The Crossroads Bank for Social Security succeeding on interoperability within the social sector R4eGOV e-ID USER GROUP MEETING R4eGOV e-ID USER GROUP MEETING 26 April 2007 26 April 2007 CBSS Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040 Brussels Belgium E-mail: Frank.Robben @ ksz.fgov.be Website: http://www.law.kuleuven.ac.be/icri/frobb en Crossroads Bank for Social Security
58
Embed
R4eGOV e-ID USER GROUP MEETING 26 April 2007 The Crossroads Bank for Social Security succeeding on interoperability within the social sector R4eGOV e-ID.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The Crossroads Bank for Social Securitysucceeding on interoperability
within the social sector
R4eGOV e-ID USER GROUP MEETINGR4eGOV e-ID USER GROUP MEETING26 April 200726 April 2007
CBSS
Frank RobbenGeneral managerCrossroads Bank for Social SecuritySint-Pieterssteenweg 375B-1040 BrusselsBelgiumE-mail: [email protected]: http://www.law.kuleuven.ac.be/icri/frobben
Actors in the Belgian social sector about 2,000 public and private institutions at several levels (federal,
regional, local) dealing with- collection of social security contributions
- delivery of social security benefits• child benefits• unemployment benefits• benefits in case of incapacity for work• re-imbursement of health care costs• holiday pay• old age pensions• guaranteed minimum income
- delivery of supplementary social benefits
- delivery of supplementary benefits based on the social security status of a person
3Crossroads Bank for Social Security 26/04/2007
CBSS
The problem a lack of well coordinated service delivery processes and a lack of
well coordinated information management lead to- a huge avoidable administrative burden and related costs for
• the citizens• their employers• the actors in the social sector
- service delivery that doesn't meet the expectations of the citizens and their employers
- suboptimal effectiveness of the social protection
- higher possibilities of fraud
- suboptimal support of the social policy
4Crossroads Bank for Social Security 26/04/2007
CBSS
The solution a network between all 2,000 social sector actors with a secure
connection to the internet, the federal MAN, regional extranets, extranets between local authorities, and the Belgian interbanking network
a unique identification key- for every citizen, electronically readable from an electronic social
security card and an electronic identity card
- for every company 190 electronic services for mutual information exchange amongst
actors in the social sector, defined after process optimization- nearly all direct or indirect (via citizens or companies) paper-based
information exchange between actors in the social sector has been abolished
- in 2006 511 million electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges
5Crossroads Bank for Social Security 26/04/2007
CBSS
The solution 40 electronic services for employers, either based on the electronic
exchange of structured messages between applications or via an integrated portal site- 50 social security declaration forms have been abolished
- in the remaining 30 declaration forms the number of headings has on average been reduced to a third of the previous number
- declarations are limited to 3 events• immediate declaration of recruitment and discharge (only electronically)• quarterly declaration of salary and working times (only electronically)• occurrence of a social risk (electronically or on paper)
- in 2006 17.9 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application
- according to a study of the Belgian Planning Bureau, rationalization of the information exchange processes between the employers and the social sector implies an annual saving of administrative costs of more than 1.7 billion € a year for the companies
6Crossroads Bank for Social Security 26/04/2007
CBSS
The solution electronic services for citizens
- maximal automatic granting of services based on electronic information exchange between actors in the social sector
- 4 electronic services via an integrated portal• 2 services to apply for social benefits• 2 services for consultation of social benefits
- about 30 new electronic services are foreseen an integrated portal site containing
- electronic transactions for citizens and employers
- information about the entire social security system
- harmonized instructions and information model relating to all electronic transactions
- a personal page for each citizen and each company an integrated multimodal contact centre supported by a customer
relationship management tool
7Crossroads Bank for Social Security 26/04/2007
CBSS
CBSS as a service integrator board of directors consists of representatives of the several actors
in the social sector and of government representatives mission
- definition of the vision on eGovernment in the social sector
- definition of common principles (see annex) related to• information modeling• unique collection and re-use of information• management of information• electronic exchange of information• protection of information
- policy support
- coordination of business process re-engineering
8Crossroads Bank for Social Security 26/04/2007
