Should Canada Adopt a “Once Only Policy” (OOP)?
Question
What are the risks and challenges associated with adopting an “Ask Once” or “Once Only” Policy for collecting and sharing citizen data in Canada? Should it be implemented?
Overview
In the wake of COVID-19, the importance of a functioning digital government has never been more apparent. But a select few governments — Estonia, as a prime example — decided long ago to make digital government a priority, and the linchpin of that effort was an “Ask Once” policy, which allowed them to collect data a single time and integrate and share this data across departments. Canada should look to adopt a similar policy. Despite significant concerns regarding security and data privacy, such a step would allow the Canadian Digital Service to live up to its motto: to “put people’s needs at the centre of government services.”
Key Considerations and Criteria
Any implementation of such a policy should look to accomplish one or both of the following objectives: to improve service delivery (which could be by removing barriers for individuals for seeking services, providing better data security, etc.) or to save resources (measured principally by money or time). We also want to consider operational and implementation concerns (how long would this take, what steps would need to take place prior to implementation, etc.).
What is OOP?
In this scenario, government entities can ask for, and collect, data only once, and this data can be used across all or nearly all government institutions. Estonia, for example, has its own software system, X-Road, that manages the data transfers that may need to occur between organizations to complete a process for a citizen. For Estonian Citizens, that means that they fill out virtually zero forms: the various agencies coordinate to acquire all the data they need for a particular transaction. For Estonians, the only things that require an in-person visit are marriage, divorce, or transferring land — everything else is digitally conducted on pre-filled forms. This allows services to be requested, and delivered, much quicker, while providing better security for citizens’ data.
This produces real cost savings. A 2020 Deloitte report that this system saves Estonia 2% of its GDP annually, and the 24 EU countries that have followed their lead could save up to €11 billion annually. And this produces real time savings — 820 years of work every year in Estonia.
Finally, Canada is well prepared for such an endeavor. As Naeha Rashid of Harvard University has notes, countries attempting such an endeavor need a strong sense of public trust in government — which Canada has. Second, Canada has already established some of the technical infrastructure necessary to make this change. GCKey, its digital identity service, has much room for improvement but is well-established (Sign In Canada should he resolve this). Both British Columbia and Alberta have established Self-Sovereign Identity (SSI), which could serve a similar function as Estonia’s ID cards. Finally, the Canadian Digital Exchange Platform, which will serve a similar role to X-Road, is being facilitated by a partnership between Canada and Estonia.
Risks and Considerations
That being said, there are still things that Canada needs to put into place. While Canada has made strides on Identity and Interoperability, its legislation and policies have yet to catch up. Canada’s Privacy Act has been law since 1983, but it lacks enough teeth to ensure that agencies use citizen data appropriately. They should look to establish a set of policies governing government use of data, including:
- Establishing protections from unauthorized access or use of data (by both state and non-state organizations)
- Strengthening the role of the Privacy Commissioner
- Creating a mechanism to report and investigate misuses of data
Finally, Canada also needs to strengthen its protections from outside actors and foreign entities, especially in light of recent cyber attacks. Canada should look to expand its cybersecurity budget, fill vacant government cybersecurity positions (which it has started to with an innovative partnership between EY and the military) and overhaul its aging digital infrastructure. With these improvements, Canada will be well equipped to meet the challenges of a true digital government.