and duties
Section 12 of the Statistics Act outlines the provisions under which Statistics Canada can enter into agreements for the sharing of information with federal and provincial departments and governments, as well as with municipal and other corporations.
Receiving organization – Roles
There are four key roles within the Receiving Organizations:
- Signatory: The Deputy Minister, CEO, or equivalent, or delegate, who signs the data-sharing agreement and agrees on behalf of the organization to comply with the agreement
- Official: The responsible manager or senior executive of the organization, delegated by the Signatory to manage the data-sharing agreement and ensure ongoing compliance with its terms and conditions
- Data Custodian: The person designated by the Official to receive the share files from Statistics Canada and who has the operational responsibility within the Receiving Organization for the security of the information received
- Authorized Users: Employees and contractors given permission to access the information on a need-to-know basis.
In large organizations, these roles would typically be assigned to different persons. In smaller organizations, a single individual may assume more than one of these roles, in which case Statistics Canada should be informed.
Official – Obligations
The Receiving Organization Official ensures ongoing compliance by their organization with the data-sharing agreement.
Confidentiality of the information
- protect the confidentiality of the information
- release or publish only data that do not directly or indirectly identify a person, business or organization
- do not release any data that Statistics Canada has kept confidential
- take any and all steps necessary to protect the information in accordance with the security requirements set out by Statistics Canada
- consult with Statistics Canada prior to publishing or sharing results if there are any concerns with confidentiality
- notify Statistics Canada without delay in the event a request is received under access to information, freedom of information or privacy legislation
- do not use the information as evidence in court or in a tribunal; either by giving oral testimony or producing it
- notify Statistics Canada without delay in the event a court or tribunal orders the disclosure of the information
Use of the information
- use the information for statistical and research purposes only
- do not use the information for administrative or regulatory purposes or in any decision-making process that affects an individual person, business or organization
- do not match the information that is shared without identifiers to any other records or data files for any reason, including to identify a person
Access to the information
- designate one employee as the Data Custodian of the information, who is responsible for controlling access
- ensure the Data Custodian fulfils their duties
- ensure no disclosure of the information to any other organization, except as specifically authorized in the agreement with Statistics Canada
Notification of breach
- notify Statistics Canada in writing immediately upon becoming aware of any breach of the provisions of the agreement
- contain the breach and inform Statistics Canada of the mitigation measures taken
- notify Statistics Canada in writing immediately upon becoming aware of any breach by a provincial/territorial or university research institute or organization under contract with the Receiving Organization.
- ensure that Statistics Canada receives the notification within two (2) business days of it being sent
- document the governance, procedures, roles and responsibilities related to the agreement to help ensure that its terms are consistently met
Inspections, reviews and audits
- submit to Statistics Canada the confidentiality documents, register of data files and data-access register outlined in the Data custodians' duties within ten (10) business days of a request made by Statistics Canada, in order for Statistics Canada to assess compliance with the agreement
- upon request by Statistics Canada, prepare and send a report indicating any changes to the individuals occupying the positions of:
- the signatory of the Agreement;
- the Official; and
- the Data Custodian.
- upon request by Statistics Canada, provide a self-assessment, a site inspection, a review and/or an audit according to the provisions of the agreement, in order to review compliance with the terms set out in the agreement
- ensure that the terms and conditions of the agreement respecting the use, confidentiality, protection and security of the information, as well as Statistics Canada's right to require an assessment, are included in all agreements and arrangements the Receiving Organization enters into, under the terms of which any other organization is granted access to the information in accordance with the agreement.
Return or destruction of the information
- upon termination or expiry of the agreement, and within the period agreed to in writing, return to Statistics Canada all information, with no copy or portion retained, or
- request Statistics Canada's approval to destroy all information in accordance with the security requirements set out in your agreement and provide a written confirmation of destruction to Statistics Canada within ten (10) business days after the destruction
Data custodian – Duties
The Data Custodian is designated by the Receiving Organization Official and will implement the following requirements:
- prepare a confidentiality document for the use of the Receiving Organization's employees and contractors, outlining the terms and conditions governing the use of the information, as well as the procedures to send, receive, handle and store the information. The confidentiality document will enumerate the following requirements of the agreement:
- Confidentiality of the information
- Use of the information
- Access to the information
- Security Requirements
- Statistical and Research Purposes
The Data Custodian can use the Statistics Canada Confidentiality document template or prepare its own for use by their organization.
