Information security in local government
Law on Information Security (Poland)
Access to personal data is governed by the Personal Data Protection Act. Offices are required to observe the confidentiality of personal data and appoint persons who have access to them. Data collected in the citizens' registers that issue identification cards and in the registry of vital records and statistics should be subjected to specific protection. There, it is is necessary to develop procedures making information available to citizens, and also institutions like: courts, the police, and other authorities. Presently, it is relatively easy to steal personal data using the trust civil servants have to other public institutions.
Information security problems
Offices should provide citizens, investors, and the mass media with access to information about public matters, pursuant to the Act on Access to Public Information. Such information concerns the development plans of boroughs, drafts of legal acts, financials, etc. In certain cases, civil servants try to limit the access to such information, since making some of it public may result in protests staged by citizens or adverse feedback from investors. Governing access to such information may also be the source of illegal benefits for civil servants. The issue is closely related to the provision of transparency of how offices operate.
Local borough council offices that have implemented the quality management system ISO 9001, and also CAF, care more and more about providing access to updated information about the procedures applicable while handling official matters. It expedites customer services, and also limits the necessity of visiting the office many times. Unfortunately, less than 10% of offices in Poland have certified quality management systems in place. Non-updated or incomplete information significantly impedes the provision of services and adversely affects the assessment of the quality of the office work by citizens.
The issue of having updated information is also critical for internal processes, where employees must have permanent access to updated legal acts, reports, and analyses to be able to take appropriate decisions. It requires the improvement of the flow of information.
The accountability of civil servants is the last of the issues that has been mentioned. It is assumed that administrative decisions are issued by the office. They are signed by the head of the office. In the event whereby errors have been found in a decision it is the office that is held responsible, not the civil servant who has committed the error. Removing the liability from civil servants makes some of them unwilling to improve their work and thus they commit the same errors many times.
Article published in cooperation with wawak.pl.
Author: Slawomir Wawak