Abstract
Public agencies are increasingly required to collaborate with each other in order to provide high-quality e-government services. This collaboration is usually based on the service-oriented approach and supported by interoperability platforms. Such platforms are specialized middleware-based infrastructures enabling the provision, discovery and invocation of interoperable software services. In turn, given that personal data handled by governments are often very sensitive, most governments have developed some sort of legislation focusing on data protection. This paper proposes solutions for monitoring and enforcing data protection laws within an E-government Interoperability Platform. In particular, the proposal addresses requirements posed by the Uruguayan Data Protection Law and the Uruguayan E-government Platform, although it can also be applied in similar scenarios. The solutions are based on well-known integration mechanisms (e.g. Enterprise Service Bus) as well as recognized security standards (e.g. eXtensible Access Control Markup Language) and were completely prototyped leveraging the SwitchYard ESB product.
Highlights
During the last decades, many governments have driven e-government initiatives with the goal of improving the quality of public services offered to citizens [1]
This is due to the fact that interoperability platforms are increasingly used in egovernment scenarios [2][25] and that the countries where they are applied have promulgated some sort of data protection regulations [26], which are similar to the Uruguayan one
The main differences with our work are: i) the project mainly focuses on compliance requirements of business processes running under the supervision of a single organization while our work focuses on compliance requirements of inter-organizational interactions; ii) the project deal with general compliance requirements which are refined in some specific cases but it does not provide solutions for compliance requirements related to data protection regulations; and iii) performing corrective actions is mentioned [31], the project mainly deals with monitoring tasks while our work addresses enforcement activities
Summary
Many governments have driven e-government initiatives with the goal of improving the quality of public services offered to citizens [1]. Since developing mechanisms to ensure the compliance with personal data protection laws may be complex and costly for public agencies, it would be convenient that e-government interoperability platforms provide mechanisms which allow managing, monitoring and enforcing this type of regulations without involving ad-hoc programming in business (i.e. e-government) applications. This may explain the lack of implementations based on this approach This paper addresses these issues and proposes an extended e-government interoperability platform to monitor and enforce data protection regulations in inter-agency interactions through platform’s mechanisms. Among others, these mechanisms include dynamic adaptability capabilities developed in previous work [7][8][9]. A list of abbreviations is included in Appendix A
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have