Data Protection Law and Policy Factor Impact on Public Trust in e-Government System in Developing Countries Dr. Ghimire, Tek Joint Attorney Office of Attorney General, Nepal ICT is an effective tool for good governance • Maintaining good governance in a country is not possible without effective application and sustainable management of information and communication technologies (ICT) in public service sector (Hazlett & Hill, 2003). • ICT application helps to provide time and cost effective service, ubiquitous monitoring process and omnipresent public service for all. Because of these services ICT provides e-Government system has gained popularity. e-Government • e-Government is an efficient use of information and communication technology (ICT) by the government for the functioning and support of its operations (Ghimire,2011) – Facilitates interconnection between the government and its agencies (G2G), Government and citizen(G2C) and Government and business (G2B), (Mousavi et. al. 2008) – Helps to reform the management of public administration (wescott, 2003), boosts up government ability to reach to the downtrodden people(Al-adawi et.al. 2005), strengthens citizen participation and trust of government (info Dev, 2008) e-Government-2 – Improves quality of service (Teicher et. al, 2002; Moon 2002) – Increases government efficiency and effectiveness by streamlining the process (Andersen, 2009) – Reduces the layers of bureaucracy and fosters transparency (Pina et al., 2007) and accountability – Helps revenue growth (Basu,2004) and enhances the research capability by strengthening the digital resource management. – Reduces corruption in several ways: it takes away discretion, thereby curbing opportunities for arbitrary action (Bhatnagar, 2003) – After all e-Government is imperative to maintain trustful relationship between the government and its constituencies e-Government-3 • e-Government is no longer option; it is inevitable (Patterson &Honson,2001), the question for the governments now is not whether they are going to provide electronic service but how and when they are providing ? • E-Government infrastructure comprises good infrastructure for network and adequate legal regulatory management including the issues of information security, digital privacy, and the management of private and public data e-Government in Developing Countries • Most of developing countries do have “deficient eGovernment capacity” since they fall into the poorest groups in the world. Many of them have geographical adversity, socio-economic as well as socio legal matching problems (Banerjee et al.,2004). • Nepal is one of South Asian developing countries with “minimal e-Government capacity.” Flawed by corruption (CIAA, 2008) political instability, (Baral & Bhurtyal, 2010) inefficient bureaucratic practices, (time insensitive and risk avoiding culture (Shrestha, 2009) it has been a difficult task for the government of Nepal to transform its administration into digital form e-Government in Developing Countries-2 • The NID project, once completed, will provide through a single portal multiple services like quick retrieval of information of the citizen and will facilitate public services such as health, education, welfare benefits, passport control, tax, voting, criminal records, utility bills, land records, government services with a unique NID (Adhikari, 2009). • Developing countries generally lag behind in a modern education system that can build robust human capital (Salman, 2004). Insufficient knowledge can lead to misuse of the electronic processes hindering the potential benefits of ICT use. Heavilycentralized management approach is another problem which usually forces organizations to accept limited information security solutions (Atiyyah, 1999). e-Government in Developing Countries-3 • Most of the developing countries have in “deficient eGovernment capacity” since they have differences with respect to geographical adversity, infrastructure availability throughout their territory, socio-economic standard and technology application managerial capacity. • The gap between haves and have not’s is wider in developing countries in comparison to the developed society (Basu, 2004). • Inadequate legal framework, complex legal regulatory procedures and absence of proper competent legal regulation executing agencies are also the common problems in developing countries (Kiskis & patrauskas, 2003). Critical Success factors of e-Government System • Public trust which enhances both stakeholder’s participation and system adoption is one of the critical success factors for e-Government system. • System adoption and stakeholder’s participation foster sustainability in e-Government system. Therefore, for effective application and sustainable management of eGovernment in developing countries, it is essential to investigate the factors impact on cultivating public trust in e-Government system. • Secured seamless communication and information flow and data management are the fundamentals of an effective application and sustainable management of eGovernment. Critical Success factors ….. • According to info Dev (2002), the issue of trust in eGovernment involves two aspects: privacy and security. • Privacy is about managing personal information transaction that the government collects about individuals, while security is about protecting internet technology using in e-Government service from attack, misuse and threat of loss of data. • In the online environment, trust is one of the fundamentals for