System e-CRP flags enables high-volume exchange of personal data from the Central Register of Population to the different institutions of public administration.

An institution with appropriate legal ground can receive a permission to begin receiving personal data for all the persons that are of relevance to them. They maintain the list of the relevant persons by themselves. At first, the initial situation is established - the personal data of all the persons in the database of the user get refreshed from CRP. After that, only the changes are being distributed, only for the persons that are marked (flagged) as relevant. The distribution is normally performed by night.

Population registration in Slovenia has a long tradition, at the local level as well as at the central level. During the 29 years of its operation the Central Register of Population (CRP) gained a lot of experience with data dissemination. As it has become a very useful source of data on population it has often been called a "data junction". In the year 2000 it outgrew this level and took over the role of a "reference database" for e-government, which is the broadest preoccupation in the field of the use and development of information and communication technologies in the public sector in the new millennium. Register organisation is a position that enables the most efficient data flow from primary sources to the end users by means of different channels. When the data in basic registers of the public sector are correct, updated regularly at the same time and on time, the tasks of public administration are performed safely, easily, faster and cheaper and citizens are disburdened of reporting the changes of their data or giving the data that have already been included in a public database. Disburdening can be achieved in many ways, such as by internal organisational measures and also by using new technologies.

The heart of e-government remains to ensure easy, fast, quality and cheap access to information about government and services of the government to citizens and business using modern information-telecommunication technologies. The highest goal was to establish automatic data flow in which Personal data protection is included. The service - eCRP flags enables both, because data are automaticallly distributed (but only to the entitled users). System of eCRP flags enables that the data are distributed only in the case, when a person changes his/her data. Users of this service are all the biggest national registers in Republic of Slovenia.

 

Policy Context

In April 2006 the Slovenian government adopted the eGovernment strategy for the period from 2006 to 2010. The purpose of this new strategy is to lay down a framework and goals for further realization of new and existing eGovernment activities, especially regarding user satisfaction, rationalization of administration, and modern e-services, which will raise the quality of life and make contact with the administration more user-friendly. The strategy takes into account modern guidelines and initiatives which have been passed at EU level and which lead to success throughout the EU. It also takes into account the initiative "i2010 - A European Information Society for Growth and Employment" and the Ministerial Declaration and guidelines from the ministerial conference "Transforming Public Services, 24 November 2005, Manchester, UK".

 The strategy sets out the following eGovernment targets to 2010:

• focus the operations of public administration on user needs;
• increase the quality and efficiency of the functioning of public administration;
• increase user satisfaction;
• reduce administrative burdens;
• increase the transparency of operations of public administration;
• achieve synergetic effects at all levels of public administration through the use of eGovernment;
• include the widest circle of users in the decision-making process (e-Democracy);
• reduce the burden on human resources in administrative procedures.

 The system eCRP flag is right in the heart of these strategic goals. It enables the quality and efficiency of public administration, reducing administrative burdens and reducing the need for human resources and in the end, it is also increasing the user satisfaction. The data exchange that ensures high quality accurate and up-to-date personal data also brings important synergic effects for the functioning of public administration as a whole. 

 Besides covering the national strategic goals, the system is also very coherent with the guidelines of the European interoperability framework. The system eCRP flags has high impact for internal interoperability inside Slovenia and enables phase development andmove towards pan-EU interoperability.

Description of target users and groups

Primary target group are the Slovenian institutions of public administration. Second target group could be public institutions of other countries or EU, assuming there is a proper legal basis for such an exchange.

Slovenian Personal Data Protection Act is very strict with regard to the collection, treatment, storing and use of personal data considering the legislative, organisational, logical and technical procedures and measures with the intention of protection of every person's right to privacy and integrity as laid down by the Constitution. All these must be declared by law. Therefore the institutions responsible for the databases that are the sources of data for the CRP or/and the users of the CRP have adopted proper laws or the necessary changes in their legislation. CRP is the central personal data collection in Slovenia in two senses: it is central as a database on the national level and has the central position between data sources (on primary level) and users (on all levels). Users are the institutions which need the basic data on inhabitants for executing their administrative duties and those which set up or update their data collections on the basis of the CRP data.

Administrative use of the CRP varies: the data can be used for establishing a new register and for its further updating during chosen periods. Small, individual uses are also common. Examples of registers and users from different fields of work are: taxes, health care (birth, death, vaccination and cancer register), health and pension insurance, national defence, geodetic service, jurisdiction, social security and, last but not least, elections (from the CRP we print lists of voters and individual notices on elections).

 

Description of the way to implement the initiative

e-CRP is a transformation of CRP transactions performed by the employees of responsible department into self-service transactions started by a user and performed by e-CRP services if so approved by the Security Scheme. In this context, a user is an institution that provides or uses CRP data. As the threats of modern technologies towards integrity of a person are stronger in e-environment than in paper-environment, the care for personal data protection has become even more important. Therefore our attention has been specially concentrated on security and we have started a project of implementing Security Scheme. A user is registered in e-CRP (in Security Scheme) no sooner than his request is approved by the manager of CRP as regulated by directions of Minister of the Interior. In his written application he provides the necessary data for Security Scheme tables. A user must have a legal right: he states the laws/acts and relevant articles, indicates the requested data and for which purposes he has the right to receive them; he describes the kind of service he expects from e-CRP and filters that will frame the extent of his rights.

