PUBLIC SERVICE DATA STRATEGY 2019 - 2023 - Office of the Government Chief Information Officer - Data.gov.ie
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
PUBLIC SERVICE DATA STRATEGY 2019 – 2023 Office of the Government Chief Information Officer Department of Public Expenditure and Reform
OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
Contents
Ministerial Foreword...................................................................................................................................................... 1
1. Executive Summary................................................................................................................................................ 2
2. Introduction............................................................................................................................................................... 4
2.1 Context and relevant strategies.......................................................................................................... 4
2.2 Data Management Landscape in the Public Service Today...................................................... 5
3. Vision ........................................................................................................................................................................... 8
3.1 Data Ecosystem.......................................................................................................................................... 8
3.2 Benefits.......................................................................................................................................................... 10
4. Principles.................................................................................................................................................................... 11
4.1 Data Transparency.................................................................................................................................... 11
4.2 Data Reuse................................................................................................................................................... 12
4.3 Data Governance and Controls........................................................................................................... 13
4.4 Digital............................................................................................................................................................. 14
4.5 Data Analytics............................................................................................................................................. 14
4.6 Data Privacy and Security...................................................................................................................... 14
5. Strategic Themes..................................................................................................................................................... 16
5.1 Protection and Legislation..................................................................................................................... 16
5.2 Governance and Standards................................................................................................................... 17
5.3 Privacy and Security................................................................................................................................. 17
5.4 Digital Collection....................................................................................................................................... 19
5.5 Interoperability.......................................................................................................................................... 19
5.6 Analytics........................................................................................................................................................ 21
5.7 Discovery...................................................................................................................................................... 23
5.8 Trusted Identifiers..................................................................................................................................... 24
5.9 Base Registries........................................................................................................................................... 25
5.10 Transparency............................................................................................................................................... 26
5.11 Capability...................................................................................................................................................... 27
5.12 Geo-spatial................................................................................................................................................... 28
5.13 Records Management.............................................................................................................................. 29
6. Action Summary...................................................................................................................................................... 30
Appendix A: Data Lifecycle.......................................................................................................................................... 32
Appendix B: Glossary...................................................................................................................................................... 34
OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
Foreword
I am delighted to publish the first Data Strategy for the Public Service. Data lies at the heart of
Government, it drives decision making, shapes public policy, and is central to the delivery of public
services. As our society evolves so too does the demand for improved public services. The strategy sets
out a vision, along with a set of actions, on how we can improve our use of data to support a more joined-
up, efficient and effective Government. It aims to put in place a series of measures to improve how data is
governed, managed and re-used in a secure, efficient and transparent manner across the whole of
Government for the benefit of citizens and businesses.
The strategy’s implementation will put Government in a better place to respond to service demands,
providing joined-up and integrated services, reducing administrative burdens, better protection of personal
data, and improving the process of policy formulation and evaluation.
The strategy builds upon the forthcoming Data Sharing and Governance Bill. In order to improve
Government data, its treatment, and its reuse, the Data Sharing and Governance Bill will put in place a
legal framework for the safe and secure sharing of data across Government. This is complimented by a
wide range of governance and transparency measures to ensure that all data sharing is done in an
appropriate manner.
In order to deliver efficient and effective public services, the same data should not have to be collected
over and over again, this is costly and cumbersome for citizens, businesses and public bodies alike. Public
Service bodies should be able to work together for the benefit of citizens and businesses.
In October 2017 Ireland signed up to the Tallinn Declaration on eGovernment, which contains the once-
only principle. The once-only principle outlines that public bodies should collect data once, and only once
from citizens and businesses, and reuse that data as opposed to recollecting it. The benefits of adopting
this approach are numerous, and both the Data Sharing and Governance Bill and this strategy drive Ireland
further along this path.
I am excited about the direction and ambitious nature of this strategy. It aims to bring about real change
and improvements in how we deliver public services. I look forward to seeing the benefits and positive
outcomes that its implementation will deliver.
Please
provide
image
Patrick O’Donovan T.D.
Minister of State at the Department of Finance and the Department of
Public Expenditure and Reform with special responsibility for Public
Procurement, Open Government and eGovernment
1
OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
1
Executive
Summary
Data lies at the heart of Government, informs a well-functioning whole-of-Government
and drives public policy, is collected and data ecosystem can emerge to better serve its
consumed by Public Service bodies (PSBs) and is citizens and businesses.
