INTERNATIONAL SOCIAL SECURITY ASSOCIATION

INTERNATIONAL ASSOCIATION OF SOCIAL AND PENSION FUNDS

European Meeting
Social protection of migrant
labour and globalization

Baku, 7 - 9 September 2005

Data exchange and use of ICT

Otmar Scheitl
Manager for data exchange
Federation of German Pensions Insurance Institutions
(VDR)
Germany

ISSA/EUR/BAKU/05
Data exchange and use of ICT

Otmar Scheitl
Manager for data exchange
Federation of German Pensions Insurance Institutions
(VDR)
Germany

INTRODUCTION

Organization of the German Pension System

At the present time compulsory pension schemes for workers in Germany are organized
under 22 regional insurance institutions (in the Länder) and 2 occupational institutions
(railway workers' and seamen's insurance funds). There are central schemes for the mining
profession, which is insured by the Federal miners' association (Bundesknappschaft) and for
salaried employees by the Federal Insurance Institute for Salaried Employees
(Bundesversicherungsanstalt für Angestellte (BfA)). In addition the German compulsory
insurance system includes the Federation of German Pensions Insurance Institutions
(Verband Deutscher Rentenversicherungstrager (VDR)), a voluntary union of all the pension
insurance institutions which has the legal status of a private association and carries out all
coordination and service provision for pensions insurance. This administrative structure that
has evolved in the course of time no longer meets the current changes in social and
economic conditions.

The bill now before the Federal parliament has been preceded by years of discussion and
debate. This has resulted in a general consensus, approved both by the workers,
represented by the workers' unions in self-government of the pension insurance institutions
and by the employers, represented by the employers' unions, and also by all the major
political parties in the Federal Republic of Germany. It was also necessary to seek the
agreement of the Regions (Bundesländer), who are responsible for the regional institutions.
The following key points describe the new organizational structure of pension insurance
schemes in Germany:

ƒ All pension insurance institutions in Germany are grouped under the banner of "German
pension schemes" (Deutsche Rentenversicherung).
ƒ All the institutions remain separate organizations; intensive benchmarking encourages
internal competition between the institutions.
ƒ VDR and the biggest institution, BfA, merge to become a "Federal institution with
integrated umbrella organization". This Federal institution groups all the most important basic
and across-the-board tasks.

Otmar Scheitl
 -2-

The scope of this future top organization will be much greater than that of the present
VDR. The merge of VDR and BfA, the biggest pension insurance institution, means that the
competition that has existed until now between these two institutions will disappear. Apart
from the Federal institution with an integrated umbrella organization and the regional
institutions there will be another Federal institution, responsible amongst other things for
miners, railway workers and seamen. Insured persons will be divided 45 per cent in the two
Federal institutions and 55 per cent in the regional institutions, where it is also assumed

My department which includes the department of "international data exchange" within the
VDR and also within the new organization is the so called DSRV. DSRV stands for
“Datenstelle der Träger der Rentenversicherung”, which means a sort of Clearing House for
the other pensions insurance institutions in Germany.

The main tasks of DSRV are gathered around one large dataset, we call “Stammsatz”.
Here we store to each person, who was in contact to the German pension system some
personal data like names, date of birth, address and so on. Very important is the Pension
Insurance Number, which is the identification key to all of our data. And we store also the
competent Institution for this person. I have mentioned, that there are a lot of Institutions,
which are responsible for our insured persons, to store the history of insurance times and
calculate the pension. We store by this time about 110 Mio. of datasets in our Stammsatz.
We use it for:

• Unequivocal the Pension Insurance Numbers;

• Searching the Competent Institution;
• Data Distribution within the German Pension Insurance System.

Other task of the DSRV are:

• Excepting data for the German Pension Insurance System from other authorities and
distribute to the local institutes;
• Gather and dispatch data from the German Pension Insurance System to other authorities
and

We are the Forwarding Point and designated body for the international data exchange.

MIGRANT WORKERS

Regulations 1408/71 and 574/72 guarantee rights to Migrant Workers: no discrimination,

retention of acquired rights, or rights being acquired and export of benefits.

Legal measures to protect and preserve the social security rights of citizens who make
use of their right of free movement within the European Communities have existed for more
than 40 years already. Today, Regulations (EC) No 1408/71 and (EC) No 574/72 set out
social security coordination rules which define how those citizens who move within the
European Economic Area are to be protected by and within the social security systems of the
Member States. How are these rights realized in the practice?

Otmar Scheitl
 -3-

These social security coordination rules are applied and put into practice through
information exchange between social security institutions of the member states. This means
that, in order to guarantee appropriate and correct protection of the social security rights of
mobile citizens, there is a permanent, regular and complex information flow between
hundreds of social security institutions in the member states, comprising mainly information
on validity of rights, insurance history, competent social security institutions, identification of
the citizen and payment of benefits and contributions.

To mange this information flow, there are some committees and boards in this field.

• The Administrative Committee for migrant worker decides. It is build from legal experts,
from ministries in the 25 member states.
• The Technical Committee for Data Processing (TCDP) proposes technical means to the
administrative Commission. It is build from either legal and ICT experts, at least one of each
per member states, who are sent from the competent Institutions or the Forwarding Points.
• At least, the Direction General for Employment of the EU coordinates the activities within
the whole European context.

Despite the opportunities opened up by the development and existence of modern

information technology to carry out these information exchanges effectively and in an
automated way, electronic processing is used only very marginally for these purposes.

One Outcome from the Technical Committee is the TESS-Project. As the Technical
Commission on Data Processing has brought together persons in charge of IT systems of
social security institutions at national level, it has contributed essentially to the formation of
particular cooperative relationships and contacts between Member States, which have
allowed a limited group of Member States to go further with electronic exchanges between
themselves within the framework of the TESS program. This has been done on a very
pragmatic basis, as described below.

Now let us have a closer look to the topic migrant workers and their social rights in the
European community. Let us see, how data exchange can help and speed up the whole
process.

What is the conclusion from our example with Paolo Europeo? An electronic data
exchange has some great advantages:

• Safe time
ƒ If you have exchanged all time of employment in the past, in the case of a pension
claim, the national insurance numbers and the history of insurance times is well known in
both participating countries.
ƒ You will have a lot advantages (times are stores, no break between electronic
workflow and paper forms) when calculating the pension (automatically).

• Security
ƒ No loose of insurance times, insurance numbers, amounts of salary.
ƒ Claimant for a pension and the two competent institutions have knowledge of the
information in parallel.

Otmar Scheitl
 -4-

• Cooperation between the competent institutions by means of technique

DATA EXCHANGE AND EU REGULATIONS

The competent institutions are responsible for storing insurance numbers, times,
employments and for managing claims and calculating pensions.

The Role of the Forwarding Points (FP) are as follows:

• Routing
If the final destination is unknown the FP must be able to identify the final receiver

• Security
Within the international network the FP is responsible for Data integrity and Confidentiality

• Acknowledgement
The receiving FP has to acknowledge the receipt and to give information about the final
receiver

The advantages of the new practice are:

• Clerks are discharged of tasks which are simple or susceptible to errors or involve much
time;
• Reducing considerably the time of investigation;
• Improving quality in the assessment of pension benefits;
• Better transparency for the pensioner by improved representation of the decision;
• Identification of the competent institution located in another Member State without
difficulty;
• Improvement of communication between the clerks involved in the Member States
concerned.

TECHNIQUE

Now the same from an more technical View and the present arrangements for electronic
exchanges:

Historically the TESS program has always favored international standards because it was
the only way of interconnecting heterogeneous IT systems, guaranteeing interoperability, and
probably also because the use of international standards has always been recommended by
the European Interoperability Framework Program (IDA program), which remains the major
source of funding of the TESS program.

The first TESS architecture, during the TESS/SOSENET phase of the program, was
mainly structured around OSI standards: X.25 and X.400 for the communication and
EDIFACT for the format of the messages exchanged. Today, still in full accordance with the
IDA Interoperability Framework, the TESS architecture is structured around the Internet and
emerging technologies, which are more flexible, less expensive and easier to maintain.

Otmar Scheitl
 -5-

These technologies rely upon the TESTA network that has been set up as a horizontal action
of the IDA program for administrative authorities in the Member States to exchange data
electronically. It consists of generic telecommunication services provided under IDA that
allow exchange of data with other administrations by making use of a single service provider,
which ensures security and delivery of the data in another Member State. From 2002, as
recommended by the IDA, the TESS community decided to migrate from EDIFACT towards
XML. Some preliminary experiments were launched with the EDIFACT-XML bridge to test
the new standard. Today, six forms have been developed in XML and are being tested in the
various Builds.

The majority of the new Member States have expressed their preference for exchanging
the forms electronically rather than on paper and their strong support for the XML standard,
which some of them already used at national level for the interchange of data.

As described below, the TESS architecture has provided common IT architecture,

infrastructure, format, (TESTA) network and (XML) standards in the fields of pensions and
health care to Member States which have been willing and able to use electronic exchanges.
The TESS participation costs to the Member States are low. As TESS clearly is a process of
common interest, the creation and the maintenance of the system have been financed by the
European Commission. It would be impossible to have any EU-wide electronic exchanges
between social security institutions without the existence of these factors. The delegations on
the Technical Commission generally consider the TESS structure to be very functional and
reasonably established.

With regard to the status of electronic exchanges in the TESS program, in spite of the
efforts and the goodwill of each Member State, it should be recognized that the current
achievements are very far from the initial objectives of the successive work programs of the
Technical Commission that have been issued over the last ten years. The voluntary nature of
participation in the electronic exchanges and the fact that the E forms have been initially
designed for being exchanged on paper have probably not facilitated the electronic
exchanges. In this context, it has to be underlined that the new Decision 118 of the
Administrative Commission on Social Security for Migrant Workers recognizes for the first
time electronic exchanges as the standard, whereas paper exchange is relegated to the
“default” procedure.

Network and data formats

TESTA provides a telecommunications infrastructure for European administrations. It is a

private network for public administrations. Public administrations need access to modern
telecommunication services for their operations. In their daily dealings, they are embedded in
and rely on the well-functioning of a web of relationships with citizens, enterprises, non-profit
organizations and other public sector bodies. Telecommunications and information
technology (IT) are not only key to achieving efficiency in these dealings. Very often, they are
a precondition for the very functioning of the administrations.

TESTA responds to the growing need for the exchange of information between European
administrations. This requires a coverage of all Member States and EFTA countries and
increasingly also of the accession candidates. In terms of scope, it presupposes a degree of
capillarity permitting communications with any administration carrying out a European policy.

Otmar Scheitl
 -6-

This ambitious goal can only be achieved in the joining of forces of national and European
initiatives.

The TESTA approach is collaborative: it builds on national efforts to establish national,

regional or local administrative networks by forging these to a trans-European network. IDA
provides the EuroDomain, the network interconnecting national/regional/local networks and
the EuroGates, the access points, while national administrations take charge of connecting to
the EuroDomain.

The basic concepts on which TESTA builds stem from the IDA Architecture Guidelines
are:

ƒ the EuroDomain;
ƒ the Local Domain; and
ƒ the EuroGate.

The EuroDomain is defined as "a common set of panEuropean telematics services agreed
upon, owned, and managed by the IDA community, enabling transparent link between
various Local Domains of the European Community of Member State Administrations and
European Institutions, as applied by one or more service provider.

In networking terms, the EuroDomain can be seen as a backbone network, defined by the
access options, the access point locations and the services provided between these.

A Local Domain is "a set of homogeneous telematic services used by national

Administrations (including networks linking National Administrations), or European
institutions. Local Domain can range from a single LAN to a national network that acts itself
as a national backbone.

An EuroGate in networking terms, can be considered as a router directly giving access to

and managed by the EuroDomain.

The EuroGates can be accessed using any state-of-theart protocol, including leased lines
(native IP), Frame Relay or ATM. At off-net connected sites, the customer interface will be a
LAN-port on the router provided by the EuroDomain operator.

Beside this virtual private network defined with TESTA, it offers to the connected user
some services like Domain names services (DNS), web-hosting, file transfer and so on,
which you can use to fulfill your specific task. Services are guarantied by Service level
agreements.

Used data formats in the EU:

• Flat File (magnetic tape format) with fixed data description or with field separator;
• EDIFACT (Electronic Data Interchange for Administrations, Commerce and Transport);
standardization through the UN, (especially used in banking and business sector);
• XML (eXtensible Markup language) – developed by W3C; Use of schemas (E202, E205,
E207 and E203 just ready).

Otmar Scheitl
 -7-

Security

Security is an important topic as the data contained in the E-forms are considered as
personal data, and as such, need to be protected. However, security is viewed differently by
Member States, depending on their national legal systems.

In principle, the sender of data is responsible for his sending, according to his/her national
law. In practice, this means that Member States with strict security law will send their files on
CD or floppy via normal mail with special secure status (i.e. registered letter). For those
Member States, electronic file transfer is allowed only if the file is encrypted. However, it is to
be noted that in some Member States who don’t have to use encryption, there is a
willingness to use encryption for teamwork reasons (for example, FR, LU).

To answer the need for security, PGP (Pretty Good Privacy) has been chosen. PGP is a
tool to protect data, which is free in internet. All Member States can easy have access to this
tool, which is available for different platforms like Windows, LINUX or other UNIX-dialects.

There are two parts in security:

ƒ Ensure the data are not readable by a third party;

ƒ Authentication i.e. the verification of the identity of the party who generated data and
the integrity of the data.

To answer both requirements, data should be encrypted and signed (electronic signature).
The encryption ensures the data are unreadable by a third party. The electronic signature
ensures the data really come from the sender and are not modified.

PGP also allows you to create a key pair. A key pair consists of a “public key” and a
“private key”. The public key should be given to all partners you want to exchange files with.
The private key should be kept secret. The key pair is stored in keyrings. Keyrings are files
stored on the hard disk of the computer). They contain the keys you created and keys you
received from your partners.

As your partners will use the public key, you need to send them the key. In order to avoid
sending keys to all your partners (and maybe forget some), upload your public key in your
directory in the folder intended for it on the Healthcare server. After the transfer of the public
key is recommended to inform to your partners, so they can update it and avoid problems in
future transfers due to the usage of out-of-date keys.

PROBLEMS AND SUGGESTIONS

Some problems occurred in the past. I will mention them and give You my solutions, to
avoid a lot of difficulties, when starting an electronic data exchance:

General problems

• Different criteria to identify a claimant;

• Different administrative cultures;

Otmar Scheitl
 -8-

• Change of national legislation and administrative structure but no change of forms;

• Forms are often filled by hand and difficult to read;
• Errors when transforming Insurance Periods from other countries into national standard;
• Difficulties in interpreting and translating the information.

Therefore the EU data exchange experiences are as follows:

• national processes take a long time;

• e-forms labour intensive;
• complex services to migrant citizens;
• formal exchange still paper;
• quality data varies;
• clearance times take month to years!

Complexity of information content

The complex and dynamic nature of the social security rules themselves has also
essentially complicated the task of taking decisions on going ahead with the use of electronic
means. As a matter of fact, the social security legislation and administration structures are
rather complex and multi-faceted in most Member States and these complicated rules are
typically modified regularly.

