When collecting data, the following principles must be kept in mind: an authority may collect data only for the performance of its functions and only to the extent minimally necessary; once data has been collected, it may not be asked in duplication; data must be protected, and they must be used securely. When an authority collects, systematises, processes and preserves data for the performance of a public function, this is maintenance of a database. The National Audit Office found that local governments collect data into hundreds of databases, the majority of which have not passed even the primary control and do not use the technical possibilities to exchange data securely. Databases must be registered in the Information System Authority (databases are registered in the Administration System for the State Information System, hereinafter “RIHA”). The aim of the registration with RIHA is to support the co-capability of databases and to monitor their compliance with the requirements.
National Audit Office, Director of Audit