Be-Health Staatsdienst met afzonderlijk beheer
Download
Report
Transcript Be-Health Staatsdienst met afzonderlijk beheer
Strategic importance of
identity and access management (IAM)
The case of the Belgian
social and health sector
Frank Robben
General manager
Crossroads Bank for Social Security
eHealth Platform
Sint-Pieterssteenweg 375
B-1040 Brussels - Belgium
E-mail: [email protected]
Website CBSS: www.ksz.fgov.be
Personal website: www.law.kuleuven.be/icri/frobben
Structure of the presentation
• expectations of the stakeholders of the Belgian social
and health sector
• the Crossroads Bank for Social Security and the eHealth
platform
• advantages for citizens, companies and public
administrations
• strategic importance of identity and access management
• concrete implementation of identity and access
management
• issues with regard to privacy protection and information
security
Frank Robben
2
November 5th, 2009
Stakeholders of the Belgian social sector
• > 10,000,000 citizens
• > 220,000 employers
• about 3,000 public and private institutions (actors) at
several levels (federal, regional, local) dealing with
– collection of social security contributions
– delivery of social security benefits: child benefits, unemployment
benefits, benefits in case of incapacity for work, benefits for the
disabled, re-imbursement of health care costs, holiday pay, old
age pensions, guaranteed minimum income, …
– delivery of supplementary social benefits
– delivery of supplementary benefits based on the social security
status of a person
Frank Robben
3
November 5th, 2009
Stakeholders of the Belgian health sector
• > 10,000,000 citizens
• > 100.000 health care providers (physicians, dentists,
clinical labs, pharmacists, physiotherapists, home
nurses, …)
• > 300 health care institutions (hospitals, rest homes,
nursing homes, …)
• sickness funds
• public institutions
– federal level (Federal Public Service for Public Health, National
Institute for Health Insurance, Belgian Health Care Knowledge
Centre, …)
– regional level
Frank Robben
4
November 5th, 2009
Expectations in the social sector
•
•
•
•
effective social protection
effective support of social policy
effective fraud prevention and detection
integrated services
– attuned to the concrete situation of the citizens and companies,
and personalized when possible
– delivered at the occasion of events that occur during their life
cycle (birth, going to school, starting to work, move, illness,
retirement, starting up a company, …)
– across government levels, public services and private bodies
• attuned to their own processes
• if possible, granted automatically
Frank Robben
5
November 5th, 2009
Expectations in the health sector
•
•
•
•
•
optimal quality of health care
optimal patient safety
adequate support of health policy
patient centric care and empowerment of the patient
integrated services
–
–
–
–
multidisciplinary
holistic
continuous
across health care institutions and health care providers
• remote care (monitoring, assistance, consultation,
diagnosis, operation, …), a.o. home care
• quickly evolving knowledge => need for reliable,
coordinated knowledge management and accessibility
Frank Robben
6
November 5th, 2009
Common expectations in both sectors
electronic services
• with minimal costs and minimal administrative burden
• with active participation of the user (self service)
• well performing and user-friendly
• reliable, secure and permanently available
• accessible via a channel chosen by the user (direct
contact, phone, PC, …)
• with adequate information security and privacy protection
Frank Robben
7
November 5th, 2009
The solution in the social sector
• creation in 1990 of the Crossroads Bank for Social
Security as a coordinator and service integrator, with cooperative governance
• no central data storage
• a network between all 3,000 social sector actors with a
secure connection to the internet, the federal MAN,
regional extranets, extranets between local authorities
and the Belgian interbanking network
• a unique identification key
– for every citizen, electronically readable from an electronic social
security card and an electronic identity card
– for every company
– for every establishment of a company
Frank Robben
8
November 5th, 2009
The solution in the social sector
• an agreed division of tasks between the actors within
and outside the social sector with regard to collection,
validation and management of information and with
regard to electronic storage of information in authentic
sources
• 210 electronic services for mutual information exchange
amongst actors in the social sector, defined after process
optimization
– nearly all direct or indirect (via citizens or companies) paperbased information exchange between actors in the social sector
has been abolished
– in 2008, 686 million electronic messages were exchanged
amongst actors in the social sector, which saved as many paper
exchanges
Frank Robben
9
November 5th, 2009
The solution in the social sector
• 42 electronic services for employers, either based on the
electronic exchange of structured messages or via an
integrated portal site
– 50 social security declaration forms for employers have been
abolished
– in the remaining 30 (electronic) declaration forms the number of
headings has on average been reduced to a third of the previous
number
– declarations are limited to 4 events
•
•
•
•
immediate declaration of recruitment (only electronically)
immediate declaration of discharge (only electronically)
quarterly declaration of salary and working time (only electronically)
occurrence of a social risk (electronically or on paper)
– in 2008, 23 million electronic declarations were made by all
