1. The OCAP® principles
OCAP® is a registered trademark of the First Nations Information Governance Centre (FNIGC). It asserts that First Nations have control over data collection processes in their communities, and that they own and control how this information is used.
Ownership
The Nation owns its community, cultural, and collective information. The platform is a custodian, not an owner — data about a community belongs to that community.
Control
The Nation controls how its data is collected, used, and disclosed — including the right to say no, to set conditions, and to withdraw.
Access
The Nation can access its own data held on the platform at any time, in a usable form, regardless of where it is stored.
Possession
Data is held within the Nation's tenant, logically separated from other tenants, and can be exported or returned on request.
Every record is scoped to a single Nation's tenant with row-level isolation; access is role-based and audited; survey and onboarding data is collected only with explicit, recorded consent; and a Nation may request export or deletion of its data at any time.
2. PIPEDA fair information principles
For personal information about individuals, we apply Canada's ten PIPEDA fair information principles. The table maps each principle to how the platform meets it.
| Principle | How we apply it |
|---|---|
| 1. Accountability | A named data steward per Nation; the platform team is accountable for processors and security. |
| 2. Identifying purposes | Each form states why data is collected before submission (housing need, eligibility, planning). |
| 3. Consent | Explicit, granular, and recorded; withdrawable at any time (see §3). |
| 4. Limiting collection | We collect only what the housing process needs; optional fields are clearly marked. |
| 5. Limiting use, disclosure & retention | Data is used only for the stated purpose and retained per the schedule in §4. |
| 6. Accuracy | Members and stewards can correct records; updates are timestamped. |
| 7. Safeguards | TLS in transit, hashed credentials, least-privilege RBAC, security headers, audit logging. |
| 8. Openness | This page and the privacy notice describe our practices in plain language. |
| 9. Individual access | Individuals can request the personal data we hold about them. |
| 10. Challenging compliance | Concerns can be raised with our steward and escalated to the Privacy Commissioner of Canada. |
3. Consent & how we record it
Consent on this platform is explicit, granular, and verifiable. Nothing optional runs until you allow it.
- Site consent — the privacy banner lets you accept or decline optional categories (third-party maps & fonts; anonymous usage insights). Essential storage is always on because the site cannot function without it.
- Data consent — when a member or community representative submits a survey or onboarding form, consent for that specific purpose is captured at the point of collection.
- A record of consent — each choice is logged with its scope, the categories granted, the policy version in force, and a timestamp. This gives the Nation a verifiable audit trail of who consented to what, and when, without storing unnecessary personal information.
You can change or withdraw your site choices at any time:
4. Data lifecycle & stewardship
We treat data as held in trust for the Nation across its full lifecycle.
| Stage | Practice |
|---|---|
| Collection | Purpose-stated, consent-gated, minimal. Cultural and collective data is flagged for community-level governance. |
| Use | Limited to the stated housing purpose; access is role-based and logged in the audit trail. |
| Storage | Per-tenant isolation; encrypted in transit. Hosting region and processors are disclosed in the privacy notice. |
| Retention | Held only as long as needed for the housing program or as required by funding agreements, then reviewed. |
| Disposal / return | On request or at end-of-purpose, data is exported to the Nation and/or securely deleted. |
5. Roles & access control
Access follows least privilege. Each person sees only what their role requires, within their Nation's tenant:
- Nation administrators — full control over their community's data and members.
- Housing managers & project leads — operational access to projects, parcels, and assessments.
- Technical & finance staff — scoped access to the records their work requires.
- External partners — narrowly scoped, time-limited, read-oriented access where explicitly granted.
- Read-only reviewers — view-only access for oversight or funding review.
Every sensitive action — sign-in, record changes, exports, and consent events — is written to an immutable audit log available to Nation administrators.
6. Member & community rights
Individuals and Nations may, at any time:
- Access the data held about them or their community.
- Correct inaccurate or incomplete records.
- Withdraw consent for optional processing, going forward.
- Request export of community data in a portable format.
- Request deletion, subject to legal and funding-related retention obligations.
To exercise these rights, contact your Nation's data steward or email us with the subject line "Data Governance Request." We aim to respond within 30 days.
7. Data sharing & agreements
We do not sell data and we do not share community data outside the Nation's tenant without an explicit, documented basis. Where a funder, partner, or processor requires data, we put a written data-sharing or data-processing agreement in place that preserves OCAP® ownership and control. Aggregate, de-identified statistics may be used to report program outcomes only where this cannot reasonably re-identify individuals or expose sensitive community information.
8. Governance contact
Open Housing Canada
Attn: Mike Kennedy, PhD — Director
Email: mike.kennedy@openhousingcanada.ca
This page describes how we apply OCAP® and PIPEDA in good faith; it is not legal advice and does not replace a Nation's own data governance laws or policies. For a formal Data Sharing or Data Processing Agreement, please contact us. See also our privacy notice.