MIT Solve

Basic Information

Solution Name

National Database Access Authorization and Notification

Tagline:

Platform to request access authorization to Database information, plus be able to notify person whenever personal information is accessed.

Pitch:

With the focus of this challenge being on giving persons more control over their personal data and information, the solution proposed is that some upgrades need to be made to the currently running National ID platforms.

To put this all together we will need some measures and policies to guide against misuse of personal information. The measures I am proposing include:

1. Creation of the capability of the platform to request authorization of access of National database information. Once there is need to access a citizen's information, the process must be made to include a response from the individual to go ahead with the access. This will cut down on unauthorized access rate from across the platform hence keeping citizens at rest with their information as well as give them more control over their information.

2. In other cases when your data is accessed e.g by government or any other authorities for security or any other justified reasons, the citizen should be able to receive a notification stating who accessed, why, where, when, how and for what purpose.

3. Creation of restrictive data access interfaces with more layers of security around them to cut down on unauthorized access. Proper storage of System User Access information to allow for future audits to make sure that personal data is not abused or misused for malicious and corrupt intentions.

Solution location:

Kampala, Uganda

Solution's stage of development:

Idea

About Your Solution

What makes the solution innovative:

To this point in time, after obtaining the National ID in my country there is hardly any control left in the hands of the citizen regarding the information gathered prior to the issue of the card, this information lies in the National Database.

The technology in question may not be new, however its application may be in this case. Any personal interaction with the database is currently out of question or hasn't been considered yet. This leaves citizens with absolutely no control over their personal information.

How the solution demonstrates 'privacy by design':

The solution demonstrates 'privacy by design' through catering to the areas of:

- End to End Security by guaranteeing strong security of data entered into the system as well as requiring the authorization of the individual before information is accessed.

- Respect for User Privacy by keeping personal information from falling in the wrong hands, plus notifying the citizen whenever personal information is accessed.

- Visibility and Transparency which caters for accountability, openness and compliance of the system, hence increasing the likelihood of more citizens to trust the system and get on board.

How the solution can be incorporated into digital identification systems:

The solution can be incorporated into digital identification systems through upgrading of the existing system. New processes and policies can be embedded into the system after clear analysis of their feasibility.

Once the processes being proposed can be clearly specified, justified or deemed workable, there will be some programming required to integrate them onto the platform to make them functional.

For the solutions proposed to work it must conform to the international privacy laws, otherwise if the laws are autonomous it may be impossible to implement some of the features or objectives brought forward.

The public will need to be thoroughly educated on the changes being made to the system such that they are able to understand the pros and cons if any, and hence embrace the systems personally rather than being coerced into getting on the system.

How the solution is 'user-friendly':

The solution is user friendly in the sense that it will not greatly affect the underlying system that is already in use but rather enhance for instance with a new access design.

For the sake of system authorization one will only need to click on the response button at that moment, which shouldn't be a hard thing at all.

As for the citizen information access notification, all that a citizen has to do is to read the message and then find out if it was legally accessed or not.

How the solution ensures interoperability:

As this is still an idea stage of the solution, the question as to whether it will have interoperability capabilities will be down to the requirements of the system.

API integration capabilities will be something to consider if the risks are low and it solves the underlying issue of privacy and information security.

How the solution accounts for low connectivity environments and for users with low literacy and numeracy levels:

Users in low connectivity environments will not need to worry much as this solution will cater to them as well with central points for information access and assistance being set up for them.

This being a national project means there are already government structures throughout the country to be able to implement the solutions in brought forward.

Concerning the low connectivity, the technology that is in places uses Unstructured Supplementary Service Data or USSD to send and receive information.

Vision over the next three to five years to implement or grow the solution to affect the lives of more people:

The vision in the next 3 to 5 years is that most countries will seek to implement this solution after seeing its advantages vs disadvantages. Scalability will depend on the willingness of countries to adopt the upgrades to the system whenever deemed necessary.

All in all, citizens should be able to have more control over their data/information in the National Database as well as enjoy the security that guarantees their information is safest.

Country where the solution primarily operates:

Uganda

About Your Team

Partnership Potential