“Digital Guyana” key operational elements missing  

It seems that every week announcements are being made about new elements of a Digital Guyana. The most recent is the Drivers Licence Registry. The Government of Guyana (GOG) is pushing ahead with digital architecture that will govern our lives and require citizens personal data. From all indications it seems that the GOG is working towards an integrated multi-ministry and agency database.

The question that has yet to be publicly posed is concerning the classification of the information and access controls relating to this data. What constitutes classification of documents, perhaps you have heard the term “top secret”, this data or document classification. Information classification is important in determining who can access information and what information is appropriate for public release, also what information is too sensitive to release at this time.

For any integrated data system there is a need for access control. Firstly, which employees can access information within an organization. Secondly, which employees from other ministries and agencies can access information they may need for inter-agency tasks.

It is also worth mentioning that for accessing different levels of classified information, vetting and security clearances are needed by the employees to ensure that they are not vulnerable to third-party influence. This will need to be part of the implementation of “Digital Guyana”.

Without digital access control in place, Guyana’s digital architecture will be akin to cowboy country and data breaches and trading of insider information for personal gain are likely without appropriate systems in place.

This situation brings to mind the Latin aphorism – Quis custodiet ipsos custodes? (Who watches the watchers?)