Register of data
- acknowledge receipt of each data file received from Statistics Canada pursuant to the agreement, and maintain a register of all such files, containing the following information:
- Date received
- File name and reference period (or other information to distinguish different files from the same survey)
- Employee who received the file from Statistics Canada
- Employee at Statistics Canada who sent the file
- Employee responsible for safekeeping of the file
- Date the file was destroyed or returned to Statistics Canada (if applicable)
The Data Custodian can use the Statistics Canada Data File Reception Register template or prepare its own for use by their organization.
Register of access
- maintain a register of all persons who have been granted access to the data files received from Statistics Canada by the Receiving Organization, containing the following information:
- File name and reference period (or other information to distinguish different files from the same survey);
- Name of employee or contractor to whom access is given;
- Justification for access;
- Name of delegated manager who authorized access and date of authorization; and
- Start and end dates of period for which access is authorized.
The Data Custodian can use the Statistics Canada Data File Access template or prepare its own for use by their organization.
- give employees access to the information only as needed for work-related duties
- prior to granting access, ensure that:
- every employee and contractor who accesses the information has agreed in writing to comply with the terms of the agreement by signing an acknowledgment that they have read, understood and agree to comply with the terms and conditions of the agreement as highlighted in the Confidentiality Document
Notification of breach
- immediately report all possible information or security breaches to the Receiving Organization Official
Authorized Users are employees of the Receiving Organization (including contractors) to whom the Data Custodian has given permission to access the information on a need-to-know basis.
- sign an acknowledgment that they will comply with the provisions outlined in the Confidentiality Document as provided by the Data Custodian
- comply with the terms of the agreement entered with Statistics Canada
- use the information only as required for the performance of work-related duties and only for statistical and research purposes
More information as to who can have access to data files received from Statistics Canada and under what conditions, can be found under Authorized Users Conditions for Access.
The Receiving Organization's Official must ensure that adequate protection is in place to provide for the security of the data received from Statistics Canada. The security requirements described below are the latest minimum requirements that must be met by Receiving Organizations.
- Data are accessed within a secure location that allows unescorted access only to employees and contractors of the Receiving Organization. All visitors to the secure location are escorted by an Authorized User at all times. The secure location is within a series of buildings, one entire building, an entire floor within a building, or a single room. Once the perimeter of the secure location is defined, these requirements apply to all areas within the perimeter. Where a series of buildings is involved, a secure perimeter is defined for each building.
- Access to the information is limited to Authorized Users. The duties of the Data Custodian include maintaining an auditable trail on access to the information by Authorized Users.
- Escorted visitors may access the secure area. However, under no circumstances are visitors permitted to access the information.
IT storage and transmission
- All systems with access to the information employ Logical Access Controls at the device and network level.
- Where the information is held on transportable media , complex passwords with encryption are used. The encryption level must meet the latest Communications Security Establishment standards. This applies equally to backups of the information stored on transportable media.
- The information cannot be electronically transmitted, except as described in points 7 and 8. Electronic transmission includes, without being limited to, transmittal of the information by facsimile or by e-mail.
- Servers storing and transmitting unencrypted data, where used, are located in a secure, controlled-access area, preferably in the same area where the information is accessed. If located in a separate area, controls are in place to ensure that only Authorized Users can access the server. Unless the information is encrypted continuously while outside the secure area, a conduit is used for all cabling and all cross-connect areas are physically secured.
- Network firewalls and access rules are in place to prevent access to the information, other than to Authorized Users. Information may be stored on and transmitted over networks not meeting these requirements, provided that it is encrypted, except when at rest and in use by an Authorized User. Alternatively, the information may be stored on a stand-alone computer in a secure area with no external connections, or on a closed network within the secure area. When the network transmits information that leaves a secure area (for example, when a series of buildings house employees within a single organization), the information is encrypted whenever it is outside the secure area.
- When not in use, transportable media containing the Information is stored in secure containers. This applies equally to backups of the information.
- The information is not removed from the secure area (as described in point 1, above) in any format (e.g., printouts, transportable media, etc.), except in accordance with the provisions of the agreement, and as described in points 7 and 8.
- When not in use, printed documents containing the information are always stored in secure containers.
Information copying and retention & record management
- Copies and extracts of the information may only be made for the purposes of carrying out work as covered by the agreement. When no longer needed, any such copies or extracts are destroyed in a secure manner (as per points 13 and 14).
- Paper documents containing the information are destroyed (shredded) in a secure manner before disposal. Any destruction occurs within the secure area.