220,000 employers, 98 % of which from application to
application
Frank Robben
10
November 5th, 2009
The solution in the social sector
• electronic services for citizens
– maximal automatic granting of benefits based on electronic
information exchange between actors in the social sector
– 8 electronic services via an integrated portal
• 3 services to apply for social benefits
• 6 services for consultation of social benefits
– about 30 new electronic services are foreseen
• an integrated portal site containing
–
–
–
–
electronic transactions for citizens, employers and professionals
simulation environments
information about the entire social security system
harmonized instructions and information model relating to all
electronic transactions
– a personal page for each citizen, each company and each
professional
Frank Robben
11
November 5th, 2009
The solution in the social sector
• an integrated multimodal contact centre supported by a
customer relationship management tool
• a data warehouse containing statistical information with
regard to the labor market and all branches of social
security
Frank Robben
12
November 5th, 2009
The solution in the social sector
• reference directory
– directory of available services/information
• which information/services are available at any actor depending on the
capacity in which a person/company is registered at each actor
– directory of authorized users and applications
• list of users and applications
• definition of authentication means and rules
• definition of authorization profiles: which kind of information/service can be
accessed, in what situation and for what period of time depending on in
which capacity the person/company is registered with the actor that
accesses the information/service
– directory of data subjects
• which persons/companies have personal files at which actors for which
periods of time, and in which capacity they are registered
– subscription table
• which users/applications want to automatically receive what
information/services in which situations for which persons/companies in
which capacity
Frank Robben
13
November 5th, 2009
The solution in the health sector
• creation in 2008 of the eHealth platform as a coordinator
and service integrator, with co-operative governance and
with the following legal assignments
– to develop a vision and a strategy for effective, efficient and
secure electronic services and information exchange in health
care, with respect for privacy protection and in close cooperation
with the various public and private actors in the health care
sector
– to establish useful ICT-related functional and technical norms,
standards, specifications and basic architecture for using
ICT in order to support this vision and strategy
– to check whether software packages for managing electronic
health records comply with the established ICT-related functional
and technical norms, standards and specifications, as well as to
register those software packages
Frank Robben
14
November 5th, 2009
The solution in the health sector
• creation in 2008 of the eHealth platform as a coordinator
and service integrator, with co-operative governance and
with the following legal assignments
– to create, to manage and to develop a cooperation platform for
secure electronic data exchange with useful basic services
(see hereafter)
– to agree on a distribution of tasks with regard to the collection,
the validation, the storage and the availability of data exchanged
over the cooperation platform and on the quality norms which
those data have to meet, and to verify whether the quality norms
are met
– to promote and to coordinate the realization of programs and
projects which reflect the vision and strategy and use the
cooperation platform and/or its basic services
Frank Robben
15
November 5th, 2009
The solution in the health sector
• creation in 2008 of the eHealth platform as a coordinator
and service integrator, with co-operative governance and
with the following legal assignments
– to manage and to coordinate ICT-related aspects of data
exchange with regard to electronic health records and
electronic care prescriptions
– to act as an independent trusted third party (TTP) for coding
and anonymizing personal health care data for certain
organizations, listed in the law in order to support scientific
research and policy making
– to conduct the necessary changes in order to execute the
vision and strategy
– to organize the cooperation with other public services in
charge of the coordination of electronic service delivery
Frank Robben
16
November 5th, 2009
The solution in the health sector
• no central data storage
• a well secured virtual private network based on the
internet with end-to-end encryption of personal data
between all 100,000 health care actors
• a unique identification key
– for every citizen, electronically readable from an electronic social
security card and an electronic identity card
– for every health care provider
– for every health care institution
• multidisciplinary, high quality electronic patient records
• care pathways
Frank Robben
17
November 5th, 2009
The solution in the health sector
• basic services offered by the eHealth platform on its own
ICT infrastructure
– orchestration of electronic subprocesses
– portal environment including a content management system and
a search engine
– integrated user and access management
– logging
– system for end-to-end encryption
– personal electronic mailbox for each health care provider
– time stamping
– coding and anonymizing for certain organizations, listed by the
law
– reference directory (what, about whom, where – no content!)
