Privacy and Governmental Databases
In our research we have found that most government databases are incrementally designed in response to developments and improvements that need to be incorporated from time to time. This method of architecting a system leads to a poorly designed database with many privacy risks such as: inaccurate data, incomplete data, inappropriate disclosure of data, inappropriate access to data, and inappropriate security over data. To address these privacy concerns it is important to analyze the problem that is being addressed from the perspective of potential and planned interoperability with other government databases. Below is a list of problems and recommendations concerning privacy, concerning government databases.
Government Databases and recommendations for privacy practices
-
Citizen-State relationships and privacy standards
Government databases foster different types of relationships between the state and its citizenry. For instance: User databases, service providing databases, and information providing databases. Each one these relationships requires a different level of privacy. Thus, it is important to identify the type of relationship that the database will foster in order to determine what type of privacy model to implement. -
Specific privacy policy
Each government database should have a specific privacy policy that are tailored to the information that they hold. Each policy should cover the following areas:
- data collection
- digitization
- usage
- storage
- security
- disclosure
- retrieval
- access (inter departmental and public)
- anonymization, obfuscation and deletion.
-
Personal vs. personal sensitive and public vs. non-public data categories
Data in government databases requires varying degrees of privacy safeguards. The division of personal information vs. non personal information etc. creates distinct
categories for security levels over data and permissibility of public disclosure. Ex of personal information: Name, address, telephone number, religion. Ex of non-personal data: gender, age. This could work to avoid situations such as the census - where a person’s name, address, age, etc, were all printed for the public eye.
-
Standardization of Privacy Policies and Access Control
Government databases should all be designed upon interoperable standards so that the databases can "talk" to each other. The ability to coalesce databases strengthens the potential for use and reuse by different stakeholders. Furthermore, the interoperability of systems helps to avoid the creation of silos that hold multiple copies of the same data. To protect the privacy in interoperable systems - restricted and authorized access within departments and between departments is key. The Department of Information Technology has recently published a "Government Interoperability Framework" titled "Interoperability Framework for eGovernance" This policy document is the appropriate place to articulate interoperable privacy policies that could be adopted across eGovernance projects.
-
Record of breach notification
If data breach occurs in government database, the breach should be recorded and the appropriate individuals notified.
-
Anonymization/obfuscation and deletion policies
Once the purpose for which the data has been collected has been served it must be anonymized/obfuscated or deleted as appropriate. All data-sets cannot be deleted as bulk aggregate data is very useful to those interested in trend analysis. Anonymizing/obfuscating the personal details of a data set ensures that privacy is protected during such trend analysis.
-
Accountability for accuracy of data
Frequently data that is collected and entered into government databases is not accurate, because the departments are not collecting the data themselves. Thus, they feel no responsibility for its accuracy. If a mechanism is built into each database for identification of each data source this brings accountability for data accuracy.
-
Appropriate uses of government databases
Businesses should feel automatically entitled to aggregate and consolidate public information from government databases because it is technically possible to do so. Their uses of government database must be guided by policies that define "appropriate usage."
-
Access, updation and control of personal information
Citizens must be able to access and update their information. Furthermore, they should be able to define to a certain extent access control to their information - which would automatically make them eligible or ineligible for various government services.
Bibliography
-
Rezhui, Abdemounaam. Preserving Privacy in Web Services. Department of Computer Sciences, Virginia Tech.
-
Medjahed, Brahim. Infrastructure for E-Government Web Services. IEEE Internet Computing, Virgina Tech. January/Feburary 2003.
- Mladen, Karen. A Report of Research on Privacy for Electronic Government. Privacy in Canada
joi.ito.com/privacyreport/Contents_Distilled/.../Canada_E_p252-314.pdf