• English

Electronic data collection, whether from businesses or the population, requires proper authentication.

 Various approaches are used including using electronic signatures, certificates or electronic identity cards.

  The following documents relate to this subject:

Electronic data collection system eSTAT in Statistics Estonia: authentication, security and confidentiality issues

Prepared by Emilie Abel, Statistics Estonia, for the
UNECE/Eurostat Work Session on Electronic Raw Data Reporting ( Geneva, 6-8 November 2006).

  Executive Summary

 The main task of Statistics Estonia is to produce and disseminate objective official statistics for public institutions, business and research spheres, international organisations and individuals. For collecting data, official statistical surveys are conducted. About 150 surveys are conducted each year; in addition, special orders for foreign users of statistics are fulfilled. Data is collected from respondents by about 200 questionnaires. The number of respondents among economic entities is about 60 000. One respondent has to submit regularly about two-three questionnaires, but mostly one, in very rare cases, about 30.

  The objectives of an electronic data collection are:

  1. unified data collection process of different surveys (standardized questionnaires and tools);
  2. higher data quality (automatic check of rules);
  3. shorter data processing time for both Statistics Estonia and the respondent (accessibility).

 Another objective is to use more modern means of data collection that will contribute to improving the image of Statistics Estonia. The channels of electronic data collection are described in the paper.

Security Considerations in Web Environment

Prepared by Toni Räikkönen, Statistics Finland, for the
UNECE/Eurostat Work Session on Electronic Raw Data Reporting ( Geneva, 6-8 November 2006).

  Executive Summary

  It is quite common nowadays, that organizations are keen to offer their services online. While this is truly an admirable effort, it can also expose terrific security issues. There are five main principles in security, be it an online service or not.

These are confidentiality, integrity, availability, authentication and accountability. Each of these must be elaborately processed on the organization level before the outside access to its assets can be made possible.

XML Security

Prepared by Gregory Farmakis, Agilis SA/Eurostat, for the
UNECE/Eurostat Work Session on Electronic Raw Data Reporting ( Geneva, 6-8 November 2006).

  Executive Summary

 The deployment of a data exchange scenario extends beyond the standardisation of an XML Schema:

  • XML documents must be signedto allow the receiving party to validate document integrity and ensure non-repudiation;
  • Sensitive information within XML documents must be encrypted to prevent disclosure to unauthorised third parties, without preventing access to data necessary for document handling and routing by intermediary mechanisms;
  • Document submission must be authenticatedand authorised, especially when it triggers automatic processing;
  • Keys for signatures, encryption, authentication etc must be certified by Trusted Third Parties (TTP ).