Putting data in the hands of clients: Data portability in the social sector

Data collected by the sector is rarely accessible to those who provide it, but giving clients a right to data portability – and recognizing them as data owners rather than simply data subjects – would empower them to choose how it is shared and reused.

Data collected by the sector is rarely accessible to those who provide it, but giving clients a right to data portability – and recognizing them as data owners rather than simply data subjects – would empower them to choose how it is shared and reused.

Social service organizations are increasingly developing data strategies and adopting new technology for collecting and analyzing data. But organizations that serve clients directly must do much more to leverage a client’s data for the client’s benefit. The emerging concept of “data portability” can help.

Data collected by the social sector is often siloed within organizations and is rarely accessible to the very clients who provide it. This causes problems for social sector organizations as well as for clients. For organizations, sharing data with partners is cumbersome, if not impossible. Many organizations fear violating privacy laws, even when those laws would permit data sharing. Further, when data is captured in different ways, data-entry error increases, and clients may provide inconsistent information. The result? Systems cannot accurately assess service-use patterns for planning or quality improvement, nor can they tell stories of collective impact.

Service organizations are takers, not givers, of valuable data, often engaging in what has been labelled “extractive data practices.”

From the clients’ perspective, social services tend to treat clients as data subjects, not data owners. Service organizations are takers, not givers, of valuable data, often engaging in what has been labelled “extractive data practices.” Further, clients must provide the same data repeatedly to access services. This burdens both clients and staff – and can even be traumatizing for vulnerable clients.

The right to data portability can address these problems. It gives clients access to data about themselves and empowers them to choose how it is shared and reused. It is revolutionary to recognize clients, often marginalized individuals, as data owners, rather than simply data subjects. And it is a clarion call to service providers to offer a direct benefit to clients in exchange for the valuable data they provide.

What is data portability?

Data portability can be defined narrowly as “the right for citizens and businesses to request the transfer of their personal data from one service or platform to another for reuse.” More broadly, it is intended to give individuals greater control over accessing their data, appointing and removing data custodians, porting their data, and deleting data.

If you have ever moved your mobile number from Bell to Rogers, or exported photos from one photo app to another, you have benefited from data portability. Downloading a vaccine credential and sharing it with an airline is another example. But the frustration and expense of moving health records from one family doctor to another illustrates the absence of data portability.

Open banking (or consumer-directed finance) is a common example of data portability. It is already enabled in large swaths of the world, where the law would require a bank to share your financial information with a budgeting app at your request. Portability for personal health data requires a healthcare provider or system to give patients free access to their own health data. Portability of energy or telecommunication company data is on the horizon in several jurisdictions.

Any organization can enable data portability voluntarily if it meets all data-protection and privacy requirements, notably consent. Legislation just makes it mandatory. Canada has been slow off the mark, but Quebec has enshrined data portability in Bill 64, its new privacy law. Europe’s General Data Protection Regulation sets out a right to data portability, as does Brazil’s Data Protection Law, and Australia recognizes an industry-agnostic consumer data right. Closer to home, the United States has made advances in open banking and the sharing of health data. India is on the cusp of passing personal-data-protection legislation that will enshrine the right to data portability.

Data portability and decolonizing data

There is much to unpack when we examine data portability in the context of decolonizing data and promoting Indigenous data sovereignty, including as it is expressed with respect to First Nations communities. To begin this conversation, we note some parallels between the imperative to critically examine who owns, controls, accesses, and possesses data and the concept of data portability. As the First Nations Information Governance Centre explains in a 2014 paper on “ownership, control, access and possession” (trademarked as “OCAP™”), “the problems with use of First Nations information stems from who is in control – and thus what gets done, how it is done – and who knows about it. The question of whose interests are served is central. And of course, there is an unambiguous relationship between control and benefit.” It is beyond the scope of this article, and the authors’ expertise, to address this subject thoroughly here. We emphasize that further discussions about data portability in the social sector must include Indigenous knowledge keepers, Elders, and Indigenous people to ensure that Indigenous data sovereignty is considered in this context.

What does data portability look like in our sector today?