establishing good relationship between service providers and the recipients (Palvia, 2009) since information transaction over the internet has a greater chance of uncertainty and risk (Belanger & Carter, 2008). Critical Success factors………… • Security and privacy protection issues are identified as supply side barriers for effective implementation of e-Government system (Raab, 2004) • Reasonable assurance of not being victimized by illegal activities during information transaction between eGovernment constituents is needed. In this regard, it is important to obtain sufficient safeguards in order to ensure security, data and privacy protection. • Citizens are not likely to use e-Government service if there is no assurance that their personal data will not be misused and no change of unwanted secondary use will be made to it (Lau, 2003). Critical Success factors…….. • Trust model literatures emphasize the importance of secured e-Government services (Tassabehji et al., 2007; Lee and Rao, 2007). Empirical studies have found the lack of trust as a significant barrier to the adoption of eGovernment (Cremonini and valeri, 2003). • Therefore, comprehensive legal and regulatory framework, client friendly procedures and strongly motivated administration to enforce law are important preconditions for a country’s prosperity by means of effective application of e-Government system (Caine, 2004). Digital Privacy • Informational privacy can be understood as “right to be let alone,” the right of controlling information about oneself and, conversely, the right to prevent nonconsensual access to information about oneself (Al-Fedaghi, 2007). • An individual has the right to control the conditions under which information pertaining to him is collected, used, and disseminated (US DOC., 1995). Governments must ensure that e-Government is preceded by changes in the legal system to protect information and privacy in the digital age. • Right to privacy is internationally recognized human right according to Article 12 of the Universal Declaration of Human Rights 1948 and Article 17 of the International Covenant on Civil and Political Rights (ICCPR). Digital Privacy-2 • The government as a system manager has a big challenge to protect personal privacy by obtaining various preventive and curative measures such as security threads and assurance of compensation for the victims and so on. • The loss of confidence in government’s ability to protect individual’s confidentiality has a serious consequence for citizen’s trust and participation in e-Government system(Mullen, 2004). • Data Privacy related laws and regulations shall be enacted and implemented targeting both private and public sectors. Furthermore, government websites that collect private information from third parties shall adopt a data privacy policy establishing the principles by which such data is collected, stored and used (Mohammad, 2004). OECD Recommended Principles for Protection of Personal Data + • Collection Limitation Principle – There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. • Data Quality Principle – Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, compete and kept up-to-date. • Purpose Specification Principle – The purposes for which personal data are collected should be specified not later than at the time of collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. OECD Recommended Principles for Protection of Personal Data-2 • Use Limitation Principle – Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with the consent of the data subject; or by the authority of law • Security Safeguards Principle – Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data • Openness Principle – There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. OECD Recommended Eight Principles for Protection of Personal Data-2 • Individual Participation Principle – An individual should have the right:(a) to obtain from the a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him (c) within a reasonable time; (d) at a charge, if any, that is not excessive( e) in a reasonable manner; and (f) in a form that is readily intelligible to him;( g) to be given reasons if a request made under sub-paragraphs (a) and (b) is denied, and to be able to challenge such denial; and(h) to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended • Accountability Principle – A data controller should be accountable for complying with measures which give effect to the principles stated above Data protection issue in UN e-Government Survey 2012 • One-stop government oft en requires the adaptation of laws to make e-government solutions legally binding • Among the legal issues to be investigated for a successful one-stop government are: data protection, access to sensitive data, networking of authorities and databases, equal opportunities, electronic signature, etc. • A central challenge of one-stop government is the need to strengthen confidence in data privacy and security measures, for example by allowing citizens to verify the accuracy of personal records Data protection issue in UN e-Government Survey, 2012 • A central challenge of one-stop government is how the new technology can be used not only to increase efficiency for public administration, but also to strengthen confidence in privacy measures by creating mutual transparency between public administration and citizens • For example, while secure systems are needed to impede unauthorized access to data, such personal data must be made accessible to a citizen who wishes to verify