OTTAWA — “”Government online (GOL) users often feel like they’re humans stuck in the movie Alien — they don’t feel safe anywhere they go and think there’s a monster watching over them.””
It was as if Mike Gurski, a senior advisor with the Information and Privacy Commissioner of Ontario, was speaking everyone’s mind at Thursday’s conference on how to integrate privacy and security into GOL initiatives.
A roundtable discussion at the Westin Hotel offered case studies with possible solutions on how to build public trust on the Net, and turn the horror show into a love affair.
“”The Canadian public thinks there is a file that every government department has access to, and that shows we need to change public perception and help educate them about GOL initiatives,”” said Judith A. Mooney, director of access to information (ATI) and privacy for the Department of National Defence (DND). Along with the Canadian Forces, DND has launched a site called D-Net, the department’s online method of communicating with the public. The site lists DND online initiatives, making the release of information informal and often eliminating the need for formal ATI requests, which can remove the shadow of secrecy and build user confidence in the long-run.
“”It’s in the best interest of the government to make available as soon as possible information that’s of public interest,”” Mooney said. “”Our customers will have a lot more faith in the system and be more willing to use our services.””
One of the simplest ways to build user confidence in GOL is with an E-pass system that allows the public to access government records with a login and password, said Jamie Armstrong, a GOL security architect with Canada Customs and Revenue Agency (CCRA).
“”Privacy goes beyond securing information on the Net from hackers,”” Armstrong said. “”We know we have to present the perception of one-stop shopping across all departments, but we also have to look at ways of protecting our clients’ information as it passes through common infrastructure in government.””
Armstrong said it should be up to the individual to manage their government transactions — either one E-pass for all government services or a separate one for each department if they desire.
“”The actual danger is in the perception of one-stop shopping,”” he said. “”It gives the public the idea that their information will be shared across the government.””
Even with the E-passes, Armstrong said extra measures should be taken to further build the public’s confidence in GOL. “”One of the key principles is to keep people anonymous within the secure channel. It’s not until you present the secure E-pass that we should know who we are dealing with.””
One of the most detailed explanations of how to solve customer alienation was offered by Mike Gurski. He has helped develop what he calls “”a very straightforward”” seven-step process for designing privacy into technology:
• Define the privacy expectations of the public and identify legislative requirements.
• Develop privacy policies and principles.
• Undertake an assessment of human and information resources with a focus on personally identifiable data (collection, processing, managing data flows).
• Undertake a threat risk assessment by completing a privacy impact assessment.
• Deploy methodology for privacy risk management at the systems level.
• Introduce at the source level the rules and controls developed in step five.
• Deploy and audit, through a model of continuous improvement that reviews expectations and requirements.
Gurski said the final step of the process is vital in ensuring customer privacy, but admits it’s often taken for granted. “”How do we know the E-pass system is privacy protected? Because someone else in our department says so? That’s not a guarantee,”” he said. “”You have to have functionality tests done from a third party, so you need to do the final step in the process to see where you actually are. If we don’t do it right, the public will be scared to come back.””
Jason Fekete is ITBusiness.ca’s Ottawa correspondent. His last article was
GOL strategists suggest giveaways to lure users