Frank Robben
18
November 5th, 2009
The solution in the health sector
Patients, health care providers
and institutions
PortaHealth
AVS
AVS
AVS
AVS
Software health
care provider
Software health
care institution
AVS
AVS
AVS
AVS
Site INAMI
AVS
AVS
AVS
AVS
Portal
eHealth
AVS
AVS
AVS
AVS
MyCareNet
AVS
AVS
AVS
AVS
Users
Basic services
eHealth platform
Network
VAS
VAS
VAS
VAS
VAS
VAS
Suppliers
Frank Robben
19
November 5th, 2009
The solution in the health sector
• basic service
– a service developed and made available by the eHealth platform,
which can be used by an added value service provider for
developing and offering an added value service
• added value service (AVS)
– a service put at the disposal of the patients and/or the health
care providers
– the entity that develops and offers an added value service can
use the basic services offered by the eHealth platform for this
purpose
• validated authentic source (VAS)
– a database with information used by the eHealth platform
– the administrator of the database is responsible for the
availability and (the organization of) the quality of the information
made available
Frank Robben
20
November 5th, 2009
Towards a network of service integrators
Service
integrator
(Corve, EasiWal, CIRB, …)
RPS
RPS
Services
repository
Extranet
region or
commmunity
Services
repository
Service
integrator
(CBSS)
ASS
Extranet
social
sector
ASS
Internet
Municipality
FPS
ASS
FPS
VPN, Publilink, VERA,
…
Services
repository
City
FEDMAN
Province
FPS
Frank Robben
Service
integrator
(FEDICT)
21
Services
repository
November 5th, 2009
Advantages
• gains in efficiency
– in terms of cost: services are delivered at a lower total cost
• due to
– a unique information collection using a common information model and
administrative instructions
– a lesser need to re-encoding of information by stimulating electronic
information exchange
– a drastic reduction of the number of contacts between actors in the
social and health sector on the one hand and companies or citizens on
the other
– a functional task sharing concerning information management,
information validation and application development
– a minimal administrative burden
– a connection to one electronic platform is sufficient for using several
applications
• according to a study of the Belgian Planning Bureau, rationalization of the
information exchange processes between the employers and the social
sector implies an annual saving of administrative costs of about 1.7 billion €
a year for the companies
Frank Robben
22
November 5th, 2009
Advantages
• gains in efficiency
– in terms of quantity: more services are delivered
• services are available at any time, from anywhere and from several devices
• services are delivered in an integrated way according to the logic of the
customer
– in terms of speed: the services are delivered in less time
• benefits can be allocated quicker because information is available faster
• waiting and travel time is reduced
• companies and citizens can directly interact with the competent actors in the
social or health sector with real time feedback
Frank Robben
23
November 5th, 2009
Advantages
• gains in effectiveness: better social protection, higher
quality of health care and higher patient safety
– in terms of quality: same services at same total cost in same
time, but to a higher quality standard
– in terms of type of services: new types of services, e.g.