the use, authenticity and accuracy of his or her own personal data. Data protection issue in UN e-Government Survey, 2012 • Creating a trusted framework for digital authentication is also a crucial factor in assuring the integrity of online and mobile financial transactions. Digital signature is only a beginning. Concrete applications have to be developed, and they require a lot more legal changes. • Individual laws, governing both the operation of public administrations and policy-specific issues, have to institute digital signatures as an accepted way of identification and authentication. Right to Information vs. Right to Privacy: Case Study • Juki Net or Residents’ Registry Network System (Jyuminkihondaichou) is a national ID and information system, based on a database in Tokyo, (Japan times, 2007) intended to link personal information consisting of the national 11-digit ID number assigned for all Japanese citizens. • When Japan introduced Jukinet, no agency was established for settling privacy and information security issues. The users were not confident that their data would be secured; therefore, they waged a movement against providing their personal data to the system (UNDESA, 2003). Right to Information vs. Right to Privacy: Case Study-2 • Finally, when the bill related to right to privacy and information security was passed by the Japanese parliament and the agencies were also established to execute those legal regulatory provisions by 2006, the Jukinet adoption has increased and the system has become successful • Different state courts also ruled in favor of people’s right to privacy; they were not now bound to furnish their personal data to the system until and unless the government would address privacy and security issues with strong and confident provision (Japan times, 2007). Comprehensive ETA in Singapore • Shrivastava & Teo, (2005) claim that Singapore is the first country to enact comprehensive legal regulatory instruments for cultivating trust in public information system. • Singapore’s Electronic Transactions Act (ETA) of 1998, enacted by the parliament on 29 June 1998, is one of the earliest enactments of a cyber act in the world that covers not only digital and electronic signatures but also electronic records, electronic contracts and is applicable to all kinds of electronic communications (Basu, 2004) • The ETA addresses some of the important issues necessary for providing a conducive cyber-related environment like commercial code for e-commerce transactions, use of electronic applications for public sector, liability of network service providers and provision of Public Key Infrastructure (PKI). Reviews and reports show that Singapore has achieved the targeted goal of e- Government adoption by assuring reliable and trustworthy public information system by strengthening regulatory mechanism. PIA system in CANADA • Canadian Government Departments have conducted privacy impact assessment policy (PIA) in order to determine whether privacy issues are raised by proposals for new programs and services or by a substantial redesign of a program or the way it is delivered to the public. It is based on privacy principles common to all data protection régimes . • These principles are enumerated in the "Code of Fair Information Practices." PIA takes a close look at how government departments or e- Government administrators protect personal information as it is collected, stored, used, disclosed and ultimately destroyed. PIA system in CANADA-2 • PIA provides a framework to ensure that privacy is considered throughout the design or re-design of programs or services. Privacy implications and risks may arise because of the intra-institutional, inter-institutional or cross-jurisdictional flow of personal information. . Comprehensive e-application laws in South Korea • From the regulatory management perspective, public information regulation system of South Korea can be taken as public private partnership (PPP) based regulatory management • Korean Government has paid attention to establishing a good legal system to form the initial stage of e-Government application by enacting Framework Act on • Informatization promotion 1998, Electronic Signature Act 1999, Framework Act on Electronic Commerce 2000, Act on Promotion of information and Communications Network Utilization and Information Act 2001, Protection of communication secrets Act 2002 and so on. Comprehensive e-application laws in South Korea-2 • In June 1999, the Ministry of Government Administration and Home Affairs and the Ministry of Information and Communication jointly established the ‘comprehensive plan for eGovernment and a more systematic framework for Korean government service system. • A policy has been provisioned for cyber security management through the (ADR) committee comprising both public and private sector for dispute settlement and promoting user involvement opportunity (Ryou, 2006). • Alternative dispute resolution (ADR) system was introduced as a remedy for personal information infringement (Changbeom, 2005). Such a provision gives opportunity to the victimized person/organization to involve them and nominate a trusted representative in the dispute settlement committee. Data Protection provision in German • Data protection Act in Germany is one of the best enactments of legal regulation to enhance citizen’s confidence to the digital public information system. • Personal data can only be raised, stored and used in a restricted manner by informing the concerned individual about