Enforcement reports often contain sensitive information. Whether it concerns pollution, noise nuisance, or illegal dumping, as more complaints are now submitted online, this raises questions about the security of these digital services and the appropriate level of assurance needed.
Since 1 July 2023, the Digital Government Act (Wdo) has been gradually implemented. This legislation establishes the legal framework for secure, trustworthy, and accessible digital public services. A key element of this act is the classification requirement. This means government organisations must assess the security level required for identification and login for each digital service and enforce it.
Structured approach
Water Authority Rivierenland (Waterschap Rivierenland) adopted a careful and structured approach to classifying its digital services. ICT project manager Dirk van Sichem and business analyst Willem Sander Termorshuizen explain: “The implementation of the Open Government Act (Woo) and the Modernisation of Electronic Administrative Communication Act (Wmevb) was already on the agenda. Classifying digital services logically followed suit. In total, we classified 14 services. 3 of which are managed by the Digital System for the Environment Act (Digital Stelsel Omgevingswet, DSO), and 2 by our collaborative partnership, Rivierenland Tax Collaboration (Belasting Samenwerking Rivierenland, BSR).”
Cross-disciplinary discussions
A working group was formed for each service, including Van Sichem, Termorshuizen, an information manager, a legal expert, and a communications advisor. They collaborated using the Assurance Level Tool (Regelhulp betrouwbaarheidsniveaus, in Dutch) for joint discussions. Van Sichem and Termorshuizen note: “Having colleagues from different disciplines at the table sometimes led to debates, making the process more engaging and educational. Sometimes they finished within half an hour; other times, it would take longer. Moreover, the Assurance Level Tool featured ambiguous questions, such as ‘Do you process personal data on a large scale?’, which can be interpreted differently and require clarification.”
Putting the results into practice
Waterschap Rivierenland’s experience demonstrates that classification involves more than simply completing a tool. It requires time and commitment from colleagues across various disciplines, but it also offers insights into deliberate trade-offs concerning privacy, security, accessibility, and governance. “We’re satisfied with the results. We briefed the Dutch Water Authorities (Unie van waterschappen) through the Water Authority working group. Apparently, some classifications deviated from previously established levels, leading to productive discussions and follow-up actions at the Water Authorities. The time invested was far from wasted, though, as the process itself delivered valuable insights.”
Collaboration across disciplines
Classification requires more than just technical skill; it also demands collaboration across multiple disciplines. “The working group included colleagues from various disciplines,” they explain. “We chose these colleagues because the information manager understands the business, data flows, and systems, the legal experts help translate laws and regulations into practice, and the communications adviser ensures digital accessibility is embedded.”