CBSS
CBSS as a service integrator mission
- definition, implementation and management of an interoperability framework
• technical: secure messaging of several types of information: structured data, documents, images, metadata, …
• semantic: harmonization of concepts and coordination of the necessary adaptation of the law
• business logic and orchestration support• management of a reference directory for
– preventive control on the legitimacy of the information exchange– organization of the routing of information– automatic communication of changes of information
9Crossroads Bank for Social Security 26/04/2007
CBSS
Reference directory directory of available services/information
- which information/services are available at any actor depending on the capacity in which a person/company is registered at every actor
directory of authorisation policies- list of users and applications
- definition of authentication means and rules
- definition of authorization policies• which kind of information/service can be accessed, in what situation and for
what period of time depending on in which capacity the person/company is registered with the actor that accesses the information/service
directory of data subjects- which persons/companies have personal files in which actors for which
periods of time, and in which capacity they are registered subscription table
- which users/applications want to automatically receive what services in what situations for which persons/companies in which capacity
10Crossroads Bank for Social Security 26/04/2007
CBSS
CBSS as a service integrator mission
- stimulation of service oriented applications• modular• can be integrated• re-usable• loosely coupled• technology neutral• based on open standards
11Crossroads Bank for Social Security 26/04/2007
CBSS
Towards a network of service integrators
InternetInternet
Extranetregion or
commmunity
Extranetregion or
commmunity
FEDMANFEDMAN
Servicesrepository
FPS
FPS
FPS
ASS
ASS
Servicesrepository
Extranetsocialsector
ASS
RPS
RPS
Servicesrepository
VPN, Publi-link, VERA,
…
VPN, Publi-link, VERA,
…
City Province
Municipality
Servicesrepository
Serviceintegrator(FEDICT)
Serviceintegrator(CBSS)
Serviceintegrator(Corve,
Easi-Wal, …)
12Crossroads Bank for Social Security 26/04/2007
CBSS
Service Oriented Architecture
Basic servicesBasic services
ApplicationsApplications
DataData
PresentationPresentation
Business Business servicesservices
13Crossroads Bank for Social Security 26/04/2007
CBSS
Multifunctional basic services
user & access mgt
trans-for-
mation
ticke-ting
routingdeci-sion rules
orches-tration
statemachine
logging
14Crossroads Bank for Social Security 26/04/2007
CBSS
User and access management identification of physical and legal persons
- unique social identification number for physical persons
- unique company number for companies authentication of the identity of physical persons
- electronic identity card
- user id – password – token management and verification of characteristics (e.g. a capacity, a
function, a professional qualification) of persons management and verification of mandates between a legal or
physical person to whom an electronic transaction relates and the person carrying out that transaction
management and verification of authorizations
15Crossroads Bank for Social Security 26/04/2007
CBSS
Electronic identity card
16Crossroads Bank for Social Security 26/04/2007
CBSS
Citizen token
17Crossroads Bank for Social Security 26/04/2007
CBSS
Policy Enforcement Model
UserPolicy
Enforcement(PEP)
Application
Policy Decision(PDP)
Action on
application Decisionrequest
Decisionreply
Actionon
applicationPERMITTED
Policy Information (PIP)
Informationrequest/
reply
Policy Administration ( PAP)
Policyretrieval
Authentic source
Policy Information (PIP)
Informationrequest/
reply
Policyrepository
Actionon
applicationDENIED
Manager
Policymanagement
Authentic source
18Crossroads Bank for Social Security 26/04/2007
CBSS
Policy Enforcement Model Policy Enforcement Point (PEP)
- intercepts the request for authorisation with all available information about the user, the action being requested, the resources and the environment
- passes on the request for authorisation to the Policy Decision Point (PDP) and extracts a decision regarding authorisation
- grants access to the application and provides relevant credentials Policy Decision Point (PDP)
- based on the request for authorisation received, retrieves the appropriate authorisation policy from the Policy Administration Point(s) (PAP)
- evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP)
- takes the authorisation decision (permit/deny/not applicable) and sends it to the PEP
19Crossroads Bank for Social Security 26/04/2007
CBSS
Policy Enforcement Model Policy Administration Point (PAP)
- environment to store and manage authorisation policies by authorised person(s) appointed by the application managers
- puts authorisation policies at the disposal of the PDP Policy Information Point (PIP)
- puts information at the disposal of the PDP in order to evaluate authorisation policies (authentic sources with characteristics, mandates, etc.)
