Guidance for Employees of the Government of Canada: Information Management Basics

The value of managing information

Introduction to the purpose and value of information management (IM), the related responsibilities, and key IM practices

• Part of our daily work
• Managing information: who is responsible?
• Key principles for managing information in all media

Managing information: in practice

Key basic practices and activities for managing government information, organized according to the stages of the information life cycle

• Plan for your information needs
• Create and collect information
• Organize your information
• Reuse and share information
• Maintain and protect information
• Transfer or destroy the right information at the right time

Managing information based on its value

The value of information and the related retention and disposition issues for employees

• Document your business activities and decisions
• Keep information only for as long as it is needed, then transfer or destroy it
• Penalties for unauthorized destruction

Managing digital information

How to manage, file and share digital information, along with tools that may be available within the department

• Managing information on shared drives
• Filing digital information
• What about email messages?
• A word about collaboration tools

Job change can affect information management practices

What an employee should know and do when arriving at or leaving a job

Where you can find more help

Other sources of information

• The experts
• Enquiries

This guidance has been designed to help all GC employees understand their roles and responsibilities in managing information effectively in support of section 4.3 of the Directive on Service and Digital.

As you come to appreciate your contribution to the management of government information, discuss with your manager any ideas or issues you may have. Then, as needed, consult any of the various IM specialists or experts who can help you learn about the practices and procedures that apply to your department.

This guidance is designed for all GC employees and is relevant to a wide variety of environments. Departments are encouraged to use this guidance as a base that can be added to and customized to reflect departmental policies, procedures, directives, guidelines, tools and best practices.

Notes

• For the purposes of this document, the term “Government of Canada employees” includes employees of federal departments as defined in Schedule 2 of the Financial Administration Act. The advice contained in this guidance, however, could be beneficial to employees of departments outside this definition.
• Use of the term “information” in this document follows the definition provided in Appendix A of the Policy on Service and Digital.

Part of our daily work

Employees have a duty to document their decisions and activities. Recognizing the value of information and managing it well is pivotal to our success, both as individuals and as an organization.

Every day, we create, collect, use and share information that provides evidence of our business activities. This information helps us make informed decisions that support our managers, our peers and our clients, and ultimately provide results for Canadians.

Information comes in many different published and unpublished forms and must be managed regardless of communications source, information format, production mode or recording medium. Information may be:

• textual, such as memos, reports, invoices and contracts
• digital, such as emails, databases, web pages and data
• communication media, such telephone conversations, instant messages, wikis, blogs and podcasts
• publications, such as reports, books and magazines
• films
• sound recordings
• photographs
• documentary art
• graphics
• maps
• artefacts

By properly managing information, we demonstrate that we understand our responsibility to both our colleagues and to Canadians and that we take this responsibility seriously.

But what does it mean to manage information properly?

This guide is designed to help you gain a basic understanding of information management (IM) concepts and show you how you can start applying them today. As these concepts begin to shape the way you work with information, you’ll quickly discover both immediate and long-term benefits.

Managing information: who is responsible?

We’re all responsible

Because we all create, collect, use and share information as part of our day-to-day work, we are all responsible for effectively managing information that is under our control.

As set out in the Policy on Service and Digital and related policy instruments, employees of the GC must do the following:

• document business activities and decisions
• comply with departmental IM policies, directives and standards, using approved tools, systems and procedures
• organize, file and store information within a corporate repository, ensuring easy access when needed to make decisions and to support program and service delivery
• share and reuse information to support collaboration and facilitate business operations, respecting all privacy, security and other legal and policy requirements
• protect sensitive information, providing or restricting its access in accordance with law, regulation and policy
• be informed of and apply retention periods for information
• protect and preserve information of business value that is critical to business resumption

Your IM specialists are available to help you with these responsibilities as needed.

For more information on identifying and recognizing information of business value, see Appendix E of the Guideline on Service and Digital.

Key principles for managing information in all media

The same principles apply to physical and digital information

Support your business by applying these principles to the way you manage information. These principles promote the efficient use of departmental resources, make information easier to find in the future, and ensure its protection and preservation – all in accordance with business, legal and policy requirements.

• Create or acquire information that supports programs, services and ongoing operations.
• Capture information of business value by saving it within a corporate repository.
• Avoid collecting duplicate information.
• Share and reuse information, respecting privacy, security, and other policy and legal restrictions.
• Ensure that information of business value is complete, accurate, current, relevant and understandable.
• Support information access and retrieval, respecting privacy, security, and other policy and legal requirements.
• Safeguard information of business value against unlawful access, loss and damage.
• Ensure that information of archival business value is properly preserved.