central to the delivery of public services. In order
to optimise the use of our data throughout its This strategy describes a data ecosystem,
lifecycle, and ensure it is appropriately protected, including associated governance, for the
a Public Service data strategy is required. optimisation of data management within
Government. It sets out a single narrative
While there are many examples of good paving the way to an integrated approach to the
data management practice throughout the improved use of data, particularly across PSB
Public Service, data is frequently collected boundaries. This approach will result in benefits
and managed in an independent manner. This across both the strategic and operational use of
approach has commonly been adopted in order data. Such benefits include:
to serve specific needs and to comply with
legislative obligations, though has resulted in a • More joined-up end-to-end digital services
somewhat fragmented whole-of-Government • Better analytics driven data insights
data ecosystem. These practices can result in leading to improved policy formulation
increased administrative burdens, reduced data • Reduced administration by cutting the
driven policy making, difficulties in introducing need to provide the same data over and
joined-up digital services, and reduced over again
Government agility in responding to today’s • Improved agility by securely and efficiently
challenges. reusing data
• Improved protection and transparency of
By building on the good data management the way data is used throughout its lifecycle
practices already employed by some PSBs, • Better services and policy through
adopting a more consistent and uniform improved data quality
approach to data across Government, and
enabling the secure reuse of data and services, The strategy builds upon existing data initiatives
2
OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
such as the National Data Infrastructure (NDI), • Base registries (single authoritative sources
which primarily concerns the identification of of data) will enable data to be reused, and
people, businesses and location; and the Data reduce the need for citizens and businesses
Sharing and Governance Bill (DSGB), which to provide the same information to PSBs
sets out a legal framework for the sharing and again and again
governance of data across Government. The • Privacy, security and transparency systems
strategy illustrates how these work together, and processes empowering people to see
along with appropriate governance, processes what data Government holds on them and
and systems, to create a cohesive ecosystem. how they are being processed. These will be
instrumental in fostering trust between the
This strategy first sets out a vision for various actors in the ecosystem
data management within Government
• A structured approach to open data and
and includes a set of guiding principles to
cross-departmental analytics is central
assist PSBs in aligning with the vision. The
to the promoting the value of data, the
strategy proceeds to detail a set of strategic
generation of data-driven insights and
themes and supporting actions that will build
delivery of evidence based decision making
incrementally to a target state data ecosystem.
The ecosystem is comprised of the following Informed by exemplar implementations in
primary characteristics.
Europe, such as Estonia and Denmark, and
aligning with best-practice recommendations
• A strong emphasis on supporting data
from the EU, OECD and the World Bank, the
controllers in meeting their obligations
target state data ecosystem envisioned by
under the GDPR and other legislation while
this strategy requires a whole-of-government
safely allowing citizens, businesses and
approach, where PSBs will cooperate and
PSBs to get appropriate access to the data
that Government holds reuse data and services in an effective, secure
• Standards and good governance processes and consistent way using API-led technologies.
will ensure that data is managed
The Public Service Data Strategy is a
appropriately and consistently across all
PSBs, maintaining trust with Government comprehensive multi-year, multi-department
• Security and data protection measures to strategy that sets out a series of ambitious
identify and protect citizen and business goals and actions to deliver on a target state
data, for example, privacy-by-design and data ecosystem for Government. It sets our
privacy-by-default, will be adopted “North Star” to start moving towards
• Co-ordinated approach, including shared incrementally. Although covering four years,
systems and processes, moving us to this strategy sets out some long-term actions
a consistent method of publishing and which will take well beyond the lifetime of this
collecting data digitally strategy to fully realise.
• Shared platform to support the secure,
transparent and controlled reuse of data Delivery of the strategy will be modular and
across PSBs will be introduced. These incremental, with each action delivering its
technologies will focus on APIs as the own value and progressively adding to the data
primary enabler for data reuse. APIs ecosystem. Many of these actions are already
(Application Programming Interface) underway in some form and this strategy seeks
are a modern best-practice machine-to- to build upon what is already in place within
machine mechanism to facilitate technical PSBs. Delivery of the strategy will require a
interoperability, supporting controlled sustained investment and commitment across
service and data access Government.
3
OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
2
Introduction
2.1 Context and relevant strategies • The Public Service ICT Strategy includes
Public Service data, as a service-wide cross a Data as an Enable strategic pillar calling
cutting concern, would benefit from being for the improved management of data
examined and dealt with in a unified and across the Public Service supporting better
consistent manner. Across PSB boundaries, administration and decision making.
data sources are often independent and lack
harmonisation and consistency, frequently • The eGovernment Strategy 2017-2020
making it diffi cult to accurately and reliably sets out a vision that utilises technology to
reuse data for new administrative and improve citizen and business interactions
statistical purposes. with Government through better digital
and data usage, improved capabilities, and
Better treatment of data, through enhanced governance.
standardised data management practices,
advocating data reuse over data collection, • The National Statistics Board’s Strategy
promotion of cross-agency data-sharing 2015-2020 outlines the importance of
underpinned by a clear legal basis and driven joined-up data for joined-up Government.
by improved effi ciencies for citizens and It describes how the ability to make
businesses is central to the solution of these successful national policy decisions and to
challenges. be accountable to citizens can be enhanced
by the increased availability, breadth and
A number of recently published Government quality of information, evidence and insight.
strategies call for improvements in the
management of data as a key enabler to • Our Public Service 2020 includes an action
delivering effi cient and effective public to “Optimise the use of data” – outlining how
services and policy making. These strategies data will support better service delivery,
include: better decision making, increase the ease of
access to services and drive efficiencies.
