×

Warning message

The installed version of the browser you are using is outdated and no longer supported by Konveio. Please upgrade your browser to the latest release.

CAN/DGSI 100-8, Data Governance - Part 8: Framework for Geo-Residency and Sovereignty

Technical Committee Review

This Standard specifies the minimum requirements for Organizations to protect data assets in their custody from jurisdictional risks while taking advantage of the global technology ecosystem.

The Standard is not intended to prescribe how an Organization should implement specific security controls. Instead, the standard will guide Organizations using jurisdictional and technology-agnostic approaches that can be adapted to address specific business requirements.

Considerations are given to:
• Identification and categorization of data assets;
• Development of an appropriate threat model;
• Identification of potential risks, including from laws in foreign jurisdictions;
• Options to mitigate associated risks; and
• Adherence to data sovereignty due diligence and transfer requirements under applicable law and regulations

This Standard applies to all sectors, including public and private companies, government entities, and not-for-profit Organizations.

This Standard assumes that the Organization implementing the following requirements has existing risk management policies and procedures.

Note: For those applying the standard, the law shall prevail in the event of a potential inconsistency or ambiguity between this Standard and applicable data privacy legislation. Where personally identifiable information (PII) is used in the standard, local jurisdictional, legal and/or regulatory definitions shall apply. 

DATE POSTED: September 5th, 2024

DEADLINE FOR COMMENTS: October 18, 2024

Read Draft 

 
File name:

-

File size:

-

Title:

-

Author:

-

Subject:

-

Keywords:

-

Creation Date:

-

Modification Date:

-

Creator:

-

PDF Producer:

-

PDF Version:

-

Page Count:

-

Page Size:

-

Fast Web View:

-
Choose an option Alt text (alternative text) helps when people can’t see the image or when it doesn’t load.
Aim for 1-2 sentences that describe the subject, setting, or actions.
This is used for ornamental images, like borders or watermarks.
Preparing document for printing…
0%
Comment Drag

Click anywhere in the document to add a comment. Select a bubble to view comments.
Document is loading Loading Glossary…
Powered by Konveio
View all

Comments

Close

Add comment

Jennifer Oct 2 2024 at 10:43AM on page 11

Editorial
Suggest adding 'personal health information' as a special category separate from other personal information, as most jurisdictions treat this as a a distinct and specially protected category of sensitive data.
replies

Steven Sep 26 2024 at 10:52AM on page 1

Editorial
Subject area and standard remains valuable. I have several clients dealing with this subject area today. Not aware of major updates to Canadian regulation or policies that need to be considered to adjust this standard. Others might be aware and should please consider making recommended edits/ updates to this standard.
replies
View all