The following sections of this guidance offer simple and practical best practices for applying these principles to information regardless of format. These practices can help you to standardize the IM techniques you already use on a regular basis, thereby saving you time right now and in the future when you have a need to find and access information.

Throughout its life, information will need to be managed in different ways. The following is an overview of some of the practices recommended for you to apply to all information while it is in your care and control. While this guidance has been developed to be as complete as possible for a general audience, there may be additional practices and procedures in place at your department, so we encourage you to consult your manager and IM specialists as needed.

If you make a habit of applying these practices along with those specific to your department, you will see a difference in the way you work. The information you need will be at your fingertips, and it will be easy to share with your colleagues and managers. This alone can have a dramatic effect on the quality of your work life and the success of your department.

Plan for your information needs

Think about the information you and your colleagues will need to accomplish your objectives and to make sound decisions. For example, ask yourself questions such as the following:

• What type of information will I need to support my work requirements, and who will need to access it?
• Will I need published information (for example, books, magazines, databases, subscriptions and online resources)? Do they already exist elsewhere, and can I use these resources to reduce duplication and costs?
• What volume of information will I need to manage on a regular basis?
• Will any information require security categorization? If so, at what levels?
• If the information contains personal information, have privacy issues and protections for the personal information been addressed?

The answers to these questions can be used in developing a sound IM plan. Discuss these questions with your manager and then consult your IM specialists for further assistance.

For more information, see the section Where you can find more help.

Create and collect information

As you create and collect information, identify its value to your department and manage it accordingly, making sure that it’s accessible to those who need it. Some recommended practices are listed below:

• Whenever possible, use electronic systems to create, collect, use and manage information and data.
• Follow departmental naming conventions when identifying, filing and storing information.
• File or save information in a corporate repository (for example, an appropriate system for managing information and data).
• Do not forget to include email and instant messages of business value when saving information in the corporate repository. These should not be stored on your mobile device or in your email account, as these locations do not meet the requirements for sharing, using, safeguarding and storing information of business value.
• Preserve the integrity and value of information of business value by keeping the structure, context and content intact to facilitate future searching and use.
• Respect information security and privacy requirements. Where information collection involves personal information, respect the legislative authority for the collection and creation of personal information within the program or activity.
• Respect official languages policies and guidelines.

Structure, context and content

The following represent some key metadata elements:

• structure (format and links to other documents or attachments)
• context (information about the sender, recipient or recipients, security category and the time and date of creation)
• content (identified in the subject line)

These elements are often referred to as “profile fields” that help preserve the value of the information in any medium, provided the elements remain intact. Failing to complete these elements or removing or separating the associations of any one of these elements from information compromises its authenticity, usefulness and reliability.

Speak to your IM specialists to obtain more detailed advice on how you can put these practices to work in your own department.

Organize your information

It is recommended that you organize your information in a logical and systematic way so that it’s easy to find and share. Where possible, use standards, rules and procedures established or adopted by your department. For example:

• organize all information according to your department’s classification system or taxonomies
• organize all published material according to the classification system of your department’s library

Information that is well organized will help you to work better and supports your need to respond efficiently and effectively to requests regarding access to information, privacy and legal discovery. Classification systems are designed to manage information according to their business value, ensuring their proper retention and disposition. Additional safeguarding and storage requirements may apply to information to which a security category has been assigned.

For more information, see the section Manage information based on its value.

The system you use to manage the information you work with will depend on the standards and tools available in your department. Consult your IM specialists for more information or advice.

Reuse and share information

Once you have organized your information, you will be able to quickly find and reuse them to make work life easier for you and others. While using and sharing information, consider the following business rules:

• comply with privacy, security and legal restrictions
• whenever possible, use digital technologies to share information (business systems, email, shared drives, corporate repositories, websites and so on)
• ensure that information remains complete, accurate, current, relevant and understandable
• verify the accuracy and reliability of information, especially when conducting web-related research
• implement version control protocols when editing electronic documents
• take advantage of departmental investments in information (magazine and journal subscriptions, databases, content management systems, online library services, and so on), while respecting copyright, licensing and intellectual property rights
• when retaining information that has been copied, indicate the source (and locator information), whether it was already saved in a corporate repository or from a publication or website

Managing information appropriately as you work has many advantages. It saves you time and enables you to share information with others, reducing the duplication of effort and improving service delivery.

If you notice ways that these practices can help your department to be more effective, communicate them to your manager. As always, your IM specialists are available to provide you with the advice you need.

Maintain and protect information

While protecting information includes guarding against unauthorized access, disclosure or destruction, it also involves preserving the integrity and authenticity of the information. To protect information effectively, it is recommended that you do the following:

• Store all information in a manner that preserves its form and status, keeping its structure, context and content intact.
• Protect information against loss, damage, unauthorized access, alteration or destruction. Such protection includes informing contractors of their responsibility to protect information that has been entrusted to them.
• Mark information according to its proper security categorization, either on the physical document, on digital media and storage devices that contain sensitive information, or in the appropriate metadata field in the document profile. Avoid applying a label at a higher or lower security level than it needs and ensure that the time frame for protection of information is kept as short as possible.
• Protect classified and protected information by ensuring it is not left in waste or recycle containers and by storing it in secure physical storage devices in accordance with departmental security requirements.
• Avoid sending or storing any information above the security level for which your departmental network has been rated (normally Protected A or B).
• Avoid populating fields or subject lines with personal information or with words that imply the disclosure of personal details or legal or disciplinary actions against an individual unless this relates to your main line of business (that is, security).
• Implement effective access control procedures to ensure that classified and protected information is made available only on a need-to-know basis to those who are authorized to access it. A security clearance does not automatically provide someone the right to see all information categorized at that level.

By taking these steps, we not only ensure access to the most reliable information today; we also preserve the value of information for future generations of Canadians.

All government information requires some level of protection. There is a particular need, however, to properly mark and adequately protect and secure classified and protected information, in all media, as its compromise could bring injury to individuals or to the national interest.

If you notice areas that need improvement or if you think you need more help, speak to your manager. Then contact your IM specialists, your security specialists, or both to help you implement these practices.

For more information, refer to the Policy on Government Security and its related policy instruments. In addition, consult your department’s security manual to confirm the specific procedures that apply within your work environment, or contact your security specialists.

Transfer or destroy the right information at the right time

Not all information has the same value. While some will need to be kept long-term to support your department’s operational needs or to preserve information of archival value, other information can be disposed of when it has outlived its usefulness. Remember that no government information can be destroyed (or transferred) without a valid disposition authorization issued by Library and Archives Canada. Consult your IM specialists for more information about disposition authorizations.

To ensure that you are always working with relevant and reliable information, it is recommended that you do the following:

• regularly destroy transitory records as soon as they are no longer needed, complying with your department’s IM and security procedures
• cooperate with IM specialists to properly manage information of business value throughout its life cycle
• work with IM specialists to properly transfer digital or physical archival records through Library and Archives Canada regulations and disposition authorities

Applying these practices will make it much easier to quickly access the information you really need and will help reduce storage and maintenance costs. However, follow the guidelines of your department, the GC or both, as strict rules govern the disposal of government information.

For more information, see the section Manage information based on its value.

If you see the need to dispose of information in your area, speak to your manager and consult with the appropriate IM specialist (for example, the records or library IM specialist). For more information, see section Where you can find more help.

Generally, as you go about your normal business activities each day, you generate and collect physical and digital information. This information provides an important record of the actions you’ve taken, the decisions you’ve made, and the reasons for both, allowing for transparency and accountability.

Because of its value, it is vital that you ensure that such information exists for all of your business activities and decisions, whether it is generated naturally in the execution of a business process or specifically created to document that process. This requirement comes from sections 4.3.2 and 4.3.3 of the Directive on Service and Digital.

In order to ensure the ongoing value of information of business value, capture it along with any relevant metadata (for example, subject, author, transmittal data) to ensure that it is complete, authentic and reliable. Retain information of business value in accordance with departmental records management standards and procedures, and ensure that it is stored or profiled within a corporate repository, if available, and protected against damage and loss.

For more information, see the section Managing information: in practice. Your IM specialists can also provide extensive advice and support.