20Crossroads Bank for Social Security 26/04/2007
CBSS
Overall architecture
APPLICATIONS
AuthorisationAuthen-tication PEP
Role Mapper
USER
PAP‘’Kephas’’
RoleMapper
DB
PDPRole
Provider
PIPAttributeProvider
RoleProvider
DB
UMAF
PIPAttributeProvider
DBXYZ
WebAppXYZ
APPLICATIONS
AuthorisationAuthen -tication PEP
Role Mapper
USER
WebAppXYZ
PIPAttributeProvider
PAP‘’Kephas’’
RoleMapper
DB
PDPRole
Provider
RoleProvider
DB
BeheerGAB
PIPAttributeProvider
DBXYZ
PIPAttributeProvider
DBGerechts-deurwaar-
ders
PIPAttributeProvider
DBMandaten
Be-Health
APPLICATIONS
AuthorisationAuthen -tication PEP
Role Mapper
USER
PAP‘’Kephas’’
RoleMapper
DB
PDPRole
Provider
PIPAttributeProvider
RoleProvider
DB
RIZIV
PIPAttributeProvider
DBXYZ
WebAppXYZ
BeheerGAB
PIPAttributeProvider
DBMandaten
Social sector(CBSS)
Non-social FPS(Fedict)
BeheerGAB
DBXYZ
21Crossroads Bank for Social Security 26/04/2007
CBSS
Use in the Belgian social sector
all end-user services are divided into categories based on the required level of security- all services can be used with the eID as a means of electronic
identification and authentication of identity
- some services can also be used (temporarily) on the basis of a user-id, password and, where appropriate, a citizen token or a public servant token
electronic signatures can be put with the eID
the policy enforcement model is being implemented for the authentication of characteristics and mandates and for authorisation management
22Crossroads Bank for Social Security 26/04/2007
CBSS
Electronic SIS-card and electronic identity card gradual replacement of the functions of the electronic social
security card (SIS card) once the following conditions have been fulfilled- function of electronic identification: overall availability of the electronic
identity card (eID)
- function of proof of the insurability in the health care sector• secure on line access by the health care providers to the insurability
information available at the sickness funds• electronic identification and authentication of the identity, characteristics
and mandates of the health care providers
preservation of the SIS card or a similar solution for persons who do not possess an eID (persons not residing in Belgium, children under the age of 12, …)
availability of readers that can read both the SIS-card and the eID
23Crossroads Bank for Social Security 26/04/2007
CBSS
Advantages gains in efficiency
- in terms of cost: services are delivered at a lower total cost due to• a unique information collection using a common information model and
administrative instructions• a lesser need to re-encoding of information by stimulating electronic
information exchange• a drastic reduction of the number of contacts between actors in the social
sector on the one hand and citizens or companies on the other• functional task sharing concerning information management, information
validation and application development• a minimal administrative burden
- in terms of quantity: more services are delivered• services are available at any time, from anywhere and from several devices• services are delivered in an integrated way according to the logic of the
customer
24Crossroads Bank for Social Security 26/04/2007
CBSS
Advantages gains in efficiency
- in terms of speed: the services are delivered in less time• benefits can be allocated quicker because information is available faster• waiting and travel time is reduced• citizens and companies can directly interact with the competent actors in
the social sector with real time feedback
gains in effectiveness: better social protection- in terms of quality: same services at same total cost in same time, but
to a higher quality standard
- in terms of type of services: new types of services, e.g.• push system: automated granting of benefits• active search of non-take-up using datawarehousing techniques• controlled management of own personal information• personalized simulation environments
better support of social policy more efficient combating of fraud
25Crossroads Bank for Social Security 26/04/2007
CBSS
United Nations Public Service Award
26Crossroads Bank for Social Security 26/04/2007
CBSS
European framework Treaty of Rome: free movement of persons => need for co-
ordination between social security schemes of the Member States
Co-ordination Regulations 1408/71 (to be replaced by Co-ordination Regulation 883/04) and 574/72:
4 basic principles:- only one applicable national legislation per period
- equal treatment: no discrimination based on nationality
- aggregation of insurance, employment and residence periods
- exportability of rights co-ordination regulations imply a lot of information exchange
between social security institutions of different Member States
27Crossroads Bank for Social Security 26/04/2007
CBSS
European framework current situation
- 78 types of information exchange processes related to have been defined by the Administrative Commission on Social Security for Migrant Workers
- a lot of information is still exchanged on paper forms (E-forms)- exchange of paper forms appears cumbersome, complicated and expensive,
which may deter possible migrant workers- Co-ordination Regulation 883/04 to come into force: the quality level of services