•
•
•
•
•
automated granting of benefits
active search of non-take-up using data warehousing techniques
controlled management of own personal information
personalized simulation environments
easier referring between health care providers/institutions
– in terms of support of professionals in executing their profession
• better support of social and health policy
• more efficient combating of fraud
Frank Robben
24
November 5th, 2009
Strategic importance of IAM
• reliable exchange of personal data requires sufficient
certainty about the identity of the data subjects
• adequate access control requires sufficient certainty
about
–
–
–
–
the identity of the users
the authentication of the identity of the users
the verification of certain characteristics of the users
the verification of certain relationships between the users and
the data subjects
– the verification of certain mandates of the users
Frank Robben
25
November 5th, 2009
IAM: objectives to be reached
• be able to (electronically)
– identify all relevant entities (physical persons, companies,
applications, machines, …)
– know the relevant characteristics of the entities
– know the relevant relationships between entities
– know that an entity has been mandated by another entity to
perform a legal action
– know the authorizations of the entities
• in a sufficiently certain and secure way
• in as much relations as possible (C2C, C2B, C2G, B2B,
B2G, …)
• using open interoperability standards
Frank Robben
26
November 5th, 2009
Conceptual framework
• entity
– someone or something that has to be identified
– e.g. a physical person, a company, a computer application, …
• attribute
– a piece of information about an entity
• identity
– a number or a set of attributes of an entity that allows to know
precisely who or what the entity is
– an entity has only one identity, but this identity can be
determined by several numbers or sets of attributes
Frank Robben
27
November 5th, 2009
Conceptual framework
• characteristic
– an attribute of an entity, other than an attribute determining its
identity
– an entity can have several characteristics
– e.g. a capacity, a function, a professional qualification, ...
• relationship
– a link between two or more entities
– an entity can have several relationships
– e.g. a therapeutical relationship between a health care provider
and a patient
Frank Robben
28
November 5th, 2009
Conceptual framework
• mandate
– a right granted by an identified entity to another identified entity
to perform well-defined legal actions in her name and for her
account
– an entity can have several mandates
• registration
– the process of determining the identity, a characteristic, a
relationship or a mandate of an entity with sufficient certainty
– before putting at the disposal means by which the identity can be
authenticated, or the characteristic, the relationship or the
mandate can be verified
Frank Robben
29
November 5th, 2009
Conceptual framework
• authentication of the identity
– the process of checking whether the identity that an entity
pretends to have, corresponds to the real identity
– authentication of the identity can be done based on the
verification of
•
•
•
•
Frank Robben
knowledge (e.g. a password)
possession (e.g. an electronic card)
biometrical characteristics
a combination of those
30
November 5th, 2009
Conceptual framework
• verification of a characteristic, a relationship or a
mandate
– the process of checking whether a characteristic, a relationship
or a mandate that an entity pretends to have, corresponds to a
real characteristic, relationship or mandate of that entity
– the verification of a characteristic, a relationship or a mandate
can be done by
• the same kind of means as those used for the authentication of the identity
• or, after the authentication of the identity, by consulting a database that
contains information about characteristics, relationships or mandates related
to identified entities
Frank Robben
31
November 5th, 2009
Conceptual framework
• authorization
– a permission to an entity to perform a defined action or to use a
defined service
• authorization group
– a group of authorizations
• role
– a group of authorizations or authorization groups related to a
specific service
• role based access