4
OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
The cohesive approach to Public Service data European exemplars like Denmark, Norway
as outlined in this Strategy aligns well with the and Estonia have prioritised data initiatives
forthcoming National Digital Strategy, which is such as adherence to “Once only” and
currently in development. The National Digital “Privacy by design” principles; focusing on
Strategy will set out a clear long-term vision good governance and effective legislation
and high-level ambition for how Ireland can enforcing inter-agency data-sharing; and
best respond to digitisation, which will rely implementation of key enablers such as
heavily on the effective management of data. base registries, e-Identifi ers, and a core
interoperability platform.
The move towards better data management
practices and regulated data-sharing is This strategy recognises the signifi cant
also prevalent amongst EU bodies and opportunities to be gained by improving the
global organisations advocating a whole-of- treatment of data held by the Public Service
Government approach: in a holistic manner. It sets out a detailed
vision, and complementary action points, for
• Principle 7 of the OECD’s 12 principles of developing an improved and coherent data
digital Government strategies states that management ecosystem within Government.
Governments should develop common
policies and standards and drive the 2.2 Data Management Landscape in the
adoption of national interoperability Public Service Today
frameworks for data exchange. Across the Public Service, there are many
examples of good data management practices
• The EU’s Tallinn declaration of Oct 2017 being employed in individual PSBs. However, as
states that we should take steps to create a whole-of-Government cross cutting concern,
a culture of re-use, including responsible data is not being examined and dealt with in a
and transparent re-use of data within our unifi ed and consistent manner. Data, in order
administrations. to comply with legislation, is often maintained
in silos, where it is collected and stored for
• The EU’s European Interoperability the needs of the individual PSBs. There are
Framework (EIF) outlines the objective benefi ts to these practices, as is evident by the
of “Promoting seamless services safe, secure delivery of specifi c public services
and data flows for European public – but it also results in ineffi ciencies such as the
administrations”. The aim of the EIF is to potential duplication of data being stored and
inspire European public administrations in collected by different PSBs, bespoke bi-lateral
their efforts to design and deliver seamless data-sharing agreements between PSBs, and a
European Public Services to other public reduction in data quality.
administrations, citizens and businesses.
The overall result is a sub-optimal whole-
• The European Commission’s Digital Agenda, of-Government ecosystem where data is
in pursuit of a Digital Single Market, lists 2 governed and managed by the policies of
key pillars - enhancing interoperability and individual PSBs, and not easily reused to
standards, and strengthening online trust deliver joined up services or assist policy
and security. making and evaluation. In order to improve the
various forms of data reuse, a greater degree
• The UN advocates that Governments of standardisation in terms of systems, policies
can contribute to policy integration and and practices is required. The good practices
integrated service delivery by regulating being employed by PSBs should serve as the
data sharing and promoting data standards foundation for building a more co-ordinated,
that make sharing more effective. consistent approach to data management in a
whole-of-Government manner.
5
OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
DATA
PSB A DATA
DATA
PSB F DATA
PSB B DATA
PSB C
DATA
PSB E
DATA
DATA
DATA DATA
PSB D
DATA DATA
Figure 1: As-Is Data Management Landscape in the Public Service Today
While the above may paint a challenging picture of a largely un-coordinated data management
landscape in existence today, there are many good examples of outcome driven sharing of data and
services between PSBs such as:
MyGovID, the Government’s citizen identity verification service, being used by many
PSBs to access and deliver a growing number of services online
The Local Property Tax register reusing data from various internal and external
sources
Real-time data sharing between a number of PSBs supporting SUSI in efficiently
processing student grant applications
Education reports providing insight into graduate destinations and earnings using
data from the HEA, Revenue and DEASP
The Job Seeker Longitudinal Dataset combines income, claims and training data to
produce a uniquely detailed view of the Irish labour market for policy creation and
evaluation
Companies Registration Office providing controlled access to its data via APIs to
various PSBs
The HSE Healthlink project facilitating the secure transmission of clinical patient
information between Hospitals, Health Care Agencies and GPs
6OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
Equally, there are many examples today where crucial to successfully linking data, joining
challenges exist for citizens, businesses, and up government, and delivering integrated
PSBs alike due to inconsistent treatment of services.
data and the lack of systems integration and
a pan-agency interoperability platform. Such To further assist in resolving these challenges,
examples include: the Data Sharing and Governance Bill (DSGB)
seeks to provide a legal basis to enable PSBs -
• Separate online customer registration where they already have a legal basis to collect
systems and processes that are at odds with data from the citizen or business directly, to
the once-only principle collect that data from another PSB. This aligns
• Cross-agency customer data matching with the once-only principle of collecting data
issues once from citizens and businesses, and reusing
• Manual processes due to the lack of real- data as opposed to recollecting.
