Yes, that makes sense, we don’t allow people to connect to our databases directly either, and in any case the systems should be built so they are separated, it’s good architecture.
I was very much more intrigued about the statement that data can’t be easily/legally shared within the same agency
> I was very much more intrigued about the statement that data can’t be easily/legally shared within the same agency
Consider it from this hypothetical perspective: My mom is an analyst in the health service and has database access to produce various reports. Her access is extensive, to allow reporting on things like whether the courses of antibiotics prescribed by doctors are of the recommended length.
Meanwhile, I'm a rebellious teenager. My doctor asks me how often I smoke, drink, take drugs and engage in promiscuous sex. If my doctor enters my answers into my electronic medical record - should my mom be able to look at my record?
The answer, of course, is that her right to access data depends on what she's doing.
This is also true, to some extent. You have to have valid reason to access PII (Personally Identifiable Information). All access is logged and the DPO (The Data Privacy Office, one of the good things GDPR formalized) monitors access on a regular basis.
And since the current understanding is that even the combination of an IP address and a timestamp is personally identifiable... many organizations are actively not collecting usage stats. