OECD Peer Review of E-Government in Denmark - ePractice.eu
OECD Peer Review of E-Government in Denmark - ePractice.eu
OECD Peer Review of E-Government in Denmark - ePractice.eu
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
modernisation process, especially <strong>in</strong> a quickly chang<strong>in</strong>g environment. However, while eDay and<br />
eDay2 created <strong>in</strong>ternal capacity and removed obstacles imped<strong>in</strong>g digital communication, they did not<br />
remove exist<strong>in</strong>g barriers l<strong>in</strong>ked to the application <strong>of</strong> ICT to specific government processes (e.g.<br />
taxation).<br />
Key po<strong>in</strong>t 3.1<br />
<strong>Denmark</strong> has undertaken significant work to ensure that the legislative and regulatory environment does not<br />
present unnecessary barriers to the development <strong>of</strong> e-government. While many laws and regulations either still<br />
rema<strong>in</strong> to be updated or have been deemed impossible to change, the major elements <strong>of</strong> an “e-enabled” legal<br />
environment are now <strong>in</strong> place.<br />
Despite this, Danish <strong>of</strong>ficials still report that they face e-government barriers <strong>in</strong> this area, cit<strong>in</strong>g problems related<br />
to complexity <strong>of</strong> regulations, legal impediments to collaboration and lack <strong>of</strong> legal recognition <strong>of</strong> e-government<br />
processes. Some <strong>of</strong> these problems arise from the fact that further work on remov<strong>in</strong>g legal impediments to<br />
e-government is required. However, it appears that other aspects <strong>of</strong> this problem relate to <strong>of</strong>ficials hav<strong>in</strong>g<br />
<strong>in</strong>adequate awareness and understand<strong>in</strong>g <strong>of</strong> the changes that have already occurred, lack <strong>of</strong> capacity to <strong>in</strong>terpret<br />
revised laws and regulations <strong>in</strong> <strong>in</strong>novative ways, and failure <strong>of</strong> organisations to accept responsibility for chang<strong>in</strong>g<br />
their services and bus<strong>in</strong>ess processes <strong>in</strong> l<strong>in</strong>e with what is allowed by the altered legal environment.<br />
Data protection<br />
Danish legislation recognises two broad areas where laws and regulations are required to achieve<br />
security and privacy <strong>of</strong> public <strong>in</strong>formation: 1) technical security <strong>of</strong> <strong>in</strong>formation systems and data<br />
communications; and 2) protection <strong>of</strong> personal data. A third area – identification <strong>of</strong> providers and<br />
users <strong>of</strong> <strong>in</strong>formation (i.e. authentication) – is an area <strong>of</strong> ongo<strong>in</strong>g legal challenge. Even digital<br />
signatures do not guarantee identity, as it is possible for persons other then the signature holder to use<br />
them. This is a press<strong>in</strong>g issue, which is not yet solved and will figure <strong>in</strong> ongo<strong>in</strong>g work on digital<br />
signatures.<br />
Data and system security is, to a large extent, a technical and organisational challenge; it requires<br />
<strong>in</strong>formation and communication systems that are technically secure from external attack and protected<br />
from <strong>in</strong>ternal misuse by appropriate laws, policies, management practices, bus<strong>in</strong>ess processes,<br />
organisational culture, staff skills and tra<strong>in</strong><strong>in</strong>g. There is no specific law on IT security <strong>in</strong> <strong>Denmark</strong>.<br />
However, security provisions are conta<strong>in</strong>ed <strong>in</strong> a number <strong>of</strong> laws (i.e. laws on telecommunications and<br />
data protection). State government responsibilities <strong>in</strong> this area are concentrated <strong>in</strong> the hands <strong>of</strong> few key<br />
actors, especially the Danish IT and Telecom Agency (ITST) and the Council for IT Security (see Box<br />
3.1).<br />
Box 3.1 Ma<strong>in</strong> actors and responsibilities <strong>in</strong> the area <strong>of</strong> IT security<br />
The Council for IT Security, established <strong>in</strong> 1995 as a successor to the National IT Security Council, is composed<br />
<strong>of</strong> seven members appo<strong>in</strong>ted by the M<strong>in</strong>ister <strong>of</strong> Science, Technology and Innovation. The Council acts as an<br />
advisory board, focus<strong>in</strong>g on: 1) promot<strong>in</strong>g an <strong>in</strong>formed public debate on IT security; 2) <strong>in</strong>creas<strong>in</strong>g awareness <strong>of</strong><br />
security risks; and 3) encourag<strong>in</strong>g co-operation and knowledge shar<strong>in</strong>g <strong>in</strong> connection with the development and<br />
implementation <strong>of</strong> security policies and procedures.<br />
The IT Security Division with<strong>in</strong> the National IT and Telecom Agency has a key role <strong>in</strong> provid<strong>in</strong>g national<br />
guidel<strong>in</strong>es and <strong>in</strong>stigat<strong>in</strong>g measures focused on strengthen<strong>in</strong>g IT security awareness and prevention, such as: 1)<br />
def<strong>in</strong><strong>in</strong>g <strong>in</strong>tegrated IT and telecommunications security emergency plann<strong>in</strong>g; 2) launch<strong>in</strong>g <strong>in</strong>formation campaigns<br />
for both citizens and bus<strong>in</strong>esses; and 3) <strong>in</strong>creas<strong>in</strong>g research and tra<strong>in</strong><strong>in</strong>g on IT security matters. It also has<br />
responsibility for specify<strong>in</strong>g rules and standards for IT security <strong>in</strong> the government sector, and for implementation<br />
<strong>of</strong> electronic signatures. The IT Security Division acts as the secretariat for the Council for IT Security.<br />
46