time interfaces
• Re-collection of data already captured by This Data Strategy sets the NDI and the
separate agencies slowing down service DSGB in the wider context of building a
delivery. coherent data management ecosystem for
the Public Service. It seeks to remedy the
Government have taken steps to address aforementioned challenges with current
some of these challenges by embarking on data initiatives in the Public Service today by
the National Data Infrastructure (NDI), bringing about a unified approach to how such
which concerns itself with the consistent and data initiatives are devised and implemented.
reliable identification of data that relates To support this cohesion, this data strategy
to a particular location – through the use of sets out an overarching vision and provides a
an Eircode; person – through the use of a set of principles, themes and actions guiding
PPSN; business – through the use of a Unique the management, governance, architecture,
Business Identifier (UBI). The consistent and re-use of data in a secure, open and
identification of these core data assets is transparent way.
7OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
3
Vision
“To establish a data ecosystem that will improve
how we govern, manage and re-use data in a secure,
efficient, and transparent way, for the benefit of
citizens, businesses and policy makers”.
Informed by the context already laid out and a 3.1 Data Ecosystem
strong belief that data is the lifeblood of digital Delivering on this vision requires PSBs to
transformation and decision making, the vision adopt a holistic and cohesive approach to a
presented in this strategy seeks to improve the target state data ecosystem replacing the
treatment of data held by the Public Service largely un-coordinated data landscape in
in a secure, open and transparent way for the existence today.
benefit of citizens, businesses, and PSBs.
Figure 2 illustrates a high level view of the
By taking a whole-of-system approach to target state data ecosystem supporting
data management within the Public Service the once-only-principle. Key to achieving
the vision is to create a coherent ecosystem this target state is reducing the number of
where PSBs can confidently exchange data to independent copies of data being collected
support improved service delivery and policy and maintained by PSBs. Through the
creation. The target data ecosystem described establishment of base registries, managed by
in this strategy ensures that data exchange is the appropriate PSBs, authoritative sources of
performed in a legal, transparent and effective data will be created, facilitating efficient and
manner. legal reuse of data across the Public Service.
8OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
Trusted Identifiers &
Governance and
Base Registries
Standards
PSB A
PSB F
LOCAL
DATA
BASE
REGISTRY
PSB B
LOCAL
DATA
Interoperability
Platform
PSB E PSB C
LOCAL LOCAL
DATA DATA
PSB D
Data Analytics LOCAL
DATA
BASE
REGISTRY
Transparency,
& Open Data Data Protection
& Legislation
Privacy & Security
Figure 2: Target State Data Ecosystem for the Public Service
The implementation of base registries will governance and strict controls, the
reduce the need for citizens and businesses to interoperability platform will facilitate a
provide the same information to PSBs again structured approach to data access, which can
and again, and create the opportunity for PSBs be used for cross-departmental data analysis.
to reuse data where appropriate. The reuse of This facility is central to the generation of
data in this manner will assist PSBs in adopting data-driven insights, qualification of outcomes,
end to end digital approaches to delivering and delivery of evidence based decision
joined-up services for the benefit of citizens making across Government.
and businesses.
Data privacy and transparency are core
To achieve this data ecosystem, and to components of our target state data
facilitate the technical interoperability of ecosystem, whereby personal data processing
PSBs, an interoperability platform will be follows a common set of standards and
established, providing a secure, reliable and guidelines. Through the implementation of
consistent way for PSBs to reuse both data this strategy people will be able to find out
and services. The interoperability platform what personal data Government holds on
will form the backbone of machine to machine them, for what reason is it being held, and
inter-Government communications – allowing information as to how that data is processed.
PSBs to discover, manage, and deliver data and
services for service delivery. This data ecosystem will be supported by
legislation in conjunction with the necessary
It is important to note that data and base governance and controls, ensuring a whole-of-
registries will remain with PSBs, while the Government approach to data. Components,
interoperability platform will be used to features and capabilities of the target
discover what data is available and facilitate its ecosystem are summarised below.
reuse, preventing duplication of effort, across
PSBs. • Sharing of personal data will be
underpinned by clear and explicit legislation
By making the data available and reusable and governance to help foster trust between
in this manner, complimented with good citizens and businesses, and Government
9OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
• Designated authoritative data stores, be encouraged to promote the value of data
called base registries, will be established to to support evidence-based policy-making
promote the once-only principle and reduce • Trusted identifiers will enable data to be
PSB data holdings linked across data holdings
• Transparency will be delivered through • Standards and good governance processes
citizen accessible data-sharing agreements, will be implemented to ensure that data is
a Data Portal for citizens to view personal accessed, collected, stored, and transferred
data that Government holds, well- in a consistent and uniform manner by all
architected logging solutions, and the PSBs
publication of open datasets
• An API-led Interoperability Platform 3.2 Benefits
based on a Service Oriented Architecture As evidenced by the vision statement, while
(SOA) will be developed to enable PSBs the primary beneficiaries of initiatives
to cooperate, share and reuse data proposed in this strategy are citizens
and services in an effective, secure and and businesses, there are also benefits
consistent way to be realised for individual PSBs and for
• Driven by a privacy-by-design mind-set, Government as a whole. The graphic below
robust data security solutions and processes summarises the benefits that this strategy sets
will be implemented to help foster out to achieve through both data analytics,
trust between the various actors in the delivering insight and foresight, and through
ecosystem operational use of data.
