Development and Implementation of a Privacy Protection Framework for E-Government: A Case Study of Sudanese Government Websites

Abstract

Abstract

This research aims to design a framework for protecting citizens' privacy in Sudanese e-government systems to address critical challenges, including the absence of comprehensive legislation, weak technical infrastructure, low societal and institutional awareness of data security, and heightened risks of cyberattacks. The study employed a multi-phase methodology encompassing a review of relevant global and regional literature, the development of a four-pillar theoretical framework (enhancing governance and privacy policies, integrating privacy-enhancing technologies such as privacy by design, encryption, multi-factor authentication and access control, data lifecycle management, and continuous evaluation), and a practical implementation through a web-based model (using PHP/MySQL) simulating e-government services with three user roles (administrator, employee, citizen). Lastly, a survey evaluating the implementation of privacy policies in the researcher-developed web tool—based on the proposed framework for Sudanese e-government sites—revealed that the "data deletion policies" pillar received the highest rating (mean 4.46), followed by security awareness programs (mean 4.28) and the "explicit consent" mechanism pre-data collection (mean 4.20), confirming the framework’s efficacy in enhancing transparency and data lifecycle management. While privacy technologies (e.g., encryption, access control) were well-received (mean 4.09–4.10), multi-factor authentication faced challenges in striking an optimal security-usability balance (mean 3.84). Qualitative analysis underscored urgent needs to simplify privacy policies, improve visual guidance, and introduce flexible authentication; results also highlighted locally specific factors, including limited security awareness (47.4% of users) and high female-user representation (63%), necessitating socially conscious interface designs. The framework proves effective in Sudan’s context, but sustainable success requires tailoring solutions to local culture, reinforced legislation, and continuous training. The implementation results demonstrated the framework's effectiveness in enhancing digital trust by ensuring transparency in data collection, protecting data through encryption mechanisms during transmission and storage, applying multi-factor authentication, empowering citizens to manage their data, and improving awareness of privacy practices.