Date post: | 25-Dec-2015 |
Category: |
Documents |
Upload: | norman-gilbert |
View: | 216 times |
Download: | 0 times |
Strategic importance ofidentity and access management (IAM)
The case of the Belgiansocial and health sector
Frank RobbenGeneral managerCrossroads Bank for Social SecurityeHealth PlatformSint-Pieterssteenweg 375B-1040 Brussels - BelgiumE-mail: [email protected] CBSS: www.ksz.fgov.bePersonal website: www.law.kuleuven.be/icri/frobben
2 November 5th, 2009Frank Robben
Structure of the presentation• expectations of the stakeholders of the Belgian social
and health sector• the Crossroads Bank for Social Security and the eHealth
platform• advantages for citizens, companies and public
administrations• strategic importance of identity and access management• concrete implementation of identity and access
management• issues with regard to privacy protection and information
security
3 November 5th, 2009Frank Robben
Stakeholders of the Belgian social sector• > 10,000,000 citizens• > 220,000 employers• about 3,000 public and private institutions (actors) at
several levels (federal, regional, local) dealing with– collection of social security contributions– delivery of social security benefits: child benefits, unemployment
benefits, benefits in case of incapacity for work, benefits for the disabled, re-imbursement of health care costs, holiday pay, old age pensions, guaranteed minimum income, …
– delivery of supplementary social benefits– delivery of supplementary benefits based on the social security
status of a person
4 November 5th, 2009Frank Robben
Stakeholders of the Belgian health sector• > 10,000,000 citizens• > 100.000 health care providers (physicians, dentists,
clinical labs, pharmacists, physiotherapists, home nurses, …)
• > 300 health care institutions (hospitals, rest homes, nursing homes, …)
• sickness funds• public institutions
– federal level (Federal Public Service for Public Health, National Institute for Health Insurance, Belgian Health Care Knowledge Centre, …)
– regional level
5 November 5th, 2009Frank Robben
Expectations in the social sector• effective social protection• effective support of social policy• effective fraud prevention and detection• integrated services
– attuned to the concrete situation of the citizens and companies, and personalized when possible
– delivered at the occasion of events that occur during their life cycle (birth, going to school, starting to work, move, illness, retirement, starting up a company, …)
– across government levels, public services and private bodies
• attuned to their own processes• if possible, granted automatically
6 November 5th, 2009Frank Robben
Expectations in the health sector• optimal quality of health care• optimal patient safety• adequate support of health policy• patient centric care and empowerment of the patient• integrated services
– multidisciplinary– holistic– continuous– across health care institutions and health care providers
• remote care (monitoring, assistance, consultation, diagnosis, operation, …), a.o. home care
• quickly evolving knowledge => need for reliable, coordinated knowledge management and accessibility
7 November 5th, 2009Frank Robben
Common expectations in both sectorselectronic services• with minimal costs and minimal administrative burden• with active participation of the user (self service)• well performing and user-friendly• reliable, secure and permanently available• accessible via a channel chosen by the user (direct
contact, phone, PC, …)• with adequate information security and privacy protection
8 November 5th, 2009Frank Robben
The solution in the social sector• creation in 1990 of the Crossroads Bank for Social
Security as a coordinator and service integrator, with co-operative governance
• no central data storage• a network between all 3,000 social sector actors with a
secure connection to the internet, the federal MAN, regional extranets, extranets between local authorities and the Belgian interbanking network
• a unique identification key– for every citizen, electronically readable from an electronic social
security card and an electronic identity card– for every company– for every establishment of a company
9 November 5th, 2009Frank Robben
The solution in the social sector• an agreed division of tasks between the actors within
and outside the social sector with regard to collection, validation and management of information and with regard to electronic storage of information in authentic sources
• 210 electronic services for mutual information exchange amongst actors in the social sector, defined after process optimization– nearly all direct or indirect (via citizens or companies) paper-
based information exchange between actors in the social sector has been abolished
– in 2008, 686 million electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges
10 November 5th, 2009Frank Robben
The solution in the social sector• 42 electronic services for employers, either based on the
electronic exchange of structured messages or via an integrated portal site– 50 social security declaration forms for employers have been
abolished– in the remaining 30 (electronic) declaration forms the number of
headings has on average been reduced to a third of the previous number
– declarations are limited to 4 events• immediate declaration of recruitment (only electronically)• immediate declaration of discharge (only electronically)• quarterly declaration of salary and working time (only electronically)• occurrence of a social risk (electronically or on paper)