Document your business activities and decisions

The following are examples of the types of information that are of business value and that you might create, acquire or collect to document business functions and activities:

• transactions: orders, receipts, requests and confirmations
• interactions between clients, vendors and partners
• planning documents: budgets, forecasts, work plans, blueprints (technical or engineering designs) and information architecture schematics
• reports, policy, briefing notes, memoranda or other papers supporting business activities, including all significant versions (those that were circulated for comment or that contain comments related to the substance of the content and provide evidence of the document’s evolution), the final product and distribution information
• meeting documents: agendas, official minutes and records of decision
• records of contact with lobbyists (supports the Lobbying Act, which requires designated public office-holders to retain information about contact with lobbyists)
• committee documents: terms of reference and list of members
• form letters or templates used to collect responses, related instructions and completed responses in any format
• client records: applications, evaluations, emails and assessments
• records of discussions, deliberations or any situation related to any of the above that further documents the decisions made along with the logic used
• additional information for auditing and monitoring activities and programs

Keep information only for as long as it is needed, then transfer or destroy it

The value of information doesn’t only determine how it’s used and protected but also when and how you can dispose of it. Many factors, including laws, regulations and information policies, and business needs affect how long information should be kept and what its ultimate outcome will be. Information of archival value should be transferred to Library and Archives Canada. Still other information, such as transitory records, might be needed only for a very short time and can then be destroyed. You should consult with your manager and IM specialists to know if there are specific departmental retention or disposition schedules that should be followed.

Transitory records are information that is required for only a limited time to ensure the completion of a routine action or the preparation of a subsequent record. They do not include records required by government departments or ministers to:

• control, support or document the delivery of programs
• carry out operations
• make decisions
• account for activities of government

Examples of transitory information include the following:

• working drafts of no particular significance that were never formally circulated
• annotated drafts where annotations become part of a subsequent version and do not provide evidence of decisions related to the evolution of the final document
• a copy of a document kept for ease of reference or convenience only
• information that lacks logical or coherent organization and therefore does not have context
• data that has been used for an update process (including batch processing) and that is no longer needed to serve as backup or to support reconstruction of the master file or database
• casual communications such as invitations to lunch
• personal documents stored on your computer or in your work area

Library and Archives Canada authorizes the destruction of transitory records when they are no longer required for business purposes. However, you should consult with your manager and IM specialists to know if there are specific departmental rules in place that provide guidance for transitory records.

Caution!

Transitory records, like all other information under the care and control of the department, are subject to the Access to Information Act and the Privacy Act.

This means that when employees are tasked with an access to information (ATI) or personal information request, they must provide all records that are responsive to the request, whether the records are transitory in nature or considered information of business value. Once a request is received, transitory records that have not been disposed of and are responsive must be provided to the department’s Access to Information and Privacy (ATIP) office. This procedure highlights the importance of good IM practices, because once a request is received, responsive records cannot be deleted or disposed of, even if transitory in nature. If a record is responsive to a request, it must be provided regardless of its nature.

An exact and complete copy of information responsive to an ATI or personal information request is provided to the ATIP office for processing, and the information is retained according to the department’s retention schedule. This process does not, however, remove the IM requirements of the original records that remain with the office of primary interest that provides the records.

Once the ATIP office has received an exact and complete copy of all information responsive to an access request, the information may continue to be managed according to its normal life cycle. The same applies to information that has to be retained during any legal discovery process relating to the subject of the information.

Note: Your personal documents may not be under control of the department and may not be subject to the Access to Information Act, Privacy Act or legal discovery processes. (Examples of personal documents include records accumulated before assuming a federal government position; materials pertaining to an individual’s private affairs outside government services; and diaries, journals or other personal notes prepared for other reasons than carrying on the work of the department.) If, however, you used personal removable devices to transport business-related information, the information on the devices are subject to access to information and privacy or legal discovery processes. Similarly, if you copy or create information on your home computer or other personal devices, the information may be deemed to be under the care and control of the department and subject to the Acts.

Storage of inactive information of business value

When information has not been consulted for an extended period of time, it is considered inactive. However, it may not yet have reached the end of its retention period. When this happens, inactive information of business value are sometimes transferred to more economical off-site storage facilities until the time comes to finally dispose of them, either by destroying them or transferring them to Library and Archives Canada. While the information is in storage, you will still be able to access it, whether for business purposes or to respond to ATIP or legal discovery requests. If you need to arrange for the storage of your inactive information, speak to your manager and your departmental IM specialists.

The retention period is the period of time that information should be kept before it can be legally disposed. This period is:

• established by the business managers in consultation with IM specialists
• triggered by a specific action or event (for example, the last administrative action performed on or using the information)
• usually identified in years

Penalties for unauthorized destruction

Legislation stipulates that government information must be protected against unauthorized destruction. Section 67 of the Access to Information Act states that no person shall obstruct the Information Commissioner or any person acting on behalf or under the direction of the Commissioner in the performance of the Commissioner’s duties and functions.

Section 67.1 of the same Act criminalizes the intent to deny a right of access through destruction, mutilation, alteration, falsification or concealment of a government record, as well as directing or counselling an individual to do those things. Individuals who are found guilty could face criminal charges, financial penalties or both. Departments should also ensure that retention and disposition activities for personal information respect the requirements of the Privacy Act and do not result in a privacy breach (for example, the unauthorized deletion of personal information).

It’s important to recognize that both digital and physical information should be managed according to sound IM principles. Identify, capture, retain, protect and preserve digital information (including instant messages, email and attachments) so that it continues to be available and accessible to support decision-making as well as program and service delivery.

Due to the fact that digital information is so easy to create and delete, managing it effectively becomes an issue of personal accountability. File current or frequently referenced information in a way that permits efficient and authorized access, while also disposing of transitory information as soon as it’s no longer needed.

For more information, see the section Manage information based on its value.

Managing information on shared drives

Where there are no established procedures in a department to manage electronic information or if you have electronic information that cannot be managed using the established procedures, your department’s shared drive can be used to store your electronic information. It is recommended that you have procedures in place to properly manage it. Name, inventory and organize the electronic documents according to, or linking to, the departmental classification system if one is in place. Associating electronically stored information with the departmental classification structure facilitates locating and retrieving related information and applying life-cycle management procedures, including planned transfer or deletion. Keep in mind, however, that access to classified and protected material is restricted to authorized employees. Also, when using a shared drive, it is advised that file permissions are set to “read only” to ensure that documents are not altered or easily destroyed.

If you don’t have a departmental classification structure, your IM specialists can suggest effective alternate methods for organizing your shared drive.

Filing digital information

The method you use to file information will depend on the policies, procedures and tools available in your department. Many departments have deployed a system for managing information and data. As set out in the Standard on Systems that Manage Information and Data, these systems should be configured to ensure that information and data is managed effectively and securely. In most cases, these types of systems should allow documents, email messages and attachments, and digital images to be filed directly into a corporate repository according to a departmental classification structure. Once filed, they can be managed according to established IM and recordkeeping policies, standards and rules, ensuring their proper retention and disposition. Anyone with authorized access can search for and retrieve this information when it is needed.

If your department doesn’t have an appropriate system for managing information and data, speak to your manager and consult with the appropriate specialist (for example, the records or library functional specialist) to find out more about your internal policies on filing electronic information. For more information, see the section Where you can find more help.

What about email messages?

For more information on email management, see Guidance on Email Management for Employees.

A word about collaboration tools

Records are created in all media and through many different applications

Information in collaboration tools should be treated like any other information that is created, acquired or used in the GC and should be managed throughout its life cycle. Collaborative environments created or used by a federal department to conduct business-related activities with either internal or external audiences are advised to have business rules and codes of conduct established for participants. The information contained in these environments are subject to ATIP requests. Respecting to the furthest extent possible the recommendations in this guidance will enhance IM in collaborative environments. Employees may contribute to externally hosted sites for social networking or collaborative activities. The information contained on these sites may or may not be considered information of business value but may nonetheless be subject to federal or provincial access to information legislation.

In today’s work environment, it is not unusual for employees to change jobs often during their career. This trend can actually have a significant effect on how well we manage our information.

For more information on IM practices when departing or transferring from a job position, see Guidance on Employee Departure of Transfer.

This guidance has been designed to provide a basic overview of the guidelines and practices associated with managing information within the GC. It does not, however, contain specific procedures for your particular work environment. Therefore, we encourage you to contact the following experts to confirm the IM responsibilities, procedures and work tools that apply within your department.

The experts

• Information management (IM) specialists in IM policy, records offices, the library, forms management and mail services are available to answer your IM questions. They can help you:
  • plan your information needs
  • determine the best way to organize the information you work with
  • learn how long to keep information
  • find out what can be deleted or destroyed
  • become aware of many other important IM practices

  Your IM specialists also provide training on using various IM tools and procedures, including document management, records and IM systems, classification structures, and library reference and research instruments.

• The ATIP office advises on requests received under the Access to Information Act or the Privacy Act, Privacy Impact Assessments, Info Source updates, and privacy issues (collection, use, disclosure, protection, retention and disposal of personal information).
• Security specialists can help you understand the requirements pertaining to security categorization and business continuity planning.
• IT Services or the IT help desk can help you with IT-related security or questions.
• Legal Services offers interpretation and advice pertaining to all legal matters, including ATIP and contract matters.
• Library and Archives Canada holds authority for the disposition of government information, including transitory information and information of business value.

Enquiries

For more information about this guideline, contact the Information and Data Governance Division at ServiceDigital-ServicesNumerique@tbs-sct.gc.ca.