the purpose and prospective use of collected personal data (Wittkemper, 2003). References • Adhikari, G. P. (2009), Issues in National Identification Database System of Nepal,Proceedings of the 3rd International Conference on Theory and Practice of Electronic Governance, ICEGOV '09, vol. 322 • Andersen, T.B. (2009), E-Government as an Anti- Corruption Strategy, Information Economics and policy Vol. 21, Issue 3, pp.201-210 • Atiyyah, H. S. (1999), Public Organizations’ Effectiveness and Its Determinants in a Developing Country, Cross Cultural Management: An International Journal,Vol. 6 Number 2, pp. 8-21 • Banerjee, P. and Chau P.Y.K. (2004), An Evaluative Framework for Analyzing e-Government Convergence Capability in Developing Countries, Electronic Government, an International Journal, Volume 1, Number1, 29-48 • Baral, R., & Bhurtyal,D. M. (2010), Nepal ICT Policy, Challenges and Opportunity,Presented Paper in Workshop on ICT Policy in Developing countries, University of Manchester, 25th March, 2010 References • Belanger, F., & Carter. L. (2006), The effects of the Digital Divide oneGovernment: an Empirical Evaluation, Proceedings of the 39th AnnualHawaii International Conference on System Science. • Belanger, F., Carter, L. (2008), Trust and Risk in e-Government Adoption, Journal of Strategic Information System, Vol. 17, Issue, 2 • Bhatnagar, S. (2004), E-Government: from Vision to Implementation: A practical Guide with Case Studies, E-Book, available at http://www.amazon.co.uk/gp/product/0761932593/ ref=sib _rdr_dp accessed on 12 January 2009 • Chatzidimitriou, Marios and Adamantios Koumpis (2008), Marketing Onestop E-Government Solutions: the European OneStopGov Project. IAENG International Journal of Computer Science, 35:1, IJCS_35_1_11.(Advance online publication: 19 February). References • Commission for the Investigation of Abuse of Authority, (CIAA), 19th Annual Report, (2008,) Available athttp://www.ciaa.gov.np/report/19th_annual_report/19%20Annual%20Re port.pdf accessed on 12 April, 2010 • e-Government: an Empirical Evaluation, Proceedings of the 39th AnnualHawaii International Conference on System Science • Ghimire, Tek Bahadur, (2011), Ph. D. dissertation on Regulatory policy factor impact on public trust in e-Government system in Nepal, submitted to Seoul National University, Information technology policy program, South Korea. • Hazlett ,S.-A and Hill, F. (2003), e-Government: the Realities of Using IT toTransform the Public Sector, Managing Service Quality, Volume 13, No. 6, • http://www.americanchronicle.com/articles/view/87483 accessed on 12 April, 2010 References • Info Dev E-Government Handbook for Developing Countries (2002), available athttp://www.infodev.org/en/Document,16 pdf, accessed on 12 July 2009 • Info Dev.,E-Government Toolkit and Portal, (2008), available at; htt://egov.sonasi.com, accessed on 15 December 2012 • International Review of Law, Computers & Technology, Vol.18: Number 1, pp. 109 — 132 • Kiskis & Petrauskas, (2003), E-Governance: Two Views on Legal Environment, Lecture Note in Computer Science, Springer Berlin/Heidelberg available at http://www.springerlink.com/content/ • Kubicek, Herbert and Martin Hagen (2000), One-Stop Government in Europe: An Overview, University of Bremen • lnu9dgpph14ykahf/ accessed on12 January, 2008 References • Palvia, P. (2009), The Role of Trust in E-Government Relational Exchange: A • Patterson, D., & Hanson, W. (2001), 21st Century Government: Principles for • Pina, V., Torres,L, & Acerete,B. (2007), Are ICTs Promoting Government Accountability? A Comparative Analysis of e-Governance Developments in 19 OCED Countries, Critical Perspective on Accounting Vol.18, Issue 5,pp. 583-602 • Services: Key Questions and Solutions Analyzed through 40 Case Studies Collected in Europe, École des Hautes Études Commerciales de Busson, Alain and Alain Keravel (2005), Interoperable Government Providing Paris • Sethi, Neerja and Vijay Sethi. E-Government Implementation: A Case Study of Dubai E-Government, E-Government in Practice. • Shrestha, H. P. (2009), The evils of the Nepalese Bureaucracy, American Chronicle, News article published on 12 January, 2009, available at References • Moon, M.J. (2002), The Evolution of e-Government Among Municipality: Rhetoric or Reality? Public administration review, 62, (4), 422-433 • Mousavi, S. A., Pimenidis,E., & Jahankhani,H., (2008), Cultivating Trust- an Electronic –government Development Model for Addressing the Needs of Developing Countries, International Journal of Electronic Security and Digital Forensics, Vol,1,NO.3,ppSolms R. V. (1999), Information Security Management: Why Standards are • Teicher F., Hughes.O. and Dow N. (2002), E-Government: A New Route toPublic Sector Managing Service Quality, Volume 12, No 6, pp. 384-393 • Transformation Government Technology, Available at • Unified Model, Information and Management, Vol. 46, Issue 4, pp 213-220 References • Wescott, C., Pizarro, M., & Schiavo-Campo, S. (2001), The Role of Information and Communication Technology in Improving Public Administration, Book chapter, available athttp://www.adb.org/Documents/Manuals/Serve_and_Preserve/Chapter19 .pdf accessed on 25 October 2009. • Wescott, C.G. (2003), E-Government and the Applications of Technology to Government Service, Working Paper of Pacific Basin Research Center, available at http://www.adb.org/Documents/Papers/EGovernment/egovtechgov.pdf accessed on 26 Nov 2009 Thank You Very Much for Your Kind Attention and Interactive Participation ??? teksnu@gmail.com