– in 2008, 23 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application
11 November 5th, 2009Frank Robben
The solution in the social sector• electronic services for citizens
– maximal automatic granting of benefits based on electronic information exchange between actors in the social sector
– 8 electronic services via an integrated portal• 3 services to apply for social benefits• 6 services for consultation of social benefits
– about 30 new electronic services are foreseen
• an integrated portal site containing– electronic transactions for citizens, employers and professionals– simulation environments– information about the entire social security system– harmonized instructions and information model relating to all
electronic transactions– a personal page for each citizen, each company and each
professional
12 November 5th, 2009Frank Robben
The solution in the social sector• an integrated multimodal contact centre supported by a
customer relationship management tool• a data warehouse containing statistical information with
regard to the labor market and all branches of social security
13 November 5th, 2009Frank Robben
The solution in the social sector• reference directory
– directory of available services/information• which information/services are available at any actor depending on the
capacity in which a person/company is registered at each actor
– directory of authorized users and applications• list of users and applications• definition of authentication means and rules• definition of authorization profiles: which kind of information/service can be
accessed, in what situation and for what period of time depending on in which capacity the person/company is registered with the actor that accesses the information/service
– directory of data subjects• which persons/companies have personal files at which actors for which
periods of time, and in which capacity they are registered
– subscription table• which users/applications want to automatically receive what
information/services in which situations for which persons/companies in which capacity
14 November 5th, 2009Frank Robben
The solution in the health sector• creation in 2008 of the eHealth platform as a coordinator
and service integrator, with co-operative governance and with the following legal assignments– to develop a vision and a strategy for effective, efficient and
secure electronic services and information exchange in health care, with respect for privacy protection and in close cooperation with the various public and private actors in the health care sector
– to establish useful ICT-related functional and technical norms, standards, specifications and basic architecture for using ICT in order to support this vision and strategy
– to check whether software packages for managing electronic health records comply with the established ICT-related functional and technical norms, standards and specifications, as well as to register those software packages
15 November 5th, 2009Frank Robben
The solution in the health sector• creation in 2008 of the eHealth platform as a coordinator
and service integrator, with co-operative governance and with the following legal assignments– to create, to manage and to develop a cooperation platform for
secure electronic data exchange with useful basic services (see hereafter)
– to agree on a distribution of tasks with regard to the collection, the validation, the storage and the availability of data exchanged over the cooperation platform and on the quality norms which those data have to meet, and to verify whether the quality norms are met
– to promote and to coordinate the realization of programs and projects which reflect the vision and strategy and use the cooperation platform and/or its basic services
16 November 5th, 2009Frank Robben
The solution in the health sector• creation in 2008 of the eHealth platform as a coordinator
and service integrator, with co-operative governance and with the following legal assignments– to manage and to coordinate ICT-related aspects of data
exchange with regard to electronic health records and electronic care prescriptions
– to act as an independent trusted third party (TTP) for coding and anonymizing personal health care data for certain organizations, listed in the law in order to support scientific research and policy making
– to conduct the necessary changes in order to execute the vision and strategy
– to organize the cooperation with other public services in charge of the coordination of electronic service delivery
17 November 5th, 2009Frank Robben
The solution in the health sector• no central data storage• a well secured virtual private network based on the
internet with end-to-end encryption of personal data between all 100,000 health care actors
• a unique identification key– for every citizen, electronically readable from an electronic social
security card and an electronic identity card– for every health care provider– for every health care institution
• multidisciplinary, high quality electronic patient records • care pathways
18 November 5th, 2009Frank Robben
The solution in the health sector• basic services offered by the eHealth platform on its own
ICT infrastructure– orchestration of electronic subprocesses– portal environment including a content management system and
a search engine– integrated user and access management– logging– system for end-to-end encryption– personal electronic mailbox for each health care provider– time stamping– coding and anonymizing for certain organizations, listed by the
law– reference directory (what, about whom, where – no content!)
