How to Improve Citizens’ Trust in Government’s Ability to Protect their Personal Data
Governments, citizens and the risk of identity theft
According to the 2019 Unisys Security Index™, citizens across APAC cite as their top security concern unauthorised access to or misuse of their personal data.
|Identity theft 57%
Bankcard fraud 56%
Identity theft 49%
|Identity theft 90%
Natural disaster 89%
|Bankcard fraud 88%
Identity theft 87%
*% of Kiwis concerned about war/terrorism jumped 29% to 51% after Christchurch attack
Governments collect data about citizens – agencies simply can’t do their job without it. Citizens have no option but to allow government to capture that data: it’s part of the social contract. A person’s data establishes their unique identity as far as government is concerned. When that data is stored digitally it’s subject to the risk of data breach. The same risk is present when private sector organisations collect digital data, but citizens have a choice when dealing with these organisations. If they don’t trust the organisation to protect their data and their identity, they can take their business elsewhere. They can’t do that with government. They depend on government to keep their data and their identity safe, but they may not necessarily trust it to do so. In fact, according to the 2019 Unisys Banking Insights Survey, citizens do not trust government to protect their personal data.
Only 17% of New Zealanders, 19% of Australians and 21% of Filipinos reported that they trusted government more than other organisations in this regard. To validate and maintain their trust, data security must be an important element of all citizen-related digital government activity. Failure to do so undermines both the legitimacy of this core government function and government efforts to increase the levels of citizen engagement.
Sharing data elevates risk and concern
Citizens’ concerns are most elevated when data is shared between agencies. This was highlighted in the 2018 Unisys Connected Government research. Of the 5,000 people surveyed in APAC, just 41 per cent fully supported their personal data being shared to enable government to deliver more targeted programmes and services or so they did not have to repeat providing the same information to different agencies. The reasons for not supporting data sharing included:
- My data would not be protected from internal accidental security breach
- Government will not protect my data from an external attack
- Unauthorised people within the government would access my data
Data sharing increases the possibility of compound security breaches, where multiple sets of data are compromised or where new threats arise from unforeseen quarters. Convenience, which often drives citizen preferences on such matters, is not, by itself, a sufficient motivational factor.
That said, there is strong support, and probably an expectation, from the public to allow police to share information with other agencies to help them solve crimes, foil attacks at events or enable early intervention to prevent child or spousal abuse. But trust is fragile, and to retain this high level of public trust in law enforcement, any information sharing must be done in a secure fashion where only the right people from appropriate organisations can access such sensitive information. That means Government needs to revise its approaches to security.
To ensure that security is pervasive across the government technology landscape a Zero-Trust Network is needed. The Zero-Trust Network assumes that:
- There are always external and internal threats within the network.
- That no user or device — inside or outside the private network — should be trusted
- Upon reliable identification, the system should grant only the minimum level of access required for the full and effective delivery of a service.
Such a network operates on a ‘least privilege’ approach, meaning employees can see only the data that they need to carry out their roles. This reduces risk of both accidental and deliberate data breaches, relieving concerns about unauthorised government employees from accessing sensitive data. Least privilege access also greatly reduces pathways for attackers and malware. The network continuously assesses itself, logging traffic internally and externally for threats so it can respond to malicious attacks in real time. A zero- trust approach is necessary because interconnectivity between government agencies, outside partners and citizens means that sensitive data must be protected across multiple touchpoints.
Take action today
The public sector is facing a dynamic threat landscape that calls for risk-relevant security solutions. As an industry leader in public sector-security, Unisys recommends that local and central governments take the following steps to promote citizen trust:
1. Apply principles of Zero Trust to protect citizens’ personal information.
Data breaches can significantly undermine public support for new technology deployments and heighten the public’s concerns over government information security. While governments must regulate to protect data privacy, they need to move beyond policies and implement a Zero Trust architecture, re—tuning policies, patching vulnerabilities and updating security controls and privileges so they can respond to and recover quickly from cyberattacks.
2. Continuously improve results from modernisation
While technology solutions are evolving rapidly, government projects generally take two to five years and do not match the rate of change in either the technology or the ability of bad actors to take advantage of weaknesses. Many of today’s initiatives around biometrics are specifically targeted to reducing false positives and increasing true positives, which will improve privacy. Government agencies should establish IT platforms that can take advantage of more accurate technologies as they become available without major redevelopment through the use of middleware, frameworks and service-based architectures.
3. Build citizens’ trust
The trust that citizens have in the security of government digital services is paramount to the successful uptake of these services. Citizen compliance and willingness to participate in digital cannot exist without trust. While digital services can enhance customer satisfaction, this goodwill can be lost in an instant if citizens discover that their personal information has been compromised. For a ‘joined-up’ government approach to truly be successful security of data across agencies must be the cornerstone all digital government strategies.
For more information on Unisys security offerings visit www.unisys.com/security