provided by a social security institution to an insured person may not decrease because this person (e.g. migrant or frontier worker, tourist, student, pensioner, ...) made use of his right to move within the EU => provision of systematic electronic information exchange
TESS = TElematics for Social Security- working party managed by Technical Commission on Data Processing- set up to develop telematic services for the implementation of the European
Union provisions on social security huge need for electronic identification and authentication of citizens and
companies of all EU-Member States, and for electronic verification of certain characteristics and mandates
28Crossroads Bank for Social Security 26/04/2007
CBSS
Some use cases individual residing in EU-Member State A is temporarily employed
(posted) in EU-Member State B- a lot of EU-Member States provide an obligation to declare the
temporary occupation of foreigners on their territory (see below, LIMOSA)
- in case the employee wants to remain socially insured in the EU-Member State of residence
• the employer or his representative has to ask for authorization from the competent social security institution of Member State A
• the competent social security institution of EU-Member State A (electronically) sends an E101-form to the competent social security institution of EU-Member State B
=> need for (interrelated) identification of the employer, his representative and the employee in both EU-Member States, need for authentication of the characteristic "employer" and need for authentication of the mandate of the representative
29Crossroads Bank for Social Security 26/04/2007
CBSS
Some use cases individual residing in EU-Member State A works, studies or looks
for work in EU-Member State B => exportation of rights to and constitution of rights in EU-Member State B => need for (interrelated) identification of the individual in both EU-Member States
individual residing in EU-Member State A simultaneously works in various other EU-Member States => need for (interrelated) identification of the individual in all EU-Member States
individual residing in EU-Member State A needs health care in member State B (form E111, (e)EHIC) => need for (interrelated) identification of the individual in both EU-Member States
individual that has been working in various EU-Member States is retiring and gets old age pensions based on his occupation within the various EU-Member States => need for aggregation of periods => need for (interrelated) identification of the individual in all EU-Member States
30Crossroads Bank for Social Security 26/04/2007
CBSS
Some use cases individual residing in EU-Member State A has to exchange (in an
electronic way) data with public authorities in EU-Member State B => need for (interrelated) identification of the individual in both EU-Member States
employer or his representative residing in EU-Member State A has to exchange (in an electronic way) data about his employees with public authorities in EU-Member State B => need for (interrelated) identification in both EU-Member States of the employer, his representative and the employees, need for authentication of the characteristic of "employer" and need for authentication of the mandate of the representative
31Crossroads Bank for Social Security 26/04/2007
CBSS
Some metrics exchanged E-forms with Belgium (2005)
- proof of health care insurance ((e)HCIC replacing E111): more than 700.000 issued
- invoices exchanged for reason of healthcare reimbursement (forms E125, E127): 490.000 for a total amount of approximately 285.000.000 €
- posting (E101): 250.000
- information of constitution of old age pension rights in another EU-Member State (E501, E502, E551): 160.000
- insurance history, career survey requests and pension claims: (E202, E205, E207, E210): 60.000
- family allowances sector (E401, E402, E403, E411): 60.000
Monitoring foreign activities on Belgian territory and Monitoring foreign activities on Belgian territory and lessening the administrative burdenlessening the administrative burden
33Crossroads Bank for Social Security 26/04/2007
CBSS
Objectives mandatory declaration for foreign employees, self-employed
persons and trainees when coming to Belgium collecting all relevant information in one central database coordination of electronic information flows between Belgian
competent institutions one stop shop: lessening the administrative burden for foreign
employers and self-employed persons statistical information about cross-border employment on Belgian
territory consultation tool for social inspection services
34Crossroads Bank for Social Security 26/04/2007
CBSS
Results guarantee for legal employment in
Belgium getting a view on the impact of the
activities of foreign employees, self-employed persons and trainees on the Belgian economy
respecting the European basic right of free movement of services
estimated number of declarations on annual basis = 200,000
meaning administrative simplification
The Netherlands
France
Poland
Germany
Belgium
Lux
Portugal
India = 1.4%
Czech Rep. = 1.3%
Japan = 1.3%
Nederland
Frankrijk
Polen
Duitsland
België
Luxemburg
Portugal
India
Tsjechische Rep.
Japan
40 %
14 %
14 %
7 %
35Crossroads Bank for Social Security 26/04/2007
CBSS
Project in different stages international portal site and mandatory declaration (01/04/2007)
- portal site in order to enhance a quick and user friendly declaration tool for foreign employers and self-employed persons
• access to application• information on other obligations (labour law, taxes, ...)
- a specific user and access management ‘light’ has been created central database (01/07/2007)
- comprehensive database with data of foreign activities on Belgian territory
one stop shop (target: 01/11/2007)- all requests (residence permit, work permit, posting documents,
assignments, professional cards,...) and declarations from other countries
- automatic triggering and dispatching to competent institutions
- by means of the user management system, one can easily follow the status of the processing of his requests
36Crossroads Bank for Social Security 26/04/2007
CBSS
37Crossroads Bank for Social Security 26/04/2007
CBSS
38Crossroads Bank for Social Security 26/04/2007
CBSS
39Crossroads Bank for Social Security 26/04/2007
CBSS
40Crossroads Bank for Social Security 26/04/2007
CBSS
41Crossroads Bank for Social Security 26/04/2007
CBSS
42Crossroads Bank for Social Security 26/04/2007
CBSS
43Crossroads Bank for Social Security 26/04/2007
CBSS
Towards a pan-European social service ? Decision 2004/387/EC of the European Parliament and of the
Council of 21 April 2004 on the interoperable delivery of pan-European eGovernment services to public administrations, businesses and citizens (IDABC)- “The European Council, meeting in Brussels in March 2003, drew
attention to the importance of connecting Europe and so strengthening the internal market and underlined that electronic communications are a powerful engine for growth, competitiveness and jobs in the European Union and that action should be taken to consolidate this strength and to contribute to the achievement of the Lisbon goals. To this end, the development and establishment of pan-European eGovernment Services and the underlying telematic networks should be supported and promoted.”
- “This Decision establishes, for the period 2005-2009, a Programme for Interoperable Delivery of pan-European eGovernment Services to (…) European Businesses and Citizens.”
44Crossroads Bank for Social Security 26/04/2007
CBSS
Towards a pan-European social service ?
a standardised, pan-European declaration system across all EU-Member States is beneficial for- employers and self-employed persons
• unique, multifunctional declaration system across EU-Member States• available 24/7 and everywhere• available in the own language of the user• re-use of national basic services (e.g. portal environment, user- and access
management, …)
- the EU and the EU-Member States• higher degree of satisfaction of the employers and the self-employed
persons• higher degree of notoriety of the system across the EU => higher guarantee
of use and avoiding of unnecessary foreign information campaigns• electronic availability of all relevant information
45Crossroads Bank for Social Security 26/04/2007
CBSS
Towards a pan-European social service ?
service oriented architecture of LIMOSA permits an evolution towards a pan-European social service- modular, layered architecture
• presentation layer (multiple portal environments)• application layer (processes)• basic services layer (user and access management, return of receipt, …)• information layer (databases)
- entirely based on open standards
- components can be easily integrated in other environments
possibility to valorise the Belgian know how related to eGovernment in the social sector and electronic identity, user and access management
46Crossroads Bank for Social Security 26/04/2007
CBSS
Towards a pan-European social service ? excellent possibility to use the solution for cross-border electronic
identification of citizens and companies in execution of the Interministerial Statement of 24 November 2005 in Manchester
“By 2010 European citizens and business shall be able to benefit from secure means of electronic identification that maximise user convenience while respecting data protection regulations. Such means shall be made available under the responsibility of the Member States, but recognised across the EU.”
“Member States will, during 2006, agree a process and roadmap for achieving the electronic identity objectives and address the national and European legal barriers to the achievement of the electronic identity objectives; work in this area is essential for public administrations to deliver personalised electronic services with no ambiguity as to the user’s identity.”
“Member States will, over the period 2006-2010, work towards the mutual recognition of national electronic identities by testing, piloting and implementing suitable technologies and methods.”
