Protecting citizens' sensitive personal data
Governments have a duty of care to educate their citizens on protecting their identities and personal data. In addition, many governments also need to provide solutions that protect the data related to citizens' government identities, used by citizens themselves or by government departments, utilities or enterprises. A key part of this protection must be the provision of a reliable way to correctly perform mobile authentication and validation of an individual's digital identity.
Effective security solutions must therefore be the backbone of increasingly interconnected and complex ecosystems, to ‘enable public and private sector agencies to act on real-time information and deliver improved services to citizens and businesses1.
The issue is, existing technology and security infrastructure are under increasing strain to meet the rising demands of smart citizens using smartphones to manage their daily transactions with government institutions and utility companies. Government ‘CIOs’ are therefore testing new technologies and IPS (Intrusion Prevention Systems) to provide seamless access to multiple government online services, ensuring both security and convenience on the go.
The primary challenge for governments in this endeavour is to enable a single know your customer (KYC) capability that can potentially be exposed via a secure API. This will allow government departments and ultimately businesses such as utilities to safely and seamlessly on-board and transact with citizens. This in turn will dramatically enhance the smart citizen’s user experience when engaging and transacting with government products and services.
To enable this digital transformation, and roll out this vision for a smart nation, it is understood that a new framework of ‘digital policies’ will be required in order to fulfil governments’ charter for their citizens. All this is crucial for navigating the potential minefield surrounding the provision of adequate security for citizens’ most sensitive data, such as passport and health records; data that must be protected at all costs.
Drilling deeper, let’s take a closer look at one example of the complexity around identity: portability. Some of the questions surrounding this topic, especially in Singapore where 4.1 million citizens use a smartphone, are:
- How will the government or utility provider initially verify the identity of an individual?
- How will they re-verify the identity of an individual if they get a new smartphone?
- How will individuals with new smartphones continue to transact with the government or utility provider, using the same digital identity?
- Can this individual maintain all these services without having to sign up for them again?
- Can an individual use the same password for all services (Single Sign-On or SSO) securely?
- Can all services which use a ‘government secured identity’ be accessed from one app?