Federal Science DataHub privacy and security

The Federal Science DataHub (FSDH) is hosted in Azure Enterprise Cloud. The Azure enterprise solution is designed specifically for use within the GC and is designed to meet Canadian Centre for Cyber Security ITSG-33 specifications.

Continuous security

Recognizing the role of communication in maintaining security, Shared Services Canada (SSC):

• simplifies language so non-specialist staff can participate
• requires users to read through the terms and conditions when signing up and accept the terms and conditions at each sign-in
• reduces paperwork to focus on useful and specific documents

SSC employs automation and metrics to streamline security operations. Furthermore, SSC has embedded security specialists within the FSDH team, treating security priorities as design constraints. SSC employs a precise combination of security policies, practices and products for the FSDH, the combination of which is referred to as security controls.

To identify the necessary controls, the following factors were taken into consideration:

• confidentiality: preventing unauthorized access to information
• integrity: preventing changes to or removal of information
• availability: maintaining operations during events such as power outages or natural disasters

The FSDH security profile is built per Canadian Centre for Cyber Security ITSG-33 specifications and is compliant with the Unclassified, Low Integrity, Low Availability security level.

With the use of these controls and other safeguards, the remaining or residual risk of operating the FSDH is acceptable. In 2025, SSC granted the FSDH authority to operate.

Personal information

Only personal information strictly necessary for the creation and operation of an FSDH workspace will be retained for the duration of the workspace. After a workspace has been deleted, only non-identifying data will be retained for statistical purposes.

SSC disposes of personal information following Appendix E: Standard on Privacy in Web Analytics of the Directive on Privacy Practices. SSC will never give the information to another service provider, whether public or private.

Protecting accounts

The FSDH uses multi-factor authentication to allow GC users to complete the login process.

If SSC suspects an account or workspace is compromised, it immediately initiates the SSC security incident and event management process. This can include disabling accounts and isolating FSDH resources.

Protecting information

The FSDH controls access to information in the cloud. Unauthorized access is prevented and detected using automated practices called guardrails.

SSC restricts staff access to information based on role and regularly audits access and permissions, including safeguards to onboard and offboard FSDH staff.

Furthermore, SSC monitors the FSDH to record activity and receive alerts about suspicious occurrences.

Managing risks

The enterprise cloud team uses an architecture with centralized monitoring of all audit logs created within the enterprise cloud environment. It collects telemetry data from various sources, analyzes this data to provide insights, and enables users to take proactive actions to optimize performance, identify security issues and troubleshoot problems effectively.

A network monitoring service is also employed on the FSDH platform. It provides a set of tools and capabilities to help SSC monitor and troubleshoot network connectivity, security and performance issues. It enables users to monitor and gain insights into the performance and usage of applications in real-time.

Privacy rights

Users have the right to access and review their personal information. Contact SSC at DataSolutions-Solutiondedonnees@ssc-spc.gc.ca to check or update any information entered in the FSDH.