An Agency Where Protecting People’s Privacy Comes First

8 May 2020

Safeguarding individuals’ personal information should always be paramount in the design of online government services, says Joanne de Morton. And that means customers always knowing what they’re consenting to, where their information is going, and how it’s going to be used.

agency .jpg

As a digital-first organisation, Service Victoria was in an enviable position to swiftly and seamlessly transition the whole organisation to remote working in support of efforts to slow the spread of the COVID-19 pandemic. 

All of our current services are operating to the same high standard as before, and work is continuing with our partners and stakeholders to deliver on several new features in the pipeline. 

If anything, this unprecedented pandemic has highlighted the important role of digital government, and how there’s never been a better time to get things done online.

Who are we?

Service Victoria was set up by the Victorian Government to make it faster and easier to get things done with government. After two years and a million customers, we’ve learned a lot about what Victorians are looking for from online government services. 

Our initial alpha and beta designs were built using customer research involving more than 5,000 Victorians. Starting with simple transactions, such as applying for a recreational fishing licence and renewing vehicle registrations, we now have a suite of complex, multi-faceted transactions – from seeking eligibility for a solar rebate to applying for a Working with Children Check.

Our focus is on creating trust by designing integrated, end-to-end digital services based on the things customers have told us they want when dealing with government. And customers have told us that privacy and protecting their personal information are equally as important as the way services are designed.

Data privacy is fundamental

Understanding the balance between privacy and convenience is paramount to the success of government because it’s often the case that people have no choice but to transact. Getting the balance wrong amplifies distrust. It was for this reason our legislation embeds privacy and data protection with even stronger standards than in the Privacy and Data Protection Act 2014

The Service Victoria Act 2018 strikes a balance between convenience, privacy and security by enshrining customer choice to the greatest degree possible. 

Customers can choose to transact as a guest, which means we don’t keep their personal information. And our legislation prevents us from linking information from their other transactions. Alternatively, they can choose the convenience of a Service Victoria account, through which they can see all their transactions in one place. And if they’ve verified their identity with us, they can ask us to remember that for reuse in future transactions. 

Privacy is one of our biggest strengths – we work hard to only collect data that is absolutely necessary for each transaction. 

Importantly, we don’t hold all of this data on our platform. We integrate with the back-end systems of departments and agencies which retain the system-of-record. Information is pulled from their systems each time a customer accesses their account, and the data is purged when the browser is closed. 

The individual, therefore, is always in control. Adopting this ‘privacy-by-design’ approach means that customers always know what they’re consenting to, where their information is going, and how it’s going to be used.

A digital government ecosystem

This approach to privacy is based on a technology architecture that supports an holistic view of the customer. 

Service Victoria’s enterprise-grade digital platform is the foundation for a government ecosystem of fully digitised system-to-system services. We’ve invested in component parts – common across all transactions – so they are reusable for other agencies creating economies of scale. 

This modular architecture, like Lego blocks, allows us to pivot, adapt to change and embrace new opportunities quickly and at very low cost. We use software interfaces known as APIs (or Application Programming Interfaces) to connect microservices – the same way that Netflix created their platform. This entirely cloud-based platform was created in just six months and was significantly under budget.

Our model is also efficient. It has already saved government millions of dollars by allowing departments and agencies to use our platform, rather than create their own. 

We have invested in end-to-end encryption, bank-level security, 24/7 threat and misuse monitoring, and multi-factor authentication to make sure that people’s personal data is kept safe. Agencies also save on the cost of compliance. For example, we maintain our payments platform to the Payment Card Industry Data Security Standards, which avoids duplicating costs across every agency to maintain compliance. 

Making online services more available 

Removing the roadblocks to fully-digital services has been a significant focus. 

We have tackled some tricky service design challenges and our digital proof-of-identity has already saved almost 25,000 people the time and effort of showing their ID in person – a process that often involves handing over the same personal information multiple times to different agencies.

Our digital licence capability has an enforcement function for officers to check the system-of-record using Bluetooth, without touching a customer’s phone, regardless of whether there is internet connectivity or not. The recreational fishing licence was the first digital licence in Victoria and lets fishers share their licences with authorities without them ever boarding a boat or making physical contact. 

Just five years ago, our research showed that 19% of people would not transact online. 

Those who didn’t want to transact online weren’t from audiences traditionally considered ‘vulnerable’ – such as people living with a disability and those from lower socio-economic or culturally-and-linguistically diverse backgrounds. Assumptions about what constituted ‘vulnerable’ customers needed to change. The research showed people from these groups were just as likely to use online services as the broader community. The common element among people reluctant to transact online was their lower levels of digital literacy.

Things are constantly changing. Recent research reveals up to 97% of customers are saying they are capable of using technology to perform basic day-to-day tasks. For almost everyone, a skill gap is no longer a barrier to government online services. The challenge is to make sure they’re easy for everyone to understand and use.

Which is why service re-design plays such an important role in government now. It’s great to see government agencies embracing user-centred designs and agile methods in a bid to focus on customer service as an important business function.

However, the challenge of reducing siloes to help solve the problem of fragmentation for customers remains – and doing this will also help to reduce duplication across government. 

Embracing a horizonal perspective

The concept of consumable, modular architecture enabling a broader ecosystem is still not well understood. And the strong vertical accountability for government agencies means there isn’t usually the funding, mandate or incentives to deliver services from a whole-of-government view.

This ‘government-as-a-platform’ view has the ability to transform government operating models and has implications for the design of policy and regulatory services. Government typically is framed around traditional linear industry verticals, but the platform perspective is horizontal.

The emerging ‘Rules as Code’ discipline – an approach to create and publish regulations, legislation and policies as machine and human readable – also has the potential to drive innovation by enabling automated or semi-automated decision-making processes, and better maintaining the policy intent in implementation. 

True digital transformation can’t just be the domain of IT. It requires multidisciplinary teams jointly designing future policy rules as text (legislation) for humans, and as code for machines.

This philosophy has driven Service Victoria to develop an internal team of public servants with diverse, specialist skills. Architects, developers and engineers work alongside policy and business analysts and user experience specialists. 

These new skillsets and ways of working, together with a scalable platform and privacy-enhancing data design, form a solid foundational capability for future innovation in customer service delivery. 

Joanne de Morton has been the Chief Executive Officer of Service Victoria from day one. Her extensive government experience, as a deputy secretary and senior executive in both central and line agencies, helped transform Service Victoria from a ‘tech start-up’ to an award-winning digital platform.

For more information about Service Victoria visit their website.