Executive Development Course: Digital Government for Transformation Towards Sustainable and Resilient Societies the Singapore Experience Laws and Regulations & Data Governance 2-6 April 2018 UNDP Global Center for Public Service Excellence, Singapore Keping Yao United Nations Project Office on Governance, Division for Public Administration and Development Management United Nations Department of Economic and Social Affairs
Contents I. Data governance for better public service delivery II. Data governance from the perspective of government III. Laws and regulations for data governance IV. Policy recommendations 2
I. Data governance for better public service delivery The 2030 Agenda refers to various types of public service delivery 13 Goals relate to public service delivery. 59 targets (35%) require delivery of specific public services. Among 230 indicators, 66 of them (29%) require some public service to be delivered by public institutions. 3
I. Data governance for better public service delivery Open government data as public asset Data driven innovation - open standard, open source and open code Collaboration among ministries and with citizens Integrated services eid/digital ID 4
I. Data governance for better public service delivery Gartner Top 10 Strategic Technology Trends for 2018 5
I. Data governance for better public service delivery Deloitte - Technology trends facing the government Reengineering technology Enterprise data sovereignty Digital reality API imperative No collar workforce The new core Blockchain to blockchains Exponential technology watch list 6
1. Innovation and Public Service Delivery for the SDGs 7
Government as service providers and data generators Government as regulator and guardian of privacy of the users and citizens 8
Building resilience in IT infrastructure against cyberattacks cyberspace security as national security Business continuity of online services archiving and backup 9
Data governance is not just about data security and privacy protection 10
Data governance is more about the framework and process, and less technical than other data management capabilities Data governance is about data standards and policies that manages availability, usability, integrity, and security of the data employed in an organization 11
3 perspectives Organization/People strategic, tactical and stewards Process to define and enforce data standard and policies, and audit, monitor and control of data governance activities Technology secure infrastructure, identity and access control, information protection, auditing and reporting (compliance controls) 12
Government-wide governance structure for Setting the policy and strategy for data collection/gathering, data classification, naming conventions, data processing, access control, usage and analysis, data release, and data security during the information life cycle & consistent across gov. agencies 13
Collaboration to avoid duplicate data collection/gathering, e.g. customs and border control, tourism Data quality assurance framework consistent in data quality and data publication process 14
Government as service providers and data generators Collecting and using data to ensure compliance with data privacy (PII) Open government data de-identification and anonymization to ensure privacy and data security 15
Data-smart government delivering service using open/big data: traffic control smart grid waste management social media analysis predictive policing sound analytics emergency response 16
Governments hold personally identifiable and commercially sensitive information e.g. eid or digital ID with biometrics info, bank account info, driver license, and customer registered info for gaining certain types of services 17
When collaborating with other agencies or outsourcing to third parties Gaining access to database without knowing by users Data usage without following proper rules and procedures Not fulfilling the data protection responsibilities Maximizing the commercial value for sharing data with other parties 18
Aadhaar data leak: Edward Snowden backs India reporter over expose 19
20
Government as regulator and the guardian of privacy of the users and citizens 21
In IT era, ordinary citizens have no capacity to protect personal information 22
Legislation privacy first Enforcing compliance 23
Facebook and Cambridge Analytica data breach - the data breach of a collection of personally identifiable information of about 50 million Facebook users that Cambridge Analytica began collecting in 2014. A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment 24
25
26
III. Laws and regulations for data governance General Data Protection Regulation (GDPR) Effective May 25, 2018 Privacy Amendment (Notifiable Data Breaches) Bill 2016 Effective Feb 2018 Health Insurance Portability and Accountability Act In effect Payment Card Industry Data Security Standard In effect 27
III. Laws and regulations for data governance No single, comprehensive federal law regulating the collection and use of personal data The Federal Trade Commission Act (15 U.S.C. 41-58) (FTC Act) - a federal consumer protection law The Financial Services Modernization Act (Gramm-Leach-Bliley Act (GLB)) (15 U.S.C. 6801-6827) The Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. 1301 et seq.) regulates medical information. Children's Online Privacy Protection Act of 1998 The Fair Credit Reporting Act (15 U.S.C. 1681) (and the Fair and Accurate Credit Transactions Act (Pub. L. No. 108-159) The Electronic Communications Privacy Act (18 U.S.C. 2510) and the Computer Fraud and Abuse Act (18 U.S.C. 1030) 28
III. Laws and regulations for data governance 29
III. Laws and regulations for data governance Brunei has ratified several laws related to cybersecurity Chapter 197 Anti-Terrorism (Financial and Other Measures) Act Chapter 194 Computer Misuse Act Chapter 153 Official Secrets Act Chapter 108 Evidence Act National ICT Security Policy Authority and Bru-CERT 30
III. Laws and regulations for data governance Indonesia has ratified several laws related to security Electronic Transaction Act No. 11/2008 Electronic Transaction and System Provider Regulation No. 82/2012 Information Security Guideline GOV-Cert ID-SIRTII ID-CERT ID-SIRTII Setting up CERT-Indonesia 31
III. Laws and regulations for data governance Cyber Security Malaysia - national info security coordination center Digital Signature Act of 1997 Computer Crimes Act of 1997 Telemedicine Act of 1997 e-commerce Act of 2006 Electronic Government Activities Act of 2007 Personal Data Protection Act by 2010 32
III. Laws and regulations for data governance Philippines Digital Signature Act of 1997 Computer Crimes Act of 1997 Telemedicine Act of 1997 e-commerce Act of 2006 Electronic Government Activities Act of 2007 Personal Data Protection Act by 2010 33
III. Laws and regulations for data governance Thailand Electronic Act 2001 - the core of its cyber law The Computer Crime Act B.E.2550 (2007) In the process of establishing new legislation on digital economy three among eight items on cybersecurity: Computer-Related Crime Bill (amendment); Personal Data Protection Bill; Cyber security Bill 34
III. Laws and regulations for data governance 35
IV. Policy recommendations Government-wide data governance All stakeholders inclusive approach bringing in citizens* Government legislation should be with foresight adaptive, review and amend Develop a culture of data privacy awareness-raising Prudential in outsourcing in the cloud environment A holistic approach data security, maintaining data privacy and meeting compliance requirements International collaboration in cyberspace security 36
Questions? شكرا gracias 谢谢 thank you merci bienvenidos Publicadministration.un.org unpog.org Email: yaok@un.org