In the physical world, individuals’ rights are well-established. In general, people can walk down the street without having to fear a crime – and knowing that police and the legal system will support them if trouble arises. But in the virtual world, such rights are still developing and digital attacks involving online fraud, data breaches, malware and beyond are all too common and not as clearly regulated.
Trust is therefore becoming a critical factor for local authorities to address in order to capitalize on the power of data and technology. If citizens do not trust them to manage personal data securely, they will withhold information, decline permission to share data or simply rely on traditional communication methods.
Identifying a better way
Digital identities can play a major role in developing trust as well as making services more convenient. At present, people have to prove their identity repeatedly, often with more personal data than is required for the transaction.
A secure digital-identity system allows organizations to check only what they need to know when they need to know it. Some countries, such as Estonia, now have national digital-identity systems that work across public and private sectors, while in others, identity is managed at a state, province or regional level. In Australia, there is an opportunity for local government authorities to leverage the federal myGov identities as well as the various state-managed driver’s license verification applications within their systems and solutions.
Local organizations across England, Scotland and Wales have voluntarily signed up to a nationally run service called Tell Us Once. When someone registers a death with local authorities, the service can be used to inform up to 30 other organizations covering tax, benefits, pensions, driver licensing and passports.
This kind of connected innovation is a forward, but many organizations continue to hold important data across an array of disconnected systems. Digital identity, combined with a well-integrated and interoperable data-exchange ecosystem, is instrumental to unlocking a unified view of disparate data.
From an inclusivity perspective, identity systems also need to work for those who make little or no use of digital technology. This means that identity systems will need to support omnichannel delivery, much like the payment industry, ensuring that customers can conduct transactions in person, over the phone or digitally, making services fully accessible to all.
Common rules and standards related to the storage and processing of identity data are integral to ensure that local organizations can work together on identity, such as transferring or accepting validated information from someone moving from another part of the country. The Pan-Canadian Trust Framework, run by the Digital ID and Authentication Council of Canada, is an example of how an ecosystem of this kind can be developed.
Securing sensitive data
Effective digital-identity and data-access management are essential in controlling and safeguarding access to data, unlocking only what is needed for those who have a specific requirement to see it. This can involve role-based access, so that someone providing social-support services can only view personal data on their own cases, following the need-to-know principle.
However, work to develop trust in cyber security needs to go much further. Local authorities need to protect data wherever it resides, which can now be anywhere from a data center to a cloud environment. These data assets are vulnerable to malicious actors using malware to steal confidential information or disrupt critical services.
A ‘zero-trust’ model of security is needed, one that assumes networks are insecure and that protects data access via user identity rather than network location. Greater use of outsourced cloud-computing services and Software as a Service (SaaS) applications – and the proliferation of remote working during the COVID-19 pandemic – makes this even more critical.
It’s also important to be pragmatic. The key is to align security systems to specific local needs. From there, focus should be on addressing basic hygiene elements, such as patching or updating software, and then building a roadmap for the right investments involving modern skills, processes and technologies.
Organizations should also plan for failures, working to prevent them and investing in appropriate detection and response systems. Cyber-security spending and the quest for a right-sized solution can be costly and there is no such thing as perfect security when connected to the Internet as we all are.
Open data promises new opportunities
Local organizations, given the diversity of their stakeholders, are exceptionally rich in valuable data. And while confidential personal and business data needs secure protection, governments also need to pursue viable opportunities for data use that will help inform future service offerings and commercialization possibilities.
Enabling an open-data approach can provide valuable new insights and decision-making toward critical future service, innovations and economic opportunities – including the ability to enhance cost and resource management in today’s budget-tight, low-growth era.
Open data, published freely without restrictions on use, can also encourage commercial and academic innovation and may also unlock productive collaboration with other public-sector organizations. However, just because data is considered ‘open’ doesn’t mean security can be ignored. Integrity of data must be top of mind if it is to be considered accurate and trustworthy. This, too, requires robust identity management to ensure unauthorized changes or tampering cannot occur.
- Secure digital identity can will help put citizens using increasingly integrated platforms and services at the center of local government processes, enhancing convenience, privacy and security.
- If you can't hold data with trust and security, you shouldn't hold it at all.
- Take a risk-based approach to protecting data: look to prioritize key assets, prevent malicious activity where possible and be ready to detect and respond to threats quickly.
- Efficiencies brought in by process optimization and automation can help will result in cost savings that can be reinvested towards other customer-focused services.
1 A commissioned study conducted by Forrester Consulting on behalf of KPMG, November 2020