– a method of assigning authorizations to entities by means of
authorization groups and roles, in order to simplify the
management of authorizations and their assignment to entities
Frank Robben
32
November 5th, 2009
Choices made in Belgium
• identification number for every citizen and every
company
– characterictics
• unicity
– one entity – one identification number
– same identification number is not assigned to several entities
• exhaustivity
– every entity to be identified has an identification number
• stability through time
– identification number should not contain variable characterics of the
identified entity
– identification number should not contain references to the identification
number or characteristics of other entities
– identification number should not change when a quality or characteristic
of the identified entity changes
Frank Robben
33
November 5th, 2009
Choices made in Belgium
• art. 8, 7 Directive 95/46/EC: "Member States shall
determine the conditions under which a national
identification number or any other identifier of general
application may be processed"
– evolution towards meaningless identification numbers
– unique identification numbers of citizens can only be used by
instances authorized by a Sectoral Committee of the National
Privacy Commission
– regulation on interconnection of personal data
• registration of the identity of citizens by the municipalities
• registration of the identity of companies by company
counters
Frank Robben
34
November 5th, 2009
Choices made in Belgium
• registration of characteristics, relationships and
mandates relevant for eGovernment by private or public
bodies designated by government
• authentication of the identity of physical persons by the
electronic identity card
• verification of characteristics, relationships and
mandates relevant for eGovernment preferably by
consulting authentic databases
• multifunctional use of authentication and verification
means
• authorization is the responsibility of each service
provider
• implementation based on a policy enforcement model
Frank Robben
35
November 5th, 2009
Policy Enforcement Model
Action
on
application
DENIED
User
Action
on
application
Retrieval
Policies
Action
on
application
PERMITTED
Policy
Application
(PEP)
Decision
request
Application
Decision
reply
Policy
Decision (PDP)
Information
Request/
Reply
Information
Request/
Reply
Policy
management
Policy Administration
(PAP)
Policy Information
(PIP)
Policy
Authentic source
Policy Information
(PIP)
Manager
Authentic source
repository
Frank Robben
36
November 5th, 2009
Policy Enforcement Point (PEP)
• intercepts the request for authorization with all available
information about the user, the requested action, the
resources and the environment
• passes on the request for authorization to the Policy
Decision Point (PDP) and extracts a decision regarding
authorization
• grants access to the application and provides relevant
credentials
Action
on
application
DENIED
User
Action
on
application
Policy
Application
(PEP)
Decision
request
Action
on
application
PERMITTED
Application
Decision
reply
Policy
Decision (PDP)
Frank Robben
37
November 5th, 2009
Policy Decision Point (PDP)
• based on the request for authorization received, retrieves the
appropriate authorization policy from the Policy Administration
Point(s) (PAP)
• evaluates the policy and, if necessary, retrieves the relevant
information from the Policy Information Point(s) (PIP)
• takes the authorization decision (permit/deny/not applicable)
and sends it to the PEP
Policy
Application
(PEP )
Decision
request
Retrieval
Policies
Decision
reply
Policy
Decision (PDP )
Information
Request
/
Reply
Information
Request /
Reply
Policy Administration
(PAP )
Frank Robben
Policy Information
(PIP)
38
Policy Information
(PIP)
November 5th, 2009
Policy Administration Point (PAP)
• environment to store and manage authorization policies
by authorized person(s) appointed by the application
managers
• puts authorization policies at the disposal of the PDP
Policy
management
Retrieval
Policies
PDP
PAP
Manager
Policy
repository
Frank Robben
39
November 5th, 2009
Policy Information Point (PIP)
• puts information at the
disposal of the PDP in
order to evaluate
authorization policies
(authentic sources with
characteristics,
relationships, mandates,
etc.)