- All electronic storage media used in the processing of the information, including all back-up, transportable media, photocopiers and other electronic media where the information has been electronically stored are sanitized or destroyed, in accordance with the latest Communications Security Establishment standards for "protected B" information when disposing of such media, or when return or destruction of the information is required pursuant to provisions of the agreement. Any destruction occurs within the secure area.
- The Receiving Organization's Data Custodian establishes and maintains an inventory of all data files received from Statistics Canada, as stated under "Data Custodian – Duties".
- These security requirements are communicated to all Authorized Users prior to them accessing the information and are available for reference, as required.
Receiving Organizations must refer to the requirements stipulated in their agreement.
Authorized Users – Conditions for access
The Data Custodian may grant access to the information to employees of their organization, to researchers working under contract, and to recognized provincial/territorial or university research institutes or organizations on a need-to-know basis, as well as to information management and information technology (IM-IT) services.
Terms and conditions
Employees of the Receiving Organization can be granted access provided this is required for the performance of work-related duties. Such employees must comply with the terms of the agreement and must sign an acknowledgment that they will comply with the confidentiality provisions.
Researchers working under contract can be granted access provided that:
- the researcher is working under contract directly for the Receiving Organization to provide a survey-related product or service for the sole benefit and mandate of the Receiving Organization
- the Receiving Organization removes identifiers from all information the researcher will access
- the Receiving Organization ensures that the researcher complies with the terms of the agreement
- access is on the premises of the Receiving Organization where required security measures are in place to protect the confidentiality of the information
Recognized provincial/territorial or university research institute or organization can be granted access provided that:
- the institute or organization is exclusively Canadian-owned/controlled and operates exclusively on Canadian territory
- the Receiving Organization removes identifiers from all information the researcher will access
- the Receiving Organization informs Statistics Canada prior to entering into a contract with the institute or organization
- the institute or organization is working under contract directly for the Receiving Organization to provide a survey-related product or service for the sole benefit and mandate of the Receiving Organization
- access is on the premises of the Receiving Organization unless a written contract is in place for the institute or organization to:
- comply with the terms of the agreement
- ensure that the information remains located in and accessible solely from Canada at all times, and that required security measures are in place to protect the confidentiality of the information
- assist in the review or audit of compliance by granting access to the Receiving Organization, or to the auditor of the Receiving Organization's choice, to their premises and records during regular business hours, and that the results of the audit will be provided to Statistics Canada
- immediately inform the Receiving Organization of any unauthorized use of, access to, or disclosure, loss or theft of the information.
- return the information to the Receiving Organization or to destroy the information in a secure manner once the information is no longer required, or when the Receiving Organization is required to return or destroy the information, whichever comes first
Information Management and Information Technology Services can be granted access provided that:
- it is solely for information management or information technology support purposes
- the employees are from other departments of specific provincial/territorial governments
- if the service provider is not a government department mandated by law to provide the IM or IT service
- the service provider is exclusively Canadian-owned/controlled and operates exclusively on Canadian territory
- the Receiving Organization enters into a contract with the service provider in which the service provider undertakes to abide by the terms of the agreement
- the information remains located in and accessible solely from Canada
- the same security measures as those set out in the agreement are in place to protect the confidentiality of the information
- the service provider will immediately inform the Receiving Organization of any unauthorized use of, access to, or disclosure, loss or theft of the information.
- the service provider will return the information to the Receiving Organization or destroy the information in a secure manner, as described in the agreement, once the information is no longer required, or when the Receiving Organization is required to return or destroy the information, whichever comes first.
Receiving Organizations must refer to the terms and conditions stipulated in their agreement prior to granting access to the information.
Officials, Data Custodians and Authorized Users have a duty to safeguard Statistics Canada confidential data files, in accordance with Statistics Canada's commitment to protect its respondents' information.
- Store Statistics Canada data files in secure folders with restricted access.
- Remove all identifiers and keep them in a separate file.
- Lock up all Statistics Canada data files at the end of each working day.
- Ensure employees have secure containers to store printed materials (ex. filing cabinet with lock).
- Lock your workstation whenever you walk away from it.
- Use encrypted laptop computers.
- Secure your laptop and devices when not in use.
- Do not share passwords or let others use your account.
- Update your passwords regularly and always use a combination of upper- and lower-case numbers and symbols.
- Before accessing information, make sure you or the person requesting it have a need to know and have signed the Confidentiality Document provided by the Data Custodian.
- Never take Statistics Canada data files out of the workplace.
- Do not store Statistics Canada information on personal devices.
- Do not send Statistics Canada data files by email. Use links to folders accessible only to Authorized Users.
- Destroy printed materials containing protected information through secure methods such as shredders. Do not put these printed materials in recycle bins.
- Keep Statistics Canada data separate from any information used in a decision-making process about any one individual, business or organization.
- Immediately report all possible breaches of security.
- Promote security as a priority and raise confidentiality awareness.
- Conduct periodic security checks.
- Address questions to the Data Custodian or Official who may contact Statistics Canada as needed.
Who is the Official of the Receiving Organization?
The Official is the Receiving Organization's representative, as identified in the agreement, responsible for ensuring the ongoing compliance with the terms and conditions of the agreement.
Who is the Data Custodian?
The Data Custodian is an employee of the Receiving Organization, who is designated by the Receiving Organization's Official, as required in the agreement, to assume responsibilities with regard to the confidentiality of and access to the information, and to the maintaining of registers of files received, as set out in the agreement.
Refer to Data Custodian Duties.
Who are Authorized Users?
Authorized Users are members of the staff, including contractors, of the Receiving Organization, whose current work-related responsibilities require access to the Statistics Canada data files, for statistical and research purposes only.
Why are agreements signed by the head of the organization – can it be delegated?
The signatory for Statistics Canada is the Chief Statistician of Canada. This is a legal requirement of the Statistics Act and cannot be delegated.
The signatory for the Receiving Organization is the equivalent of the Chief Statistician, such as the CEO, President or other similar level. Any exception to this equivalent level signatory of the Receiving Organization requires the approval of the Chief Statistician.
Both signatures must be witnessed by someone who signs to attest to having witnessed the signature. There is no restriction on who can witness the signatures, although for Statistics Canada it is usually the Chief of Staff.
Why does Statistics Canada not accept changes to the agreement terms?
The terms and conditions of Statistics Canada data sharing agreements have been reviewed by Government of Canada legal counsel to ensure compliance with the Statistics Act provisions for the sharing and protection of confidential data, and they have been approved by the Chief Statistician of Canada.
These set terms and conditions ensure consistency for all organizations receiving confidential data from Statistics Canada.
Why do the new agreements have a 6-year term?
New agreements have a life-span of 6 years to ensure continued knowledge of the agreement and its contents, and continued respect of terms and conditions.
Before the expiry of the agreement, the Receiving Organization may find that its need for the information continues and request to renew for a further 6 years.
Fixed 6-year agreement terms also afford the opportunity to identify new data needs.
Either party may opt for an early termination.
Access and use of the data
Who can have access to data files received from Statistics Canada and under what conditions?
Any employee of the Receiving Organization who has a need-to-know related to their duties may have access to the data for use for statistical purposes. All employees must sign a Confidentiality Document in which they agree to abide by the terms and conditions for protection, access and use of the information.
Under specific terms and conditions, the Data Custodian may also grant access to the information to researchers and recognized provincial/territorial or university research institutes or organizations on a contractual basis, for statistical purposes, as well as to information management and information technology (IM-IT) services, for IM-IT support purposes.
What is work for statistical and research purposes?
Data received from Statistics Canada under a data-sharing agreement can only be used for statistical and research purposes.
Work for statistical and research purposes can be described in four phases.
- Production of statistical outputs: Using information and implementing detailed specifications to produce statistical outputs such as data tabulations or regression coefficients.
- Statistical analysis to determine whether outputs are appropriate for use: Determining whether, from a statistical point of view, the statistical output is appropriate for its intended uses.
- Determination of confidentiality of statistical output: Determining whether the statistical output can, alone or in conjunction with Statistics Canada publications and/or other publicly available sources, identify or disclose Information about a person. Statistical outputs are categorized as being confidential or non-confidential.
- Use of statistical outputs: Any statistical outputs identified as being confidential cannot be released or used for administrative or regulatory purposes. There are no restrictions on the use of non-confidential statistical outputs. This includes their use for policy development and evaluation, as well as for monitoring or regulatory purposes. Non-confidential statistical outputs may be published or distributed by the Receiving Organization.
Receiving Organizations can consult Statistics Canada to ensure that no confidential information will be released or used for administrative or regulatory purposes.
What are administrative or regulatory purposes?
Data received from Statistics Canada under a data-sharing agreement cannot be used for administrative or regulatory purposes.
Administrative or regulatory purpose is the use of all forms of information about a person, business or organization in a decision-making process that directly affects that person, business or organization. This includes but is not limited to all uses of information for confirming identity (i.e., authentication and verification purposes), for determining eligibility of a person for programs, and for prosecution and penalty assessment. Receiving Organizations are not permitted to use the information for administrative of regulatory purposes. They cannot contact a person to address any issue identified on the basis of the information provided under the agreement. This includes contact to benefit a person, such as alerting a person to benefits or programs to which they could apply, or contact to conduct enforcement against a person, such as initiating an audit or removing benefits from a person based on the information.
