RSS feedsWhen it comes to sharing information across government agencies, what is lacking is the articulation of a high-level vision that can be shared with, and gain the trust of, people on the street. We need to make statements such as: We will ensure the security and integrity of information we hold; with your permission, we will share information among government agencies to provide you with better services; and we will help you stay in control of your identity.
We all must shift the level of debate on data sharing and security to deal with the issues on a pragmatic basis.
A totally secure system will never exist. The more sophisticated our systems, the more sophisticated our criminals. Individuals must be helped to understand how they can protect themselves. For example, people need to keep an eye on their credit status. Could the government mandate notification of changes to individuals?
Citizens need to take more responsibility for their own security.
Most of all, this citizen awareness-raising and communications campaign needs to be matched by commitment to a high-level vision for maximising the security and integrity of personal data. Information should only be shared through systems designed for the purpose.
Government Connect (GC) is such a system albeit one that, initially at least, does not implement federated identity management and authentication. The GC team and the Department for Children, Schools and Families have agreed to work with Socitm on developing that over-arching vision and communications plan. Socitm is setting up collaboration forums to facilitate these goals.
As we develop the vision, our expectation is that other key principles will emerge. The information sharing system must be capable of operating over the internet for citizen access not reliant on a firewalled network.
It must be possible to both vouch for the identities of people who access information systems and authenticate their entitlement according to their roles in relation to the information being accessed. Individuals must be in control of their own identities.
Information sharing systems must implement federated identity management so people can use the same identities in different systems if they wish.
Too often, government develops tactics in the absence of vision and strategy. Tactical approaches such as secure data transfer may have a place in tightening-up security until a strategy for the achievement of the vision can be put in place, but my view is that access to information in a system designed to facilitate the sharing of information will be in situ.
Richard Steel is president of
public sector user group Socitm -
the Society
of IT Management
