Why trust is essential when delivering public services

When it comes to functioning as a society, trust is at the centre of all activity. From civil safety, national security and upholding the rule of law to professional relationships and societal opinions, trust is vital to modern and legitimate democracies.

Get it right, and public trust can become the cornerstone of a working contract between citizens and government. But get it wrong, and the erosion of public trust can undermine a government’s entire ability to implement and carry out policy.

When it comes to digital transformation within the public sector, nothing is more important than trust and security.

Citizen trust is an issue that’s assessed annually by the Australian Government Department of the Prime Minister and Cabinet in the ‘Trust in Australian Public Services Report’. Findings from the 2022 report indicate that while most citizens trust public services “to make the changes required to meet all Australians’ needs” (62%), the public sector still needs to win over a third of their citizens.

Data privacy and systems security are the backbone of trust

As discussed in an independent report — Addressing trust in public sector data use, published by the Centre for Data Ethics and Innovation (CDEI) in 2020 — “The sharing of personal data must be conducted in a way that is trustworthy, aligned with society’s values and people’s expectations. Public consent is crucial to the long-term sustainability of data-sharing activity.”

In other words, people have to be confident their personal information is being given the same protection as, for example, a bank might provide in storing people’s money and savings.

Elsewhere, the report recognises the importance of security when dealing with people’s personal details.

“Sharing sensitive data requires high levels of security, which are hard to meet when data is often managed in legacy systems,” it said.

“It is particularly challenging when sharing across organisational boundaries, where each side may have different requirements for the security of their data and no shared infrastructure.”

Fast forward two years and the sage words of the 2020 report are once again brought into sharp focus following October’s cyberattack on Medibank. The breach — which involved all of Medibank’s customers having their private health data breached and posted on the dark web — is yet another timely reminder about the importance of data privacy and security.

Cybersecurity attacks have long-lasting impacts on public trust

In the immediate aftermath of the attack, IT teams were focused on their response to the incident as they sought to restore systems and shore up defences. However, for those charged with pursuing the broader policy around public sector digital transformation, the attack likely raised concerns about the potential long-term damage to public confidence.

After all, IT systems aren’t bulletproof. There’s no such thing as 100% security. It simply doesn’t exist. So, while the best security systems, processes, and protocols may be put in place, it’s also essential to have reactive procedures in place should the unthinkable ever happen.

After all, what governments need to keep uppermost in their minds is the information they’re dealing with isn’t theirs — it belongs to citizens. If someone steals my credit card details, I can always block the card. And if bad actors have used it to buy some personal electronics or clothes, I’d like to think my bank would refund the money. But if my personal details are stolen due to a security breach at the tax office, the government isn’t going to refund my identity.

When it comes to responding to an attack, the advice couldn’t be clearer. Organisations need to be open and transparent.

Rebuilding and maintaining trust should be a primary response focus

This is something about which I can speak from personal experience following the much-publicised security breach which involved SolarWinds. Not only did we follow this policy of openness, but we’re also using this experience to shape the way we run our business.

Today, if there’s the merest hint of a security issue, we use such events to train our people within our organisation, so they know how best to respond to an incident. By doing so, we can optimise our responses and rehearse protocols — such as who to reach out to — regardless if it turns out to be a false alarm.

But there’s still more to be done. And this includes closer cooperation between the private and public sectors.

On matters concerning security, the information flow is expected to come from private companies to the government. However, at SolarWinds, we believe this should be a two-way street — data sharing about such attacks should also flow from the government to private enterprises.

If this can be achieved, I’m convinced it can go a long way in helping to build trust and mitigate threats. After all, it’s only by learning the lessons of past attacks and implementing new protocols that we can hope to keep IT systems secure, protect people’s data, and maintain trust.

Image credit: iStock.com/Andrii Yalanskyi