Managing government information when working remotely
On this page
Managing information of business value
Managing information effectively not only ensures that it can be used to support decision-making and improve services to Canadians, but also ensures that Canadians’ right to access government information is upheld and that their personal information is protected.
Employees are required to document decisions and activities of business value. Information of business value is material, regardless of medium or form, that is created or acquired because it:
- enables and documents decision-making in support of programs, services and ongoing operations, or
- supports departmental reporting, performance and accountability requirements.
- examples could include, but are not limited to:
- briefing notes
- records of decision
- meeting minutes
- plans and reports
- instant messages
- video recordings
Tips on managing information of business value when working remotely
- Regardless of the method used to communicate, generate or share information, record the information of business value (for example, in a Word document), and then save it on your approved device.
- When using videoconferencing or teleconferencing services to conduct virtual meetings, remember to capture and preserve meeting minutes and records of decision.
- When you are able to connect to your department’s network, upload this information as soon as possible to your department’s corporate repository, e.g., GCdocs, RDIMS, etc. (See Policy on Service and Digital).
- Consider releasing unclassified information on the open government portal (on open.canada.ca) via your departmental open government coordinator.
Ensuring the security and proper handling of sensitive information
Employees are responsible for appropriately ensuring the security of sensitive information and should:
- pay attention to security markings, typically found at the beginning of an email or top-right corner of a document
- if you are the information originator, it is your responsibility to apply a security marking that reflects the information’s sensitivity/business value correctly.
- refer to the Directive on Security Management (E.2) and Standard on Security Categorization (J.2).
- if you are an information user, it is your responsibility to correctly store, transmit, use, and protect the information according to its security marking
Manage and secure information based on its sensitivity
Non-sensitive information: Unclassified
“Unclassified” or a lack of security marking denotes non-sensitive information. This is information that, if released to the public, carries no injury to personal, industry, or government interests.
- you don’t need to do anything special to protect this information
- you can use your personal device (for example, home printer) or public cloud services (for example, Google Drive, videoconferencing, etc.) to work with this information
Low- to medium-sensitivity: Protected A, Protected B
“Protected A” and “Protected B” indicate information that is sensitive. This could include personal (for example, Human Resources records), industry (for example, trade secrets held in trust), or government sensitivities (for example, Treasury Board Submissions).
- Protected A and Protected B information can be accessed using approved devices issued by your department (for example, GC-owned laptop, tablet, or smartphone)
- when working remotely, you should not connect personal devices (for example, USB drive, printer, etc.) to your Government-issued device
- when transmitting Protected A and Protected B information, use Government-approved services
- store Protected A and Protected B information in your department’s official repository (for example, GCdocs) when you can connect to your department’s network, and transmit it using your department’s email service
“Protected B” information requires extra precautions:
- encrypt emails when sending outside your department (that is, with your “myKey” or Entrust) or use the “BBM Enterprise” app on your Government-issued smartphone
- when transporting sensitive documents between your office and home, seal them in an envelope addressed to your office
- do not apply security markings to the envelope to keep it discreet
- if available, use a lockable secure briefcase issued by your department
- store sensitive documents at home as securely as possible but separate from your personal and family files
- if you have a secure briefcase issued by your department, keep documents locked in it and stored discretely
- destroy sensitive documents at the office using an approved shredder
Highest sensitivity: Protected C, Confidential, Secret, and Top Secret
“Protected C”, “Confidential”, “Secret”, and “Top Secret” indicate very sensitive information. This could include information whose compromise could lead to loss of life, serious impediment to the economy, or disruption of critical infrastructure.
Consult your department or agency’s security office regarding possible options if there is a need to work on this information at home.
For further guidance on how to manage information effectively while working remotely:
- contact your department’s office of the Chief Information Officer or your Information Management team
- contact your department’s Security office for further guidance or if you suspect a security incident
- review the guidance on using the network
- refer to the Canadian Centre for Cyber Security’s Telework Security Issues publication for additional information on risks and safeguards
Departments remain responsible for ensuring compliance with the requirements established in a number of relevant policies and related instruments, including:
Report a problem or mistake on this page
- Date modified: