Tongan Data Exchange Policy and Framework,
November 2021
Strategies and Action Plans
The Tongan Data Exchange Policy and Framework, finalised on 15 November 2021, is a comprehensive guide for establishing a Secure Data Exchange (SDE) ecosystem in the Kingdom of Tonga. It is a core component of the broader digital transformation envisioned by Tonga’s Digital Government Strategic Framework (TDGSF) and the Tonga Interoperability Framework (TIF).
Purpose
The framework supports the goals of the Tonga Strategic Development Framework (TSDF 2015–2025) and TDGSF (2019–2024), promoting a shift from manual to digital government services. It provides the foundation for secure, standardised, and interoperable data exchange among public sector bodies.
Core components of the framework
1. Secure data exchange ecosystem
- Replaces the inefficient and costly ad hoc method of inter-agency data sharing.
- Reduces the complexity from N(N–1) bilateral exchanges to N–1 using a shared platform.
- Encourages the reuse of data and services through modular, loosely coupled components.
- Ensures that all public data exchanges are secure, controlled, and legally binding.
- Promotes separation of front-end and back-end systems for authentication and data management.
2. Key criteria for the SDE platform
A suitable platform must meet the following technical and functional criteria:
- Message transfer: Agnostic, direct peer-to-peer communication without central bottlenecks.
- Trust: Authentication, encryption, logging, and non-repudiation via PKI and timestamping.
- Performance: Fast, scalable, and without central points of failure.
- Availability: 24/7 resilience against cyberattacks or outages.
- Architecture: Prefers decentralised design to improve resilience and independence.
- Operations: Central governance with distributed execution.
- Cross-border data exchange: Preparedness for future international interoperability.
3. Reference architecture
The architecture reflects the four layers of interoperability:
- Legal: Requires updates to laws on data protection, electronic transactions, PKI, and information security.
- Organisational: Defines roles of the Ministry of MEIDECC (as SDE operator), member institutions (as service providers/consumers), and trust service providers.
- Semantic: Mandates data digitisation, standard identifiers, and shared data vocabularies.
- Technical: Includes gateways, eID, PKI, REST/SOAP interfaces, and comprehensive metadata and registries.
Governance and implementation
- The Ministry of MEIDECC is responsible for:
- Establishing and maintaining the SDE.
- Ensuring legislation and institutional capacity are in place.
- Managing trust services or contracting external providers.
- Each public body must:
- Integrate with the SDE.
- Digitize services and registries.
- Document and register their systems and services.
Open data policy
- Emphasises the publication of machine-readable, non-proprietary data with clear metadata and licenses.
- Follows the International Open Data Charter principles.
- Encourages data to be open by default, interoperable, and usable for governance, innovation, and public engagement.
- Integration with the SDE is not mandatory for open data, but alignment with the overall interoperability strategy is required.