As these complex national security systems vary in their very basic structures, as far as
even the equivalence of basic concepts such as social security benefit, insured person or
insurance period, to give just some examples, of the systems is concerned, this complexity is
of course repeated and even increased exponentially at EU level. The enlargement of the
European Union naturally complicates further the current situation, starting from the fact that
with the arrival of new languages new versions of alphabets have also to be integrated into
the exchange structures.

Paper-based procedures as the established standard

Information production, handling and exchanges between social security institutions of the
Member States are particularly strongly linked to paper forms procedures in the mind of
several key actors involved in the implementation of social security coordination rules. E
forms have consequently established themselves as the routine and normal way of
proceeding over 40 years of these exchanges.

Lack of electronic tools

As a result of the lack of willingness and thus financial support, no more exhaustive
Europe-wide infrastructure exists or has been developed for electronic data exchanges than
that described in the first part of this Plan of Action. In particular, the issue of personal data
protection is still open as regards the legal requirements of some Member States for data
transfer by computer.

As electronic means have not established themselves as the standard way of processing
and exchanging data for social security coordination purposes, a sort of suspicion and
mistrust still seems also to prevail in some social security institutions towards electronic

Otmar Scheitl
 -9-

exchange means. The validity and the authenticity of electronic forms and the use of
electronic signatures have not been approved in practice by all the actors involved in data
exchange procedures yet. This suspiciousness and lack of confidence regularly leads to
rejection of electronic documents.

Lack of financial resources

For a long time, it was therefore not considered as being justified or reasonable to invest
money in construction of common electronic systems for the application of the social security
coordination rules further than presented in the previous chapter of this Plan of Action.

In addition, the EU-level cases and data exchanges are generally clearly directed to two
or three other Member States more or less on a national or regional basis in the case of most
institutions, which reduces the interest and the pressure from individual Member States to go
ahead with EU-wide solutions. Consequently, the automation of data exchange in the EU
context also becomes relatively expensive per exchange unit and of little interest from the
point of view of the individual social security institutions which have their IT priorities in
national cases.

Lack of knowledge and information

Even where IT architecture exists as described, several Member States have been
discouraged from using this architecture and participating in these projects simply because
they are not up to the pilot programs. This means that there is a clear gap in communication,
discussion and/or information at EU level as regards these programs. Consequently, there is
less experience of the application of the former rules than the latter ones in national
infrastructure.

Lack of necessity

As the development of IT architecture and infrastructure for information exchanges lies

within the responsibility of the Member States, with the European Commission supporting
their efforts in this regard in the common interest, and as participation in the above-
mentioned pilot programs is absolutely voluntary, there should be gained more progress than
we registered so far.

In the case of some Member States, the social security institutions have a legally
independent status and independent (decisionmaking) powers and are not operationally
subordinate to any central government authority under national law, which means that the
centralized national authority may not even decide to use telematics for them.

Recommendations for solutions

On the basis of its technical expertise and the experience of the member states’ social
security institutions involved in the implementation of social security coordination rules, the
Technical Commission is convinced that, in order to react to the above conclusions, IT-based
information exchanges should be effected starting from the following:

Otmar Scheitl
 - 10 -

Simplification of forms

Electronic tools chosen for the application of the coordination rules have to be sufficiently
flexible and adjustable in order to be usable in constantly changing conditions. It has to be
ensured that the personnel involved in coordination of data exchanges have proper
knowledge and information.

Identification of persons and institutions

Particular attention has to be paid to the problem of identification of insured persons.

The insured person must be identified so that his rights can be correctly protected. As a
primary rule, for this purpose an identifier might be provided to the mobile citizen when (a)
he receives the entitlement certificate to be presented in other Member States for the first
time or (b) institutions start to collect international information on his social security rights for
the application of the coordination rules.