19 November 5th, 2009Frank Robben
Basic servicesBasic serviceseHealth platformeHealth platform
Network
The solution in the health sectorPatients, health care providersPatients, health care providers
and institutionsand institutions
VASVAS VASVASVASVAS
Suppliers
Users
PortalPortaleHealtheHealth
PortaHealthPortaHealthAVSAVSAVSAVSAVSAVSAVSAVS
Software Software health care health care institutioninstitution
AVSAVSAVSAVSAVSAVSAVSAVSMyCareNetMyCareNet
AVSAVSAVSAVSAVSAVSAVSAVS
Software health Software health care providercare provider
AVSAVSAVSAVSAVSAVSAVSAVSSite INAMISite INAMI
AVSAVSAVSAVSAVSAVSAVSAVS
VASVASVASVASVASVAS
20 November 5th, 2009Frank Robben
The solution in the health sector• basic service
– a service developed and made available by the eHealth platform, which can be used by an added value service provider for developing and offering an added value service
• added value service (AVS)– a service put at the disposal of the patients and/or the health
care providers– the entity that develops and offers an added value service can
use the basic services offered by the eHealth platform for this purpose
• validated authentic source (VAS)– a database with information used by the eHealth platform– the administrator of the database is responsible for the
availability and (the organization of) the quality of the information made available
21 November 5th, 2009Frank Robben
InternetInternet
Extranetregion or
commmunity
Extranetregion or
commmunity
FEDMANFEDMAN
Servicesrepository
FPS
FPS
FPS
ASS
ASS
Servicesrepository
Extranetsocialsector
ASS
RPS
RPS
Servicesrepository
VPN, Publi-link, VERA,
…
VPN, Publi-link, VERA,
…
City Province
Municipality
Servicesrepository
Serviceintegrator(FEDICT)
Serviceintegrator(CBSS)
Serviceintegrator
(Corve, Easi-Wal, CIRB, …)
Towards a network of service integrators
22 November 5th, 2009Frank Robben
Advantages• gains in efficiency
– in terms of cost: services are delivered at a lower total cost• due to
– a unique information collection using a common information model and administrative instructions
– a lesser need to re-encoding of information by stimulating electronic information exchange
– a drastic reduction of the number of contacts between actors in the social and health sector on the one hand and companies or citizens on the other
– a functional task sharing concerning information management, information validation and application development
– a minimal administrative burden– a connection to one electronic platform is sufficient for using several
applications• according to a study of the Belgian Planning Bureau, rationalization of the
information exchange processes between the employers and the social sector implies an annual saving of administrative costs of about 1.7 billion € a year for the companies
23 November 5th, 2009Frank Robben
Advantages• gains in efficiency
– in terms of quantity: more services are delivered• services are available at any time, from anywhere and from several devices• services are delivered in an integrated way according to the logic of the
customer
– in terms of speed: the services are delivered in less time• benefits can be allocated quicker because information is available faster• waiting and travel time is reduced• companies and citizens can directly interact with the competent actors in the
social or health sector with real time feedback
24 November 5th, 2009Frank Robben
Advantages• gains in effectiveness: better social protection, higher
quality of health care and higher patient safety– in terms of quality: same services at same total cost in same
time, but to a higher quality standard– in terms of type of services: new types of services, e.g.
• automated granting of benefits• active search of non-take-up using data warehousing techniques• controlled management of own personal information• personalized simulation environments• easier referring between health care providers/institutions
– in terms of support of professionals in executing their profession
• better support of social and health policy• more efficient combating of fraud
25 November 5th, 2009Frank Robben
Strategic importance of IAM• reliable exchange of personal data requires sufficient
certainty about the identity of the data subjects• adequate access control requires sufficient certainty
about– the identity of the users– the authentication of the identity of the users– the verification of certain characteristics of the users– the verification of certain relationships between the users and
the data subjects– the verification of certain mandates of the users
26 November 5th, 2009Frank Robben
IAM: objectives to be reached• be able to (electronically)
– identify all relevant entities (physical persons, companies, applications, machines, …)
– know the relevant characteristics of the entities– know the relevant relationships between entities– know that an entity has been mandated by another entity to
perform a legal action– know the authorizations of the entities
• in a sufficiently certain and secure way• in as much relations as possible (C2C, C2B, C2G, B2B,
B2G, …)• using open interoperability standards
27 November 5th, 2009Frank Robben
Conceptual framework• entity
– someone or something that has to be identified– e.g. a physical person, a company, a computer application, …
• attribute– a piece of information about an entity
• identity– a number or a set of attributes of an entity that allows to know
precisely who or what the entity is– an entity has only one identity, but this identity can be
determined by several numbers or sets of attributes
28 November 5th, 2009Frank Robben
Conceptual framework• characteristic
– an attribute of an entity, other than an attribute determining its identity
– an entity can have several characteristics– e.g. a capacity, a function, a professional qualification, ...