• A structured approach to data analytics will
Citizens and Businesses Public Service Bodies
• Increased transparency & trust • Secure reuse of data and services across PSBs
• Integrated digital service delivery • Reduced PSB data holdings
• Reduced administrative burden • Less costly, more timely delivery of services
• Better data-driven outcomes • Improved data management practices
• Support for evidence based decision making
• Improved privacy and security
• Ability to link data across data holdings
• Engaged & empowered citizens
• Better data governance/oversight
• Foster innovation across holdings
• More efficient service delivery • Consistent approach to data management
Figure 3: Benefits of the target data ecosystem for Citizens, Businesses and Government
10OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
4
Principles
The principles set forth below will help shape the evolution of a target state
data ecosystem based on transparency, accessibility, and reusability, driven
by the application of standards, trusted identifiers and
secure interoperable solutions enabled by effective
governance, and dealing with data protection as a Transparency
cross cutting concern.
Privacy Reusability
4.1 Data Transparency Security
Principle 1: Data is discoverable by citizens, Data
businesses and the Public Service
Governments are increasingly collecting,
Protection
storing and processing large volumes of
data across the public sector through the Analytics Governance
provision of public services. In order for
citizens, businesses and PSBs to leverage the
benefits of data, it must be made discoverable, Digital
identifiable and understandable.
Making data and services more easily
Figure 4: Data principles at a glance
discoverable will increase knowledge of
data and services held, and in turn facilitate Principle 2: Data is processed in a transparent
reuse. To support this, where appropriate, manner
Government must build and publish catalogues In order to provide the type of joined-up
that enable interested parties to locate, services and information/insight expected,
understand and use the data and associated Government not only requires data to be
services. collected from citizens and businesses but
11OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
should where permitted share this data Implementing the Once-Only principle, by
amongst PSBs in a secure and effi cient manner. ensuring that citizens and businesses supply
While most users of Government services the same information only once, and reducing
would welcome the introduction of such the number of independent copies of data
improved integration, it raises the question of held in the Public Service, will promote
trust with respect to processing of personal sharing and reuse of data and common
data. services to improve service provision and
decision making.
To ensure data is processed in an appropriate
manner throughout Government, personal Through adherence to the once-only principle,
data must be processed in a way that is use of base registries and removal of
transparent to citizens, providing a window redundant or duplicate data sets, PSBs will
into what data is held, shared and processed only capture data that has not already been
across the Public Service. collected by the Public Service. This data will
be reused as opposed to recollected where
Principle 3: Data that can be made public there is a legal basis to reuse it.
should be made public
Openness and transparency is a key Principle 5: Data is accessed and maintained
Government priority and the Open Data via base registries
Strategy1 contends that opening up The European Interoperability Framework
Government data will empower citizens and describes base registries as “reliable sources of
businesses, foster innovation and reform basic information on items such as persons,
Public Services. companies, vehicles... that are authentic and
authoritative”.
In the spirit of openness and transparency,
PSBs should catalogue and publish appropriate Implementing base registries of data that
datasets where legally permissible, whilst are reliable, transparent, timely, and of high
taking into consideration Government’s quality, will establish authoritative single
obligations to protect the confidentiality of sources of truth, promote minimisation and
citizens and businesses. facilitate reuse across PSBs and make it easier
to audit data and its usage due to reduced data
4.2 Data Reuse holdings.
Principle 4: Data is reusable
Data must be reusable by all actors in the Data that is already collected and stored in a
ecosystem, in line with legislation, in order to base registry must be accessed and maintained
deliver integrated services and insight with by PSBs via that base registry. This will help
efficiency to businesses, citizens and policy reduce administrative burden on businesses
makers. and citizens having to resupply data and to
reduce independent copies of data being held
Data reuse must respect data minimisation. among PSBs.
Such reuse must adhere to a policy of
“assertion over access”, where reuse is in the Principle 6: Data is accessible through APIs to
form of making checks or queries on the support interoperability
status of data, only returning true or false In order to deliver a joined-up Public
responses. Where data access is required, the Service, IT systems must facilitate technical
minimum amount of data is shared and held interoperability - having the ability to connect
for the minimum amount of time required. to each other and speak the same language.
APIs should be used to facilitate this
interoperability. An API (Application
Programming Interface) is a modern best-
1 https://www.per.gov.ie/wp-content/uploads/Draft-Open-Data-Strategy-2017-2022.pdf
12OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
practice machine-to-machine mechanism to PSBs must ensure privacy and respect the
facilitate technical interoperability, supporting confidentiality and integrity of the data by
service and data access. demonstrably processing data in line with
legislation.
