Digital government Service or previous e-government Service is the service provided to the government by the use of information technology. In Digital Government Service information is shared or transferred from the developer to users inside government and between government and the public by using various means of information technology and communication technologies (Fountain, J 2015).
FEDRAMP is an acronym for Federal Risk and Authorization Management Program. It is a government wide program which provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. This approach uses a “do one, use many times” framework that saves estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments (FedRAMP, n.d.). During six months in 2016, FEDRAMP program saved the government $70 million and increased cloud usage by 41% (O’phelan, M 2016). FEDRAMP is created to improve security for digital service by collaborating cybersecurity and cloud services form different government Agencies and private industry. Government agencies involves General Service Administration (GSA), National Institute of Standard and technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) council and its working groups (FedRAMP, n.d.).
The U.S. Digital services has created a playbook of 13 key plays in order to meet the needs of American people. These 13 keys are created from successful practices from the government and private sectors which consists of checklists and key questions, whose sole purpose is help government build effective digital services. Among 13 key Play, play #11 is Manage security and Privacy through reusable processes which explains what specifications and compliances need to be followed while designing new services. Key questions on play #11 consists of questions that is related to protect the privacy of individual. Some key questions include, does the service collects PII, does it collect more information than required, how is the PII shared, how is public notified, etc.
Digital Government service previously known as E-Government was developed to be convenient and efficient with the use of internet and automation. Digital Government service is the “production and delivery of information and services inside government to government and government to the public (individuals, interest groups, organizations to include nonprofit, and nongovernmental organizations)” (Fountain, 2004). The laws, regulations, and policies that require federal agencies to uphold information and service compliance are as follows: “Digital Government Strategy (May 2012), OMB M-17-06, Policies for Federal Agency Public Websites Digital Services (November 2016), OMB Circular A-130, Managing Information as a Strategic Resource (July 28, 2016), and E-Government Act of 2002, Section 207” (Digital Gov, 2017).
Best Practice Recommendations for improving privacy and security (Play #11) – Federal CIO Council’s Digital Services Playbook
- Protection of sensitive information and system security through continuous review and improvement for digital services (“The Digital Services Playbook — from the U.S. Digital Service”, n.d.)
- Government agencies need to ensure that they meet requirements laid out in checklist such as those provided by the Federal CIO council’s Digital Services agencies (“The Digital Services Playbook — from the U.S. Digital Service”, n.d.)
- Ensure compliance with System of Records Notice, Privacy Impact Assessment and other program reviews via privacy or legal officers of the department or agency
- Determine, in consultation with a records officer, what data is collected and why, how it is used or shared, how it is stored and secured, and how long it is kept
- Ensure that a records officer is consulted in the collection of data and storage, sharing and securing of data as well as a privacy specialist when notifying users about collection of personal data
- Ensure the following are answered to improve privacy and security (“The Digital Services Playbook — from the U.S. Digital Service”, n.d.)
– Is personal information collected from users, if so, how are they notified?
– Are the minimum collection requires being obtained or more than required? – In what ways could the data possibly be used?
– Are users informed on how to access, correct or remove information?
– If personal information is collected how will it be stored and shared?
These are some of the best practices that were researched.
References
Digital Gov. (2017, September 25). Checklist of Requirements for Federal Websites and Digital Services. Retrieved from http://www.digitalgov.gov/resources/checklist-of-requirements-for-federal-digital-services
FedRAMP. Gsa.gov. Retrieved January 29, 2019, from https://www.gsa.gov/technology/government-it-initiatives/fedramp
Fountain, J. (2004). Digital Government and Public Health. PubMed Central (PMC). Retrieved January 29, 2019, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1277943/
O’Phelan, M. (2016). Achievement of Federal Security Milestone Illustrates Cloud Provider’s Ongoing Commitment to the Industry’s Most Rigorous Security Standards. Retrieved January 29, 2019, from Granicus: https://granicus.com/blog/govdelivery-communication-cloud-becomes-first-digital-communication-solution-to-become-fedramp-compliant/
The Digital Services Playbook — from the U.S. Digital Service. Playbook.cio.gov. Retrieved January 29, 2019, from https://playbook.cio.gov/#play11