• relationship– a link between two or more entities– an entity can have several relationships– e.g. a therapeutical relationship between a health care provider
and a patient
29 November 5th, 2009Frank Robben
Conceptual framework• mandate
– a right granted by an identified entity to another identified entity to perform well-defined legal actions in her name and for her account
– an entity can have several mandates
• registration– the process of determining the identity, a characteristic, a
relationship or a mandate of an entity with sufficient certainty– before putting at the disposal means by which the identity can be
authenticated, or the characteristic, the relationship or the mandate can be verified
30 November 5th, 2009Frank Robben
Conceptual framework• authentication of the identity
– the process of checking whether the identity that an entity pretends to have, corresponds to the real identity
– authentication of the identity can be done based on the verification of
• knowledge (e.g. a password)• possession (e.g. an electronic card)• biometrical characteristics• a combination of those
31 November 5th, 2009Frank Robben
Conceptual framework• verification of a characteristic, a relationship or a
mandate– the process of checking whether a characteristic, a relationship
or a mandate that an entity pretends to have, corresponds to a real characteristic, relationship or mandate of that entity
– the verification of a characteristic, a relationship or a mandate can be done by
• the same kind of means as those used for the authentication of the identity• or, after the authentication of the identity, by consulting a database that
contains information about characteristics, relationships or mandates related to identified entities
32 November 5th, 2009Frank Robben
Conceptual framework• authorization
– a permission to an entity to perform a defined action or to use a defined service
• authorization group– a group of authorizations
• role– a group of authorizations or authorization groups related to a
specific service
• role based access– a method of assigning authorizations to entities by means of
authorization groups and roles, in order to simplify the management of authorizations and their assignment to entities
33 November 5th, 2009Frank Robben
Choices made in Belgium• identification number for every citizen and every
company– characterictics
• unicity– one entity – one identification number– same identification number is not assigned to several entities
• exhaustivity– every entity to be identified has an identification number
• stability through time– identification number should not contain variable characterics of the
identified entity– identification number should not contain references to the identification
number or characteristics of other entities– identification number should not change when a quality or characteristic
of the identified entity changes
34 November 5th, 2009Frank Robben
Choices made in Belgium• art. 8, 7 Directive 95/46/EC: "Member States shall
determine the conditions under which a national identification number or any other identifier of general application may be processed"– evolution towards meaningless identification numbers– unique identification numbers of citizens can only be used by
instances authorized by a Sectoral Committee of the National Privacy Commission
– regulation on interconnection of personal data
• registration of the identity of citizens by the municipalities• registration of the identity of companies by company
counters
35 November 5th, 2009Frank Robben
Choices made in Belgium• registration of characteristics, relationships and
mandates relevant for eGovernment by private or public bodies designated by government
• authentication of the identity of physical persons by the electronic identity card
• verification of characteristics, relationships and mandates relevant for eGovernment preferably by consulting authentic databases
• multifunctional use of authentication and verification means
• authorization is the responsibility of each service provider
• implementation based on a policy enforcement model
36 November 5th, 2009Frank Robben
Policy Enforcement Model
User
Policy
Application
(PEP)
Application
Policy
Decision (PDP)
Action on
application Decisionrequest
Decisionreply
Actionon
applicationPERMITTED
Policy Information