47Crossroads Bank for Social Security 26/04/2007
CBSS
Proposal of concrete objectives internationally, authentication levels are established in relation to
identity, characteristics and mandates each country has registration procedures for establishing the
identity of individuals residing in their own country, according to the internationally established authentication levels
each country has registration procedures for establishing the identity of legal entities and actual associations that are established in their own country, according to the internationally established authentication levels
each country makes available to each individual, each legal entity and each actual association for whom/which the identity is established in accordance with the registration procedures, the means by which the concerned entity can produce and prove its identity (whether or not in a particular context) locally or remotely, verbally, visually and electronically on the territory of the country in question, without that entity’s identity being confused with the identity of another individual person, legal entity or actual association in that country
48Crossroads Bank for Social Security 26/04/2007
CBSS
Proposal of concrete objectives each country has registration procedures for establishing the type
of characteristics indicated by an internationally accredited body, according to the internationally established authentication levels
each country has registration procedures for establishing the mandate of an individual to represent a legal entity or actual association, and the other types of mandates that are indicated by an internationally accredited body, according to the internationally established authentication levels
each country has the necessary systems to produce and prove the characteristics and mandates of individuals, legal entities and actual associations that have been established according to the registration procedures (whether or not in a particular context), locally or remotely, verbally, visually and electronically on the territory of the country in question, either with the permission of the concerned entity or in accordance with a statutory or legal provision
49Crossroads Bank for Social Security 26/04/2007
CBSS
Proposal of concrete objectives under the coordination of the European Commission, the Member
States of the EU develop EU standards and specifications to ensure the semantic and technical interoperability of resources for producing and proving electronically the identity, characteristics and mandates through or in relation to individuals, legal entities and actual associations on the territory of other Member States
the described policy enforcement model could serve as a model for concrete implementation
50Crossroads Bank for Social Security 26/04/2007
CBSS
More information
personal websitehttp://www.law.kuleuven.ac.be/icri/frobben
Crossroads Bank for Social Securityhttp://www.ksz.fgov.be
social security portalhttps://www.socialsecurity.be
Federal Public Service for ICThttp://www.fedict.be
information is being modelled in such a way that the model fits in as closely as possible with the real world
information modelling takes as much account as possible of anticipated use of information
the information model can be flexibly extended or adapted when the real world or the use of the information changes
54Crossroads Bank for Social Security 26/04/2007
CBSS
Unique collection and re-use of information information is only collected for well-defined purposes and is
targeted to meet the requirements of these purposes all information is collected once, from as near to the authentic
source as possible information is collected according to the information model and
following uniform guidelines with the possibility of quality control by the supplier before the
transmission of the information the collected information is validated once according to established
task sharing criteria, by the institution that is most entitled to it or by the institution which has the greatest interest in correctly validating it
it is then shared and re-used by authorized users
55Crossroads Bank for Social Security 26/04/2007
CBSS
Management of information a task sharing model is established indicating which institution
stores which information as an authentic source, manages the information and maintains it at the disposal of the authorized users
information is stored according to the information model information can be flexibly assembled according to ever changing
legal concepts every institution has to report probable errors of information to the
institution that is designated to validate the information every institution that has to validate information according to the
agreed task sharing model, has to examine the reported probable errors, to correct them when necessary and to communicate the correct information to every known interested institution
information is only retained and managed as long as there exists a business need, a legislative or policy requirement, or, preferably anonimized or encoded, when it has historical or archival importance
56Crossroads Bank for Social Security 26/04/2007
CBSS
Electronic exchange of information once collected and validated, information is stored, managed and
exchanged electronically to avoid transcribing and re-entering it manually
electronic information exchange can be initiated by- the institution that disposes of information
- the institution that needs information
- the institution that manages the interoperability framework (CBSS as service integrator)
electronic information exchanges take place on the base of a functional and technical interoperability framework that evolves permanently but gradually according to open market standards, and is independent from the methods of information exchange
available information is used for- the automatic granting of benefits
- prefilling when collecting information
- information delivery to the interested parties
57Crossroads Bank for Social Security 26/04/2007
CBSS
Protection of information security, integrity and confidentiality of government information is
ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies
personal information is only used for purposes compatible with the purposes of the collection of the information
personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirements
the access authorization to personal information is granted by an independent institution, designated by Parliament, after having checked whether the access conditions are met
the access authorizations are public
58Crossroads Bank for Social Security 26/04/2007
CBSS
Protection of information every actual electronic exchange of personal information is
preventively checked on compliance with the existing access authorizations by an independent institution managing the interoperability framework
every actual electronic exchange of personal information is logged, to be able to trace possible abuse afterwards
every time information is used to take a decision, the information used is communicated to the person concerned together with the decision
every person has right to access and correct his/her own personal data