Ask Once: Balancing Efficiency and Risk in Digital Governance

Memorandum For: The Honourable Joyce Murray, Minister of Digital Government

The Canadian digital governance strategy stands at a crossroads, and ministers must decide whether to adopt a comprehensive Ask Once framework and pursue the extensive legal, policy, and technical developments required for implementation. By enabling stakeholders to provide data to public institutions just once before that information is automatically shared between government departments, Ask Once offers citizens and businesses a more seamless and user-friendly government service experience. Furthermore, these policies may result in substantial efficiency gains through government-wide data standardization and the elimination of redundant data collection and storage systems. However, these benefits must be weighed against the privacy and security risks of centralizing sensitive personal information in an integrated government database.

Challenges to Implementation of Ask Once Policies

Canada has placed Ask Once “experiences” at the heart of its official service strategy, launched an Ask Once system for direct deposits, and its citizens generally support digital governance. However, while Estonia, the Netherlands, and, to a limited extent, the United Kingdom have each implemented large-scale variants of an Ask Once framework, Canada must first overcome several legal and technical challenges, as well as develop policy frameworks to allay privacy and data security concerns.

  • Legal Restrictions on Data Sharing: Canadian legal barriers and overly-stringent privacy protections prevent inter-departmental sharing of relevant data attributes. While Canada need not implement Estonia’s legal mandates regarding Ask Once, enabling legislation will be necessary to encourage departmental investment in data sharing.
  • Technical Bottlenecks: Successful deployment of an integrated Ask Once framework requires synchronized information sharing between government networks and a common digital identifier to resolve entities. While the Canadian Data Exchange Platform (CDXP) and Sign in Canada have begun to address these two requirements, departmental integration is currently hindered by a patchwork of siloed systems. Adding further complexity, this technical innovation must be guided by policy development that addresses critical issues like differentiated access standards to protect sensitive information, and determining temporal or purpose-based restrictions on data use.
  • Data Privacy and Security Concerns: The centralization and standardization of sensitive information in government hands, such as medical or financial data, presents a grave privacy challenge. Citizens may be rightly concerned about how aggregated information can be used by governments to track, investigate, or influence individuals. Furthermore, as the OPM Data Breach demonstrated, poorly-secured databases with rich personal information are valuable targets for criminal organizations, non-state actors, and foreign governments.

Recommendation

Despite these challenges, the value proposition for Ask Once is clear, and it should be adopted. Canada has the institutional capacity to overcome technical hurdles, a demonstrated commitment to protecting individual privacy and the rule of law, and a well-reasoned Digital Operations Strategic Plan. Mitigating the risks of Ask Once and maintaining public buy-in will require a commitment to Canada’s Digital Charter, an individual right to access, utilize, and correct stored data, robust data access permissions, and clear standards regarding user consent to data aggregation. If these are pursued faithfully, Canada’s Ask Once experiment will be a success.