The use of APIs enables PSBs to expose
data and related services in a controlled and Personal data must be collected for specific,
structured manner, supporting inter and explicit and legitimate purposes only, and
intra PSB interoperability. This facilitates must not be further processed in way that is
the delivery of joined up Public Services, incompatible with those purposes. In order
and underpins the principles of reusability, to demonstrate compliance, PSBs must make
transparency and discoverability. APIs will relevant audit data available to citizens and
act as a key building block, upon which, the businesses to view.
envisaged whole-of-Government ecosystem is
built. The proposed Data-Sharing and Governance
Bill is designed to protect citizen’s privacy
4.3 Data Governance and Controls by establishing a prescriptive framework
Principle 7: Data is demonstrably processed in in legislation for governance, oversight and
line with legislation transparency of data processing within the
Citizens and businesses must be confident that Public Service. PSBs will process data in line
their interactions with Government are secure with this Bill once enacted.
and in compliance with all relevant regulations.
13OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
Principle 8: Data is effectively governed improvements in data quality, timeliness,
Data must be effectively governed through a privacy controls, consistency and reduced
formal system of accountability, designed to citizen overhead.
enforce proper management of data assets and
the performance of data-related functions. PSBs must by default, collect data digitally
at the first point of citizen and business
Good data governance will be delivered engagement, not only with respect to
through a whole-of-Government set of rules, transactional Government services but also
standards, guides, tools, policies, procedures, for survey responses, statistical analysis, etc.
roles and responsibilities that guide the overall Introduction of a modernised and extensible
management of Government data. digital data collection platform for surveys by
Government will assist PSBs in realising these
A Data Governance Board will be established benefits sooner.
to direct, oversee and drive data governance
across the Public Service. Through good data 4.5 Data Analytics
governance, PSBs will ensure that their data Principle 10: Data is used to support evidence-
are accurate, consistent, complete, available, based decision making
discoverable and secure. Data is the foundation of decision making and
the basis for accountability. In order to effect
4.4 Digital good policies and provide useful statistical
Principle 9: Data is collected and processed insights, data must be used to support
digitally evidence based or informed decision making.
The benefits of a digital-first approach to Evidence-based decision making, whether by
Government services are well documented Government, business or the general public,
but much data is still collected and processed is reliant on directly available quality data or
on handwritten and paper based forms or insights derived through research.
standalone electronic systems that do not
improve downstream processes. PSBs need to The vision espoused in this strategy
adopt a digital-by-default strategy to realise promotes better treatment of data through
INFORMED
DATA INFORMATION KNOWLEDGE DECISION
MAKING
creates which generates and leads to
Figure 5: Data used to support evidence-based decision making
14OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
improved data management, governance and modification or deletion, regardless of the
architecture, where quality data improves and intent and a clear approach defined for secure
feeds into evidence based decision making for handling of this data.
the benefit of citizens, businesses and PSBs.
By adopting a privacy-by-design mind set,
4.6 Data Privacy and Security robust data security solutions and processes
Principle 11: Data is processed in a secure and will be implemented to help foster trust
private manner between the various actors in the ecosystem.
It is imperative that appropriate security By treating privacy as a design concern, rather
measures are implemented to ensure data is than a regulatory or compliance burden, this
protected to greatest extent possible. Personal will ensure that privacy is considered up-front
data must be secured and protected from and built into these solutions at design stage,
unauthorized internal or external access, to help alleviate privacy concerns and promote
data protection compliance.
15OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
5
Strategic
Themes
Realisation of the stated vision will be guided • Adequate, relevant and limited to what is
by the principles outlined above and a set necessary in relation to the purposes for
of strategic themes that illustrates how which they are processed
Government will go about achieving this vision. • Accurate and, where necessary, kept up to
date
Each of the themes described have a strategic
• Kept in a form which permits identification
focus and include a set of defined actions
of data subjects for no longer than is
to signal how we intend to manage, govern,
necessary for the purposes for which the
architect, share and re-use data in a secure,
personal data are processed
efficient and transparent way.
• Processed in a manner that ensures
5.1 Protection and Legislation appropriate security of the personal
data, including protection against
The protection of data is a pervasive theme
unauthorised or unlawful processing and
and a cross-cutting concern throughout the
against accidental loss, destruction or
Public Service. All processing of personal data,
damage, using appropriate technical or
is subject to the provisions of the General Data
organisational measures
Protection Regulation (GDPR) and the Data
Protection Act of 2018. PSBs must adhere to In line with these principles and obligations,
these obligations, which spring from the core the proposed Data Sharing and Governance
principles of data protection as listed in Article Bill makes the following strategic decisions in
5 of GDPR, summarised below. regards the introduction of national legislation
to include the following:
• Processed lawfully, fairly and in a
transparent manner in relation to the data • The sharing of personal data between PSBs
subject is provided for with a clear and explicit
• Collected for specified, explicit and legislative basis
legitimate purposes and not further • Strategic data management infrastructures
processed in a manner that is incompatible and standards applying to the Public Service
with those purposes will be underpinned by legislation
16OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
• Governance controls and processes in that the governance and management of
relation to data management within the data is critical to ensuring data quality, as
Public Service are to be put on a legislative is the implementation of the necessary
footing. infrastructure to allow sharing of data
between PSBs”.