Frank Robben
Information
Request /
Reply
PDP
Information
Request /
Reply
40
PIP 1
PIP 2
Authentic source
Authentic source
November 5th, 2009
Global architecture
Social sector
(CBSS)
eHealth platform
USER
USER
APPLICATIONS
Authen tication
Authorisation
PEP
WebApp
XYZ
Role
Mapper
Role
Provider
Role
Provider
DB
Authorisation
PEP
WebApp
XYZ
Role
Mapper
APPLICATIONS
Authen tication
Authorisation
PEP
PDP
PAP
‘’Kephas’’
Role
Provider
Role
Provider
DB
PIP
PIP
PIP
PIP
PIP
PIP
Attribute
Provider
Attribute
Provider
Attribute
Provider
Attribute
Provider
Attribute
Provider
DB
Mandates
RIZIV
DB
XYZ
DB
Mandates
UMAF
DB
XYZ
Management
VAS
41
WebApp
XYZ
Role
Mapper
Role
Mapper
DB
Role
Mapper
DB
Attribute
Provider
Frank Robben
Non social FPS
(Fedict)
APPLICATIONS
Authen tication
Role
Mapper
DB
PDP
USER
PDP
PAP
‘’Kephas’’
Management
VAS
Role
Provider
Role
Provider
DB
PIP
PIP
PIP
Attribute
Provider
Attribute
Provider
Attribute
Provider
DB
Judicial
exuters
DB
XYZ
DB
XYZ
PAP
‘’Kephas’’
Management
VAS
November 5th, 2009
Electronic identity card (eID)
• aims to enable Belgian citizens
– to identify themselves (electronically)
– to electronically authenticate their identity towards diverse
applications
– and to put digital signatures
• validity period of 5 years, extended to 10 years for
elderly people
Frank Robben
42
November 5th, 2009
Electronic identity card (eID)
• from a visual point of view the electronic identity card
contains
–
–
–
–
–
–
–
–
–
–
–
–
Frank Robben
the name
the first two Christian names
the first letter of the third Christian name
the nationality
the place and date of birth
the sex
the place of delivery of the card
the begin and end data of the validity of the card
the denomination and number of the card
the photo of the holder
the signature of the holder
the identification number of the National Register
43
November 5th, 2009
Electronic identity card (eID)
• from an electronic point of view the chip of the electronic
identity card contains the same information as printed on
the card, filled up with
–
–
–
–
the identity and signature keys
the identity and signature certificates
the accredited certification service furnisher
information necessary for authentication of the card and
securization of the electronic data
– the main residence of the holder
•
•
•
•
no other data than identification data
no encryption certificates
no electronic purse
no biometric data (yet)
Frank Robben
44
November 5th, 2009
No other data than identification data
• why not ?
– preventing perception of the card as a big brother
– preventing loss of data, when the card is lost
– preventing frequent updates of the card
• stimulation of the controlled access to data over
networks, using the card as an access tool, rather than
storage of data on the card
Frank Robben
45
November 5th, 2009
eID organization model
• government has chosen a card producer and certification
authority issuing the identity certificates as a result of a
public call for tenders
• the municipality calls the holder for the issuing of the
electronic identity card
• the municipality acts as registration authority for 2
certificates: authentication of the identity and electronic
signature
• 2 key pairs are generated within the card at production
time and the private keys are stored within the processor
chip of the card
• the 2 certificates are created by the certification
authority, but published only when the holder agrees
Frank Robben
46
November 5th, 2009
eID organization model
• the use of the private keys within the chip needs an
activation of the card by a municipal official using his
PUK2 and the PUK1 sent to the holder
• first authentication within one session (first private key)
and every generation of an electronic signature (second
private key) requires the PIN code of the holder
• the second private key and identity certificate on the
electronic identity card can be used to generate a legally
valid electronic signature
Frank Robben
47
November 5th, 2009
eID partners
Frank Robben
48
November 5th, 2009
National Register and CBSS Register
• National Register
– database managed by the Ministry of the Interior
– containing identification data with regard to all people living in
Belgium and registered within the municipal population registers
– data are managed by the municipalities
• CBSS register
– database managed by the Crossroads Bank for Social Security
– containing identification data with regard to all people that are
not registered (anymore) within the National Register, but that
are in relation with the Belgian public or social sector
– subsidiary and complementary to the National Register
– data are managed by the sickness funds
Frank Robben
49
November 5th, 2009
National Register and CBSS Register
• content
–
–
–
–
–
–
–
–
–
–
Frank Robben
unique identification key
name and Christian names
place and date of birth
place and date of death
sex
nationality
civil status
main residence
family composition (not in CBSS register)