Some non-profits have begun developing tools that support data portability. In Alberta, a group of four social-service organizations have worked together to build a user-centred app called Transform. It captures client information and outcomes in a standardized way, enables communications with clients, and recommends customized referrals. Clients enter personal information only once and have control over what information they share with each organization. In this case, the data remains within one app, and the portability is enabled through permitting access to different organizations.

The developers of the Transform app have reported that this approach to data portability has benefits for the organizations as well as for clients. For individuals, the algorithms can make use of more complete service-use data, resulting in more tailored referrals and communications to meet their needs. Social-service clients often cite the need to tell their stories multiple times, which is not only time-consuming but invasive. From an organizational perspective, the app reduces the burden on each agency to collect similar information from the same client, allowing resources to be spent on more valuable front-line care.

Introducing data portability solutions can enable a more coordinated system of care where integrated data can drive insights that will lead to quality improvements, proactive rather than reactive resource deployment, and the ability to evaluate the impact of the system as a whole. Perhaps more importantly, empowering individuals to choose what data they share and for what purposes places the onus on organizations to consider what direct value they are offering in exchange for client data.

What is the future of data portability?

The world is moving toward patient-centred healthcare and consumer-directed finance. We are starting to appreciate that individuals should directly benefit from their own data, and enabling technology, such as cloud-based solutions, artificial intelligence, and machine learning, is becoming more affordable. Will governmental and non-governmental social services follow suit and build more personalized, data-driven supports for clients?

We can envision clients sharing data with service providers in exchange for personalized support based on data-driven insights. For example, how might a financial counsellor better serve a client with an app that accesses and analyzes their banking data? What supports could employment agencies offer based on an analysis of clients’ employment, education, and training data? What would be possible if clients had access to and could share any data about themselves currently held by various data custodians – health, financial, government benefits, educational, employment? What kinds of apps could service organizations build to derive insights from this data and provide more effective, personalized supports?

More broadly, imagine how much more likely people in need would be to access services if they could verify their eligibility immediately and enroll with no paperwork. And consider the improvements to the quality of service if staff could spend more time helping people and less time doing data entry.

What are the challenges?

At least five major challenges must be overcome to facilitate data portability in the sector. First, organizations will need to ensure that consent for data sharing is truly informed and free from coercion. Key considerations include education levels, language fluency, and the relationship within which consent is sought.

Second, the security and privacy protections built into the information systems should be top of mind. Security breaches would damage the trust between clients and participating organizations and could result in practical and psychological harm. Organizations working within a data portability framework will need to address legal and financial liabilities associated with data breaches.

Third, both clients and non-profit staff will require education and capacity-building supports to increase digital literacy and accessibility. In many communities, access to stable internet connections or smartphones is a major barrier to technology use.

Fourth, many organizations are operating with outdated IT and data management systems, and a shift to this model could require significant upgrades.

Finally, to the extent that artificial intelligence is used to generate insights from data, this requires careful design and governance to safeguard against bias and other risks.

What’s next?

Legislation could accelerate this work by establishing what types of data must be portable and under what conditions. But we need not wait. We can begin this conversation as a sector, today.

Non-profits should consider these key questions: As we develop our data strategy, how can we build in a direct benefit for our users? How can we make their own data accessible and useful to them?

As a sector, we must ask: How can we enable portability across organizations to improve outcomes for our clients? We can dig into a few specifics. For example, what type of data should be shared? What technology architectures and standards would enable this? At a minimum, we need the technology for data sharing, security standards to ensure that the data sharing is secure, and consent management so that individuals understand what data they are sharing. Crucially, what digital devices and literacy would be required to enable this, both for organizations and for beneficiaries?


The ethics of data collection, use, and sharing by big tech has come under a microscope, and rightly so. As our sector builds our data and technology capacity, let’s ensure that our values and ethics remain front and centre. Providing a direct benefit to clients in exchange for their valuable data is key. We have an opportunity to do this right, and to do right by our clients.

Thank you to the reviewers of this article: Laura Anderson, Victor Beausoleil, Tim Bouma, Keith Jansa, Chris McLellan, Karen Myers, Naomi Parker, and Robyn Blackadar. All input was appreciated, and all views are the authors’ own.


Weekly news & analysis

Staying current on the Canadian non-profit sector has never been easier

This field is for validation purposes and should be left unchanged.