What do we know of the databases of local governments?
When collecting data, the following principles must be kept in mind: an authority may collect data only for the performance of its functions and only to the extent minimally necessary; once data has been collected, it may not be asked in duplication; data must be protected, and they must be used securely. When an authority collects, systematises, processes and preserves data for the performance of a public function, this is maintenance of a database. The National Audit Office found that local governments collect data into hundreds of databases, the majority of which have not passed even the primary control and do not use the technical possibilities to exchange data securely. Databases must be registered in the Information System Authority (databases are registered in the Administration System for the State Information System, hereinafter “RIHA”). The aim of the registration with RIHA is to support the co-capability of databases and to monitor their compliance with the requirements.
Since local governments who need data to perform their functions ask a large share of the data from people, the National Audit Office wished to receive an overview of the databases of local governments and to be convinced that the primary control of these databases had been carried out. This article does not discuss the issues relating to the collection and preservation of data mode widely, but the focus is on the issues of databases.
Apart from a few exceptions, the law does not set out explicitly which databases local governments should definitely maintain. Only the document register, for which a database must be maintained, is mentioned as an obligation of local government in the law. In addition, Acts mention a few more tasks where a local government must maintain a register or collect data. For example, the Waste Act obligates local government to establish the register of waste holders; the Infectious Animal Disease Control Act provides that local authorities will organise the maintenance of records concerning dogs and, where necessary, of other household pets; and under the Cemetery Act, administrators of cemeteries must collect the information in respect of the persons interred, the grave plots and the users of the grave plots.
In the course of the drafting the overview, it became clear that local governments had registered only 175 databases in RIHA by the end of 2016. This is less than the total number of local governments in Estonia (there are 213 local governments). Besides, nearly 100 local governments had not registered a single database.
Based on the references from RIHA and public sources, it can be concluded that local governments maintain at least 925 databases. This is not an exact or exhaustive number because, in the course of the drafting the overview, the National Audit Office did not review the maintenance of databases in the local governments. When comparing the databases registered in RIHA with the databases referred to in other sources, it appears that less than one-fifth (19%) of the local government databases may have been registered in RIHA. With the majority of the databases registered in RIHA, the aim of maintaining the database coincided with the task of the local government mentioned in Acts, which among other things included the task of establishing a database or register, or of keeping records (they are e.g. document register, register of waste holders, register of pet animals, cemeteries register). These databases accounted for more than three quarters (721) of all databases identified. The databases that have been established on the initiative of local government, without the law providing for the establishment of the database, constitute more than one-fifth of the local government databases. 204 such databases and registers were found (e.g. parking arrangement database, register of plans, cutting permits database, allowances register, information system on public gatherings, immediate information system, information system on misdemeanour matters, kindergarten places register). When studying how many of these 204 databases had been registered in RIHA, it appeared that it was only a small number – 32 databases (i.e. 16% of the databases established on the initiative of local governments).
For secure exchange of public sector data, it is mandatory to use the data exchange layer for information systems (X-Road) which enables identification of the participants in data exchange and the accuracy of data. The data of RIHA reveal that only 54 databases of local governments use the possibility to exchange data through X-Road. The result is that local governments maintain several duplicating databases (e.g. local register of roads and land tax register, besides state databases). Such a situation could be avoided if local governments implemented more standard solutions (IT-companies have developed nearly 40 different software solutions that are offered as services to several authorities, e.g. various document management softwares, cemeteries register, local governments information system for excavation permits and permits for temporary closing of streets, etc.), which have the technical capability to exchange data through X-Road.
In summary, before beginning to collect data, a local government should always become aware if the collection of data is permitted and what the aim is. If it is necessary to establish a database for the performance of a function, it must be inquired which obligations must be fulfilled to maintain the database. The state on its part should pay attention to involving local governments already well in advance when establishing new databases, in order that local governments would not need to maintain duplicating databases. Also, a balance should be found regarding the requirements for databases maintained on paper and those maintained with office software. It is also clear that the state authorities’ supervision of the databases of local governments has not functioned.