The procedure is also published in our Official gazette and is communicated regularly on different events such as conferences, forums etc. The system is also promoted trough our "reduction of administrative burdens" channel.

Ministry of Public Administration is responsible for financing and strategically positioning the solution and also for providing the infrastructure (servers, network etc.) for the system. Ministry of the Interior is responsible for the contents and the quality of the data, and for the organisational and legal aspects of the system.

Technology solution

External users of the Central Register of Population can access data only trough services of the eCRP. The data that can be received by a specific user group is limited by laws and controlled by a special control table of user privileges. All the data exchanges must be logged due to the Personal protection law. The system that takes care of controlling and filtering the user access together with all the necessary logging, is called the Security Scheme.

eCRP services are developed in the technological environment of Oracle Database, using the programming language PL/SQL and mainly refers to the  concept of the "Snapshot replication" (DBMS_SNAPSHOT, DBMS_JOB).

The service for distributing the changes of personal data, is an example of such a service.

There are 3 main processes of the eCRP flags system:

• establishing the initial situation
• updating of the flags
• transmitting and confirming the data packages

1. By establishing the initial situation, the user creates a list of personal identification numbers (PINs) of persons that are of his interest. For these persons, the user receives (by CD or DVD) an initial package of personal data: name, surname, tax number, gender, date of birth, date of death, permanent address, temporary addresses, foreign addresses, different statuses and control dates.

2. Process of adding a new flag of removing a flag. For each person that a user puts on the list (sets a flag), he must have an appropriate legal ground. In is possible that a data protection officer makes an inspection and by randomly checking he can detect any suspicious activity.

For each flag added, a complete data picture for corresponding person is added to the exchange table. There are all the necessary logic controls - if an user attempts to add a flag to a non-existing person or if he tries to remove a flag of the non-flagged person...

3. Daily changes are prepared each night, for each user separately, according to his list of flags (PINs). These changes are prepared in a working table, consisting only of the changes. The user can use these changes to update his own databases with the fresh personal data, relating to the PINs. For each day, a separate package of changes is prepared. After the confirmation of a successful transmission, a package is deleted.

The transmission of changes is implemented by pull method. At 0:00 hour, the batch job is started that prepares the packages of the side of eCRP. At 2:00 hour, the user can automatically grab the prepared package and perform the updating of his own databases. After the successful processing the user confirms the transmission and frees the working table.

The network connection between the eCRP as a data source and the users is implemented over a secure private network and the communication is encrypted.

eCRP flags system offers total automation of the process, transparency of the transfer and fast, secure, high reliable, robust solution.  

Technology choice: Proprietary technology, Standards-based technology

Main results, benefits and impacts

The number of exchanged data records by years:
2003: 36 174
2004: 1 777 900
2005: 3 467 184
2006: 2 643 376
2007: 3 773 265
2008: 41 394 635
(the population of Slovenia is around 2 million)

The main users of our system are:

• Social security registers
• Tax register
• Land Cadastre
• Statistical Office of RS
• Health institutions
• Agriculture registers
• Employment registers
• Pension insurance register
• Jurisdictional registers and procedures
• Local communities (municipalities)
• Business register.

 

The main impact of the system is a reduced need for the citizens to provide different certificates (ex. of their birth, address etc.) when they request an administrative service.

Different national institutions in various sectors have followed the positive example and today have the appropriate legal basis for using the service. As a result they are now promptly receiving all the changes of personal data (names, surnames, addresses, deaths...) of the persons that are of their interest.

As an added value, there now is a central log of all the data exchanges that have been performed. So an individual can now gain an insight which institutions have received his personal data, together with the reasons, date/time and other metadata.

Users are very satisfied with the service, because they are gaining really big savings. Users must no longer carry their data from one institution to another by themselves, and public servants can access an up-to-date personal data of a client, the moment they need it.

Track record of sharing

It is possible to implement similar data exchange in all cases where the databases are central and the quality of data is sufficient. The key factor is that there is a KEY, ex. personal identification number or tax number, that can be used for setting flags to the records of interest.

The principle can be used internally and externally. It could be used also for cross-border data exchange, but the data protection sound be ensured (encrypted communication lines, legal basis etc.).

Lessons learnt

Massive data exchange between public administrations can result in big savings for citizens and for institutions.

Really efficient e-government services like this are invisible to the citizens, but it is essential to strictly respect all data protection rules and standards. Data protection muse be ensured on both sides - with the provider and with the user.

The quality of data plays a very important role. Not only the data quality of the provider, but also data quality of the user.

Scope: Cross-border, International, National, Pan-European