Can the information be shared with other organizations as part of a mutual project or initiative?
The Receiving Organization may provide access to the information received from Statistics Canada to another organization, provided that:
- each has entered into a data-sharing agreement with Statistics Canada for the same survey and the same survey reference years as specified in the agreement, and the agreement is still in force;
- the information contains no survey responses from respondents who objected to data sharing with the other organization; and
- the other organization meets the same legal and contractual requirements as the Receiving Organization.
Data and confidentiality
What is the Confidentiality Document?
The Confidentiality Document, prepared by the Data Custodian for use by the Authorized Users, outlines the terms and conditions governing the use of the information received from Statistics Canada, as well as the procedures to send, receive, handle and store the information. All Authorized Users must sign the Confidentiality Document before accessing the information.
What data can be shared under a data-sharing agreement?
Only the data and paradata from the surveys listed in the agreement, for the specified reference period, can be shared with the Receiving Organization. As per the provisions of the Statistics Act, respondents must have been notified of the sharing of their information and must have been given the opportunity to object. The implication of this legal requirement is that the Receiving Organization might not receive all the information collected by Statistics Canada for the survey in question.
Can historical data be provided under a data-sharing agreement?
Historical-data cannot be provided if the survey respondents to those surveys were not notified of the data-sharing and provided with the opportunity to object to the sharing of their information. Statistics Canada can only share the data and paradata from the surveys listed in the agreement, for the specified reference period, and cannot share the data of respondents who objected to the sharing of their information.
What is administrative data and can it be shared?
Administrative data consists of all forms of information contained in any documents or records that are maintained in any government department or in any municipal office, corporation, business or organization, which are provided to Statistics Canada in respect to its mandate pursuant to the Statistics Act. Administrative data may be shared with Receiving Organizations only where the Chief Statistician and the original collector have authorized such disclosure, in accordance with the Statistics Act.
What is Paradata?
Paradata is information related to the survey data collection or production process that is linked to a respondent, including but not limited to whether a person, business or organization has been selected into a sample, the sample weight assigned to each, whether they have responded, and whether they have consented or objected to data sharing or record linkage. Paradata is provided only for respondents who did not object to the sharing of their information.
What are survey responses?
Survey responses are the individual answers to a survey provided by each respondent, with or without identifiers, as well as imputed responses that are not derived from other surveys or confidential administrative data sources. Identifiers are shared if they are required in order to meet the statistical objectives of the Receiving Organization.
What is an identifier?
An identifier is a person's name, address, telephone number or other direct means of identifying that person.
What are the security requirements required of the Receiving Organization?
Statistics Canada is required to protect information in accordance with the Federal Policy on Government Security. As such, Statistics Canada ensures that physical measures in accordance with the Royal Canadian Mounted Police specifications and that IT measures in accordance with the Communications Security Establishment Canada specifications are respected.
The Receiving Organization must provide similar protection of Statistics Canada data files, and must meet minimum security requirements.
What is the Electronic File Transfer Service (EFTS)?
This service allows Statistics Canada to exchange electronic files with Receiving Organizations via a secure Internet connection. The system itself is secure as there is an encryption of the information within EFTS. When Statistics Canada transfers files to Receiving Organization, an extra layer of encryption is added (i.e., double encryption) to ensure that only the Data Custodian can open and access the files shared under their agreement.
What are Logical Access Controls?
As part of its minimum security requirements, Statistics Canada requires that Logical Access Controls be used to enforce proper identification, authentication and accountability with respect to access to a computer system. Logical Access Controls include:
- individual user accounts;
- complex passwords (eight (8) characters minimum, lower and upper case, numbers, special characters);
- access-based on role (privileged vs. non-privileged); and
What are systems?
Systems are single IT-related devices, a component of such a devices or a group of IT-related devices that may be used to receive, store, process or transmit information. This includes, but is not limited to, personal computers, servers, laptops, tablets, smart phones, virtual computers and cloud based virtual systems. All systems with access to the information will employ Logical Access Controls at the device and network level.
What is transportable media?
Transportable media is all types of transportable storage media on which data can be saved, including, but not limited to, laptops, CD-ROMs, flash memory sticks, backup media and removable hard disks. Where information is held on transportable media, complex passwords with encryption must be used, and the encryption level must meet the latest Communications Security Establishment standards.