• Transparency processes and obligations
relating to personal data processing within
the Public Service to be put on a legislative Implementation of this strategy across the
footing Public Service will include the introduction of
a set of standards and guidelines, in line with
Actions GDPR Article 40, helping to drive a uniformity
• Complete the Data Sharing and Governance of approach to data management for all PSBs.
Bill and bring it into law Adoption and implementation of appropriate
• Create a framework to support PSBs in standards and guidelines will support the
sharing data in line with the Data Sharing reuse of data, in line with legislation, in
and Governance Bill order to deliver joined up services, and
• Each PSB that processes personal data will support analysis for policy formation and
work with their Data Protection Officer to evaluation.
ensure their data processing practices are
demonstrably in line with data protection A Data Governance Board will be established
legislation, including the assessment of to formalise a long-term governance structure
risk associated with such processing as for the Public Service, through which the
appropriate development and implementation of data
management standards, guidelines and
5.2 Governance and Standards activities can be overseen. The board will also
Data governance with the appropriate be responsible for promoting the compliance
standards and guidelines is necessary to build of PSBs with the introduced standards and
a system of accountability combined with guidelines.
proper management of data assets. Such
governance and standards include rules, Actions
policies, procedures, roles, and guidelines, • Establish a Data Governance Board to
which combine to create an environment oversee and monitor data management
promoting data accuracy, consistency, practice within the Public Service with
completeness, availability, transparency and appropriate supports
security. • Define and publish a set of standards and
guidelines, in line with GDPR Article 40,
It encompasses the people, processes, addressing areas of data management
and technology used to ensure that key
information delivered throughout the Public 5.3 Privacy and Security
Service is appropriately defined, used and The Data landscape is rapidly evolving with
maintained in order to deliver integrated the proliferation of new and different kinds
digital services for citizens and businesses. of threats emerging. Now, more than ever,
Effective governance and standards also governments must take actions to identify
underpins the right data being processed in and protect the citizen and business data
the right way – a cornerstone of maintaining which they process.
trust with Government.
By adopting a privacy-by-design mind-set,
Underlining its importance, the Public Service PSBs will implement robust data security
ICT strategy encourages PSBs to “recognise solutions and processes that will help
17OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
foster trust between the various actors • Data protection roles
in the ecosystem. By treating privacy as a • User Access and Authentication Controls
design concern, rather than a regulatory • Appropriate virus-checking software and
or compliance burden, we will ensure that firewalls
privacy is considered up-front and built into • Backup and recovery policies to counter
systems at design stage. data loss, data corruption and data
encryption
GDPR establishes “privacy by design” and • Intrusion detection systems and procedures
“privacy by default” in law and requires that • Logging and audit procedures
systems take account of privacy and security
considerations from the outset. While Implementing the appropriate controls which
GDPR doesn’t apply to all types of data, all govern who can access data is at the heart of
citizen and business data of a sensitive or data security and privacy. A consistent and
confidential nature, should also be subject robust method for Identity and Access
to such considerations. Examples of these Management (IAM), authenticating users,
considerations are listed below. should be employed across Government for
access to data. PSBs should use the MyGovID
• Policies, guidelines and procedures service to protect online access to citizen data.
governing information security, both
physical and electronic A planned initiative under this strategic theme
• Privacy-by-design controls, e.g. least is the implementation of Digital Postbox, a
privileges basis. mechanism for secure delivery and storage
• Data breach procedures of data. The Digital Postbox will over time
• Risk assessments support citizen access to all Government
18OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
communications in a single, safe and secure businesses in a digital manner. Such forms
digital platform, and is designed to serve should support pre-population of data where
as an alternative to paper post for reasons appropriate. Opportunities for a shared
of cost and efficiency. It is expected that PSBs service approach to the provision of online
will adopt the Digital Postbox as the default self-service forms should be considered.
communication channel between Government
and citizens, similar to EU exemplars like UI/UX plays an important role in ensuring
Denmark. effective quality data collection at source,
as does the adoption of a more consistent
Actions look and feel across Government services.
• Publish privacy-by-design and security To aid PSBs in access to UI/UX skills and
guidelines for which PSBs must have resources, we will seek to establish a UI/
regard, and apply in the context of public UX procurement framework. To assist in
tenders building a more consistent look and feel for
• PSBs to implement appropriate security Government online, a UI/UX style guide will
and privacy measures to comply with Data be considered.