(PIP)
InformationRequest /
Reply
Policy Administration
(PAP)
RetrievalPolicies
Authentic source
Policy Information
(PIP)
InformationRequest /
Reply
Policy
repository
Actionon
applicationDENIED
Manager
Policymanagement
Authentic source
37 November 5th, 2009Frank Robben
Policy Enforcement Point (PEP)
• intercepts the request for authorization with all available information about the user, the requested action, the resources and the environment
• passes on the request for authorization to the Policy Decision Point (PDP) and extracts a decision regarding authorization
• grants access to the application and provides relevant credentials
UserPolicy
Application (PEP)
Application
PolicyDecision (PDP)
Action on
application Decisionrequest
Decisionreply
Actionon
applicationPERMITTED
Actionon
applicationDENIED
38 November 5th, 2009Frank Robben
Policy Decision Point (PDP)
• based on the request for authorization received, retrieves the appropriate authorization policy from the Policy Administration Point(s) (PAP)
• evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP)
• takes the authorization decision (permit/deny/not applicable) and sends it to the PEP
Policy Application
(PEP)
PolicyDecision (PDP)
Decisionrequest
Decisionreply
Policy Information (PIP)
Request / Reply
Policy Administration(PAP)
RetrievalPolicies
Policy Information (PIP)
InformationRequest /
Reply
Information
39 November 5th, 2009Frank Robben
Policy Administration Point (PAP)• environment to store and manage authorization policies
by authorized person(s) appointed by the application managers
• puts authorization policies at the disposal of the PDP
PDPPAP
RetrievalPolicies
Manager
Policymanagement
Policyrepository
40 November 5th, 2009Frank Robben
Policy Information Point (PIP)
• puts information at the disposal of the PDP in order to evaluate authorization policies (authentic sources with characteristics, relationships, mandates, etc.)
PDP
PIP 1
InformationRequest /
Reply
Authentic source
PIP 2
Authentic source
InformationRequest /
Reply
41 November 5th, 2009Frank Robben
APPLICATIONS
AuthorisationAuthen-tication PEP
Role Mapper
USER
PAP‘’Kephas’’
RoleMapper
DB
PDPRole
Provider
PIPAttributeProvider
RoleProvider
DB
UMAF
PIPAttributeProvider
DBXYZ
WebAppXYZ
APPLICATIONS
AuthorisationAuthen -tication PEP
Role Mapper
USER
WebAppXYZ
PIPAttributeProvider
PAP‘’Kephas’’
RoleMapper
DB
PDPRole
Provider
RoleProvider
DB
ManagementVAS
PIPAttributeProvider
DBXYZ
PIPAttributeProvider
DBJudicialexut-ers
PIPAttributeProvider
DBMandates
eHealth platform
APPLICATIONS
AuthorisationAuthen -tication PEP
Role Mapper
USER
PAP‘’Kephas’’
RoleMapper
DB
PDPRole
Provider
PIPAttributeProvider
RoleProvider
DB
RIZIV
PIPAttributeProvider
DBXYZ
WebAppXYZ
ManagementVAS
PIPAttributeProvider
DBMandates
Social sector(CBSS)
Non social FPS(Fedict)
ManagementVAS
DBXYZ
Global architecture
42 November 5th, 2009Frank Robben
Electronic identity card (eID)• aims to enable Belgian citizens
– to identify themselves (electronically)– to electronically authenticate their identity towards diverse
applications– and to put digital signatures
• validity period of 5 years, extended to 10 years for elderly people
43 November 5th, 2009Frank Robben
Electronic identity card (eID)• from a visual point of view the electronic identity card
contains– the name– the first two Christian names– the first letter of the third Christian name– the nationality– the place and date of birth– the sex– the place of delivery of the card– the begin and end data of the validity of the card– the denomination and number of the card– the photo of the holder– the signature of the holder– the identification number of the National Register
44 November 5th, 2009Frank Robben
Electronic identity card (eID)• from an electronic point of view the chip of the electronic
identity card contains the same information as printed on the card, filled up with– the identity and signature keys– the identity and signature certificates– the accredited certification service furnisher– information necessary for authentication of the card and
securization of the electronic data– the main residence of the holder
• no other data than identification data• no encryption certificates• no electronic purse• no biometric data (yet)
45 November 5th, 2009Frank Robben
No other data than identification data• why not ?
