Findings

The research results are presented according to the six investigated categories.

  • 1 basic service information
  • • all e-services have been created in the last 15 years, but an early implementation does not necessarily mean higher level of maturity
  • • information about the level of computerisation is not always offered, or not so that it can be automatically translated into English (e.g. content embedded in Flash)
  • • the same e-service can offer different levels of maturity depending on the type of transaction, which makes it difficult to determine the level of computerisation.
  • 2 users
  • • the e-services are used both for external and internal users
  • • only five cases of mandatory e-services were detected: three for citizens (social security benefits in Sweden, building permission and health- related services in Estonia), and two for businesses (social contribution for employees in Belgium and Croatia)
  • • materials for users with disabilities were available in 67% of the services.
  • 3 business optimization
  • • public availability of financial indicators about e-services is extremely scarce
  • • some e-services report benefits to users (e.g. reduction of process time, or increase in performance), but institutions do not publish information about possible internal reorganisations because of their implementation (e.g. reduction of departments, decreasing the number of employees, etc.).
  • 4 technological solutions
  • • all e-services require some kind of user authentication
  • • communications are encrypted in most cases
  • • the most commonly used signature format is XML Advanced Electronic Signature (XAdES)
  • • web forms are the usual way of communication and sometimes allow attachments to be added
  • • there was no information about the kind of technological solution being used (open-source or commercial)
  • • only in one case does the same institution host the e-service
  • • no information was found about the use of cloud solutions or if the servers were located in other countries
  • • only three e-services included reference to ISO 27001 (information security).
  • 5 storage and long term availability
  • • retention periods vary according to the kind of information, the institution, and the legal requirements, in some cases up to 30 years
  • • seven e-services reported that data is deleted at the end of the retention period
  • • the use of long term preservation formats was declared in only one case
  • • in specific cases, printing transactions on paper is required for personal documents or sensitive data, and the digital form of the information is subsequently destroyed
  • • no information was found about the use of long term preservation standards or secure digital archiving services
  • • in 19 services, the institutions provided information on where the data was stored, although only four cases were referring to cloud solutions.
  • 6 system operation transparency
  • • less than 50% of G2C e-services have online policies, while almost 80% of G2B have them. Particularly noteworthy are policies in the UK regarding the use of personal data limited to the purpose of the e-service
  • • information about non-disclosure measurements is only available in health-related services
  • • in general, users can access their data and ask for its correction, but they cannot correct it directly themselves
  • • about 50% of G2C e-services allow application status tracking, while it is available for most G2B e-services.

Discussion

First, it is necessary to point out the lack of standardized information for conducting comparative analyses like these, at least based on information available online. This is even more complex if one wants to evaluate the level of trust e-services are offering to the users. In this sense, the fact that most of the analyzed e-services are not mandatory and that they coexist with their analogue counterparts could suggest that there is not enough critical mass of users. That may be the reason for the lack of information about these e-services. Therefore, the facts whether a service is obligatory or not, and whether it has achieved critical mass of users or not, should also influence assessment of the implementation success of e-services in the organisations. Having enough relevant information about e-services is undoubtedly of public interest. Their availability could support efficiency of e-services and increase transparency.

In general, the details regarding the information security of the e-services are scarce, and with few references to national or international standards.

Lack of publicly available information on the existence of contingency plans and plans for long term continuity should be noted. This is even more serious in relation to the requirements and processes related to long term preservation or to retention and disposition of information linked to these services.

Finally, based on the research results, it seems that citizens are in a worse position than businesses regarding the (non)availability of information referring to the purpose of data collection. Lack of availability of relevant information about the e-services’ operations, at the time of this study, is worrying. Also, introduction of the General Data Protection Regulation (2016) did not motivate e-services to provide more precise information.

 
Source
< Prev   CONTENTS   Source   Next >