All institutions that directly send or receive information to or from social security
institutions of other Member States for EC-level coordination purposes need to have an
electronic identity. To guarantee easy and correct identification of these institutions, a
repository will be created storing the above-mentioned information

Electronic defined as Standard for Data Exchange

Paper E-form-based information exchanges may not be considered as being the standard
or the most efficient way of proceeding while the social security coordination rules of the
European Communities are applied. When the sets of information to be exchanged are
defined for the application of individual coordination rules, it has to be made clear that the
particular decision of the Administrative Commission only determines data set and contents
and not the structure or exchange channel. Electronic exchanges have to be considered as
being the primary method.

Low threshold access to technique

It is not probable that social security institutions can afford to invest considerable sums of
money in new IT applications for solely EU purposes. In accordance with the common
interest, the European Commission should guarantee the availability of appropriate IT
arrangements to be used by social security institutions for the application of EC co-
ordination. These arrangements should be based, in certain respects, on existing exchange
systems between national administrations.

It is necessary to concretely define the IT services and arrangements needed for

electronic data exchanges. The IT arrangement to be used has to be adaptable to changes
in the data set to be exchanged.

The European Commission must ensure, at EU level, the availability of the IT

arrangement and services needed for electronic information exchanges. The arrangement
and services will be developed on the basis of the existing IT arrangement for information
exchanges between administrations.

Otmar Scheitl
 - 11 -

Standardization of XML-messages

The new infrastructure must preserve the investments made within the pilot groups by the
Member States that are already participating in the electronic exchanges It should facilitate
the entrance of the Member States which currently do not take part in the electronic
exchanges. The information exchanges are to be operated therefore across the TESTA
network and in XML message format. The infrastructure proposed should be SERVICE-
oriented and could be managed and delivered by a third party.

National work programs

In the new data exchange circumstances it is necessary to make increasing use of

electronic means in the EU context. The objective should be to exchange all data
electronically subject to business benefit and cost. Technology developments over next
years will remove any cost barriers. Guidance from the European Commission in the
common interest and an overall strategy are needed for this purpose. This must be
accompanied by national work programs too.

EXAMPLES (BEST PRACTICE)

To the end, I will give you 4 examples of best practice from my experience. These
applications are quite different, from an exchange with Excel worksheets to an Online-
application to have viewing access to the national databases.

• Excel-Worksheets for E101;

• Mailing (HERMES);
• Exchange of life certificates;
• INPS-Online-application between Italy and Germany.

CRITICAL FACTORS FOR SUCCESS

Common interest

There must be a common interest for data exchange on both sides. For international data
exchange also the governments should agree. You will need at least one person in charge
on every side, who push the telematic exchange. And a good personal contact between the
responsible persons could make things much easier.

Expense and profit

The efforts you have to undertake for an electronic data exchange must be appropriate to
the profit You or Your institution will gain.

Keep it simple

Search for a pragmatic way. Use technique, which is easily available for both sides.

Otmar Scheitl
 - 12 -

Exchange only data you really need for your purpose. If you exchange date, also store it
in your database for further use. And name one responsible person for the practice in each
country.

No Technique-Hopping

The Better is the Enemy of the Good. But: New technique is often cost intensive, time
consuming, not a proven standard and always a new excuse.

CONCLUSION

My conclusions to an international data exchange are the following:

• Technology is given in any parts of our everyday life. Though telematic data exchange is
the “state of art”, also between international partners. Obstacles like compatibility and
interoperability could be solved. Keep it simple and smart.
• Problems with financial means and national priorities have to be faced.
• Establish good bilateral contacts between the acting people.

I hope I have succeeded in convincing you that there are needs for an electronically data
exchange in order to give good and quick services to the citizens. On the other hand, there
are some barriers to overtake. But with the existing technique and good will on the
participating sites, there should not remain unsolvable problems at all.

Otmar Scheitl