– preventing perception of the card as a big brother– preventing loss of data, when the card is lost– preventing frequent updates of the card
• stimulation of the controlled access to data over networks, using the card as an access tool, rather than storage of data on the card
46 November 5th, 2009Frank Robben
eID organization model• government has chosen a card producer and certification
authority issuing the identity certificates as a result of a public call for tenders
• the municipality calls the holder for the issuing of the electronic identity card
• the municipality acts as registration authority for 2 certificates: authentication of the identity and electronic signature
• 2 key pairs are generated within the card at production time and the private keys are stored within the processor chip of the card
• the 2 certificates are created by the certification authority, but published only when the holder agrees
47 November 5th, 2009Frank Robben
eID organization model• the use of the private keys within the chip needs an
activation of the card by a municipal official using his PUK2 and the PUK1 sent to the holder
• first authentication within one session (first private key) and every generation of an electronic signature (second private key) requires the PIN code of the holder
• the second private key and identity certificate on the electronic identity card can be used to generate a legally valid electronic signature
48 November 5th, 2009Frank Robben
eID partners
49 November 5th, 2009Frank Robben
National Register and CBSS Register• National Register
– database managed by the Ministry of the Interior– containing identification data with regard to all people living in
Belgium and registered within the municipal population registers– data are managed by the municipalities
• CBSS register– database managed by the Crossroads Bank for Social Security– containing identification data with regard to all people that are
not registered (anymore) within the National Register, but that are in relation with the Belgian public or social sector
– subsidiary and complementary to the National Register– data are managed by the sickness funds
50 November 5th, 2009Frank Robben
National Register and CBSS Register• content
– unique identification key– name and Christian names– place and date of birth– place and date of death– sex– nationality– civil status– main residence– family composition (not in CBSS register)– profession (not in CBSS register)
51 November 5th, 2009Frank Robben
Division of costs• population registers: municipalities
• National Register: Ministry of the Interior
• CBSS Register: Crossroads Bank for Social Security
• eID: citizen (10 €)
52 November 5th, 2009Frank Robben
International context: some issues• determination of the means by which an entity can be
identified within each country and across countries
• the way identity management on the one hand, and characteristics, relationships and mandates management on the other, are well separated in order to guarantee the multifunctional use of identity authentication means
• the quality insurance criteria for the registration procedures that are used to determine the identity, relevant characteristics, relationships or mandates before linking it to authentication or verification means
53 November 5th, 2009Frank Robben
International context: some issues• the quality insurance criteria for authentication and
verification means and their use
• an organizational, functional and technical interoperability framework to exchange identity, characteristics, relationships, mandates and authentication data based on open standards
• the necessary legal framework for identity, characteristics, relationships and mandates management, with a good balance between trust enhancing measures and measures guaranteeing a free market
54 November 5th, 2009Frank Robben
International context: proposed method• to work out a common conceptual framework, a common
vision and common basic principles
• to translate these principles in common, measurable objectives
• to ask every state to develop an action plan to achieve these objectives
• to elaborate an architecture and guidebooks to implement the principles
• to create a forum for the exchange of best practices
55 November 5th, 2009Frank Robben
Information security and privacy protection• overall policy on security and privacy protection for
eGovernment– security, integrity and confidentiality of government information
are ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies
– personal information is only used for purposes compatible with the purposes of the collection of the information
– personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirements
56 November 5th, 2009Frank Robben
Information security and privacy protection• overall policy on security and privacy protection for
eGovernment– the authorizations for government bodies to communicate
personal information to third parties are granted by Sectoral Committees of the Privacy Commission, designated by Parliament, after having checked whether the communication conditions (e.g. purpose limitation, proportionality) are met
– the authorizations for communication are public– every concrete electronic communication of personal information
by a government body is preventively checked on compliance with the existing authorizations by an independent institution managing the interoperability framework used for the communication
– every concrete electronic communication of personal information by a government body is logged, to be able to trace possible abuse afterwards
57 November 5th, 2009Frank Robben
Information security and privacy protection• overall policy on security and privacy protection for
eGovernment– every time information is used to take a decision, the used
information is communicated to the concerned person together with the decision
– every person has right to access and correct his own personal data
