Trusted third parties for secure and privacy-preserving data integration and sharing in the public sector

Abstract

For public organizations data integration and sharing are important in delivering better services. However, when sensitive data are integrated and shared, privacy protection and information security become key issues. This means that information systems must be secured and that access to sensitive data must be controlled. In this paper, a framework is presented to support data sharing between public organizations for collaboration purposes. The framework focuses on solutions towards optimal data sharing and integration while ensuring the security and privacy of individuals. Data sharing is based on the need-to-know principle, that is, data are only made available when they are required to perform core processes. To facilitate this, an approach is introduced in the form of a trusted third party that manages access control to personal information and thus helps to protect the privacy of individuals. It is argued that the proposed framework is suitable for data integration and sharing on various levels. An example of best practices of data sharing in the Netherlands shows how this framework facilitates data sharing to perform knowledge transfer and other higher-level tasks.