Protection obligations
• PSBs should ensure that personal data is Actions
protected online at point of access and • PSBs to adopt digital data collection as
collection via the use of MyGovID the default method of collection where
• Implement a secure cross-agency Digital appropriate, while exploring opportunities
Postbox solution for a shared service approach
• Develop a secure platform for online
5.4 Digital Collection surveys that has general applicability to
As we strive to advance both the multiple surveys and is capable of scaling to
Government’s digital agenda and introduce accommodate very large surveys, including
initiatives to improve the overall treatment of the Census
data, we must consider strategies to improve • Establish a UI/UX procurement framework
data collection and storage. In response, to assist PSBs in accessing UI/UX skills
this strategy proposes the introduction of a and consider establishing a Government
modernised and extensible data collection UI/UX style guide for online content. This
platform, along with a concerted move to a will help build a more consistent look and
digital-by-default data collection strategy. feel to Government online, including data
collection and input forms
A data collection platform will be established • Develop a platform for online self-service
for use by PSBs for electronic and online forms that meets the needs of PSBs seeking
surveys. The goal is to reduce respondent to collect non-complex data as part of an
overhead for citizens and businesses in surveys administrative process
suitable for online collection while providing
a consistent approach to security and user 5.5 Interoperability
interface. The platform must be designed for Delivery of integrated digital Public Services
scalability, incorporating implementation of requires PSBs to cooperate and reuse data
the Online Census. and services in an effective, structured,
consistent and transparent way. By embracing
PSBs will continue the move towards digital an API approach for Government, data and
through online interactions with citizens and services can be exposed for reuse in a secure,
business. The development of self-service consistent manner, leading to the delivery of
forms should be progressed by PSBs ensuring more joined-up, efficient public services for
that data is collected from citizens and citizens and businesses.
19OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
Revenue
API API
User
Management
API
HSE API Welfare
API Security Logging
Interoperability
Platform
Discovery Reporting API
API Agriculture
SUSI
Transparency
API
API API
Passports
Figure 6: Interoperability Platform
The European Interoperability Framework • Consistency of approach to technical
(EIF) is defined as “an agreed approach to measures employed to reuse data between
interoperability for organizations that wish PSBs
to work together towards the joint delivery • Supports secure transport and authorised
of Public Services…”. The EIF promotes access to data for reuse
reusability as a driver for interoperability and • Promote awareness and facilitate the
includes elements such as integrated service discovery of data and services available for
delivery; reuse of data and services; catalogues reuse via an API discovery portal
describing reusable services; Governance; • Provide appropriate management plane
security and privacy. to allow PSBs to monitor and control how
their data is being used and manage the life
Aligned with the EIF interoperability levels cycle of their associated interface end-
(legal, organisational, semantic and technical), points
we propose developing a Data Interoperability • Support API led service design for PSB data
Platform that will be architected to promote reuse, and become the default method of
reuse, where PSBs will share common data and exposing APIs for PSB data and service
services in a consistent and uniform manner. It exchange
will be designed as an API-led Service Oriented
Architecture with APIs published to expose The diagram above demonstrates how data
data and services within the Government and services will remain with PSBs, the
ecosystem. The Interoperability Platform interoperability platform, via the use of APIs,
aims to achieve at least the following and will will be used to discover what data is available
be guided by the success and learnings from and facilitate its reuse, preventing duplication
similar platforms such as Estonia’s X-Road and of effort across PSBs.
Altinn in Norway.
20OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
While there may be limited merit in to the generation of data-driven insights,
implementing APIs for some legacy systems, qualification of outcomes and delivery of
all new systems should implement APIs by evidence based decision making.
default. Furthermore, existing APIs should
be considered for incorporation into the The supply side is driven by other aspects
interoperability platform. of this strategy document such as the Data
Interoperability Platform, the establishment
Actions of Base Registers, Data Catalogues, and so
• Incrementally develop an Interoperability on. The best practice architecture approach
Platform and supporting guidelines and
to facilitating the demand for analytics is a
processes to support interoperability
data warehouse (or data lake) which allows
data to be processed without compromising
5.6 Analytics
operational systems. However, this type of
Analysis of data has enormous potential
approach is likely to result in concerns from
to improve the precision and outcome of
citizens and data controllers regarding large
policy formulation and decision making for
amounts of data being held in a single location
Government. The opportunities for data
for potential rather than specific processing
analytics are growing both on the supply side
(doing more with the growing volume of data) purposes.
and the demand side (policy and operational
questions and issues that data can help Government proposes to take a more granular
inform). approach to establishing a platform for data
analytics that balances better facilitation
The availability of accurate and timely of analytics with the obligations of data
Government data, combined with a developed controllers by implementing secure virtual
capability to analyse it, controlled by well- “Data Rooms”, based on similar CSO practices,
defined governance processes are central as outlined below.
21OGCIO Department of Public Expenditure and Reform | Public Service Data Strategy 2019 – 2023
The Public Service Data Strategy is a
comprehensive multi-year, multi-department
strategy that sets out a series of ambitious
goals and actions to deliver on a target state
data ecosystem for Government.
22You can also read