– this system has been implemented in the Belgian social security sector for about 20 years and is being extended to the whole Belgian government sector
58 November 5th, 2009Frank Robben
Information security and privacy protection• security, availability, integrity and confidentiality of
information is ensured by integrated– institutional– legal– organizational– HR-related– technical
security measures according to agreed policies
59 November 5th, 2009Frank Robben
Institutional measures• no central data storage• every actor disposes of an information security officer
with an advisory, stimulating, documentary and control task
• specialized information security service providers have been recognized in order to support the information security officers
• a working party on information security and privacy protection has been established
• minimal information security and privacy protection standards are proposed by the working party on information security and privacy protection and are established by the competent Sectoral Committee
60 November 5th, 2009Frank Robben
Institutional measures• every year, every actor has to report to the competent
Sectoral Committee on compliance with the minimal information security and privacy protection standards
• in case an actor doesn’t meet the minimal information security and privacy protection standards, the actor can be prohibited by the competent Sectoral Committee to be connected to the system for electronic data exchange
61 November 5th, 2009Frank Robben
Independent Sectoral Committees• established within the Privacy Commission
• composed of– 2 members of the Privacy Commission– 4 independent domain specialists designated by Parliament
• competences– supervision of information security– authorizing the information exchange– complaint handling– information security recommendations– extensive investigating powers– annual activity report
62 November 5th, 2009Frank Robben
Legal measures• obligations of the actors as data controllers
– principles relating to fair and lawful processing and data quality– information to be given to the data subject– confidentiality and security of processing
• rights of the data subjects (i.e. the natural persons the personal data relate to)– right of privacy protection– right of information– right of access– right of rectification, erasure or blocking– right not to be subject to fully automated individual decisions– right of a judicial remedy
• remedies, liability and sanctions
63 November 5th, 2009Frank Robben
Fair and lawful processing and data quality
• fair and lawful processing• collection only for specified, explicit and legitimate
purposes• no further processing in a way incompatible with those
purposes• personal data must be adequate, relevant and not
excessive in relation to those purposes• personal data must be accurate and kept up to date• personal data must not be kept longer than necessary
for those purposes in a form which permits the identification of the data subject
64 November 5th, 2009Frank Robben
Fair and lawful processing and data quality
• respect of additional protection measures related to sensitive data, i.e. data revealing or concerning– racial or ethnic origin– political opinions– religious or philosophical beliefs– trade union membership– health– sexual life– offences, criminal convictions or security measures
65 November 5th, 2009Frank Robben
Confidentiality and security• no access to personal data is permitted except on
instructions from the controller or if required by law• appropriate technical and organizational security
measures– protection against
• accidental or unlawful destruction• accidental loss• alteration• unauthorized disclosure or access, in particular where the processing
involves the transmission of data over a network• all other forms of unlawful processing
– measures have to be appropriate• to the risks represented by the processing• and the nature of the data to be protected• having regard to the state of the art• and the cost of their implementation
66 November 5th, 2009Frank Robben
Confidentiality and security• where processing is carried out by an external processor
– the controller has to choose a processor guaranteeing sufficient technical and organizational security measures
– the controller must ensure compliance of the processing with the security measures
– the carrying out of the processing must be governed by a written contract or legal act stipulating in particular that
• the processor shall act only on instructions from the controller• the security obligations shall also be incumbent on he processor
67 November 5th, 2009Frank Robben
Remedies, liability and sanctions• remedies
– administrative remedies, inter alia before the Sectoral Committee
– judicial remedies– for any breach of the rights guaranteed by the national law
applicable
• liability– right to compensation from the controller for the damage
suffered as a result of an unlawful processing operation, unless the controller proves not to be responsible for the event giving rise to the damage
• sanctions– penal sanctions– interdiction to process personal data
68 November 5th, 2009Frank Robben
Organizational, HR-related & technical measures
• risk assessment• security policies• governance and organization of information security• inventory and classification of information• human resources security• physical and environmental security• management of communication and service processes• processing of personal data• access control• acquisition, development and maintenance of information systems• information security incident management• business continuity management• compliance: internal and external control• communication to the public of the policies concerning security and
the protection of privacy
69 November 5th, 2009Frank Robben
More information
• website Crossroads Bank for Social Security– http://www.ksz.fgov.be
• website eHealth platform– https://www.ehealth.fgov.be
• personal website Frank Robben– http://www.law.kuleuven.be/icri/frobben
Th@nk you !
Any questions ?