profession (not in CBSS register)
50
November 5th, 2009
Division of costs
• population registers: municipalities
• National Register: Ministry of the Interior
• CBSS Register: Crossroads Bank for Social Security
• eID: citizen (10 €)
Frank Robben
51
November 5th, 2009
International context: some issues
• determination of the means by which an entity can be
identified within each country and across countries
• the way identity management on the one hand, and
characteristics, relationships and mandates
management on the other, are well separated in order to
guarantee the multifunctional use of identity
authentication means
• the quality insurance criteria for the registration
procedures that are used to determine the identity,
relevant characteristics, relationships or mandates
before linking it to authentication or verification means
Frank Robben
52
November 5th, 2009
International context: some issues
• the quality insurance criteria for authentication and
verification means and their use
• an organizational, functional and technical
interoperability framework to exchange identity,
characteristics, relationships, mandates and
authentication data based on open standards
• the necessary legal framework for identity,
characteristics, relationships and mandates
management, with a good balance between trust
enhancing measures and measures guaranteeing a free
market
Frank Robben
53
November 5th, 2009
International context: proposed method
• to work out a common conceptual framework, a common
vision and common basic principles
• to translate these principles in common, measurable
objectives
• to ask every state to develop an action plan to achieve
these objectives
• to elaborate an architecture and guidebooks to
implement the principles
• to create a forum for the exchange of best practices
Frank Robben
54
November 5th, 2009
Information security and privacy protection
• overall policy on security and privacy protection for
eGovernment
– security, integrity and confidentiality of government information
are ensured by integrating ICT measures with structural,
organizational, physical, personnel screening and other security
measures according to agreed policies
– personal information is only used for purposes compatible with
the purposes of the collection of the information
– personal information is only accessible to authorized institutions
and users according to business needs, legislative or policy
requirements
Frank Robben
55
November 5th, 2009
Information security and privacy protection
• overall policy on security and privacy protection for
eGovernment
– the authorizations for government bodies to communicate
personal information to third parties are granted by Sectoral
Committees of the Privacy Commission, designated by
Parliament, after having checked whether the communication
conditions (e.g. purpose limitation, proportionality) are met
– the authorizations for communication are public
– every concrete electronic communication of personal information
by a government body is preventively checked on compliance
with the existing authorizations by an independent institution
managing the interoperability framework used for the
communication
– every concrete electronic communication of personal information
by a government body is logged, to be able to trace possible
abuse afterwards
Frank Robben
56
November 5th, 2009
Information security and privacy protection
• overall policy on security and privacy protection for
eGovernment
– every time information is used to take a decision, the used
information is communicated to the concerned person together
with the decision
– every person has right to access and correct his own personal
data
– this system has been implemented in the Belgian social security
sector for about 20 years and is being extended to the whole
Belgian government sector
Frank Robben
57
November 5th, 2009
Information security and privacy protection
• security, availability, integrity and confidentiality of
information is ensured by integrated
–
–
–
–
–
institutional
legal
organizational
HR-related
technical
security measures according to agreed policies
Frank Robben
58
November 5th, 2009
Institutional measures
• no central data storage
• every actor disposes of an information security officer
with an advisory, stimulating, documentary and control
task
• specialized information security service providers have
been recognized in order to support the information
security officers
• a working party on information security and privacy
protection has been established
• minimal information security and privacy protection
standards are proposed by the working party on
information security and privacy protection and are
established by the competent Sectoral Committee
Frank Robben
59
November 5th, 2009
Institutional measures
• every year, every actor has to report to the competent
Sectoral Committee on compliance with the minimal
information security and privacy protection standards
• in case an actor doesn’t meet the minimal information
security and privacy protection standards, the actor can
be prohibited by the competent Sectoral Committee to
be connected to the system for electronic data exchange
Frank Robben
60
November 5th, 2009
Independent Sectoral Committees
• established within the Privacy Commission
• composed of
– 2 members of the Privacy Commission
– 4 independent domain specialists designated by Parliament
• competences
–
–
–
–
–
–
Frank Robben
supervision of information security
authorizing the information exchange
complaint handling
information security recommendations
extensive investigating powers
annual activity report
61
November 5th, 2009
Legal measures
• obligations of the actors as data controllers
– principles relating to fair and lawful processing and data quality
– information to be given to the data subject
– confidentiality and security of processing
• rights of the data subjects (i.e. the natural persons the
personal data relate to)
–
–
–
–
–
–
right of privacy protection
right of information
right of access
right of rectification, erasure or blocking
right not to be subject to fully automated individual decisions
right of a judicial remedy
• remedies, liability and sanctions
Frank Robben
62
November 5th, 2009
Fair and lawful processing and data quality
• fair and lawful processing
• collection only for specified, explicit and legitimate
purposes
• no further processing in a way incompatible with those
purposes
• personal data must be adequate, relevant and not
excessive in relation to those purposes
• personal data must be accurate and kept up to date
• personal data must not be kept longer than necessary
for those purposes in a form which permits the
identification of the data subject
Frank Robben
63
November 5th, 2009
Fair and lawful processing and data quality
• respect of additional protection measures related to
sensitive data, i.e. data revealing or concerning
–
–
–
–
–
–
–
Frank Robben
racial or ethnic origin
political opinions
religious or philosophical beliefs
trade union membership
health
sexual life
offences, criminal convictions or security measures
64
November 5th, 2009
Confidentiality and security
• no access to personal data is permitted except on
instructions from the controller or if required by law
• appropriate technical and organizational security
measures
– protection against
•
•
•
•
accidental or unlawful destruction
accidental loss
alteration
unauthorized disclosure or access, in particular where the processing
involves the transmission of data over a network
• all other forms of unlawful processing
– measures have to be appropriate
•
•
•
•
Frank Robben
to the risks represented by the processing
and the nature of the data to be protected
having regard to the state of the art
and the cost of their implementation
65
November 5th, 2009
Confidentiality and security
• where processing is carried out by an external processor
– the controller has to choose a processor guaranteeing sufficient
technical and organizational security measures
– the controller must ensure compliance of the processing with the
security measures
– the carrying out of the processing must be governed by a written
contract or legal act stipulating in particular that
• the processor shall act only on instructions from the controller
• the security obligations shall also be incumbent on he processor
Frank Robben
66
November 5th, 2009
Remedies, liability and sanctions
• remedies
– administrative remedies, inter alia before the Sectoral Committee
– judicial remedies
– for any breach of the rights guaranteed by the national law
applicable
• liability
– right to compensation from the controller for the damage suffered
as a result of an unlawful processing operation, unless the
controller proves not to be responsible for the event giving rise to
the damage
• sanctions
– penal sanctions
– interdiction to process personal data
Frank Robben
67
November 5th, 2009
Organizational, HR-related & technical measures
•
•
•
•
•
•
•
•
•
•
•
•
•
•
risk assessment
security policies
governance and organization of information security
inventory and classification of information
human resources security
physical and environmental security
management of communication and service processes
processing of personal data
access control
acquisition, development and maintenance of information systems
information security incident management
business continuity management
compliance: internal and external control
communication to the public of the policies concerning security and
the protection of privacy
Frank Robben
68
November 5th, 2009
More information
• website Crossroads Bank for Social Security
– http://www.ksz.fgov.be
• website eHealth platform
– https://www.ehealth.fgov.be
• personal website Frank Robben
– http://www.law.kuleuven.be/icri/frobben
Frank Robben
69
November 5th, 2009
Th@nk you !
Any questions ?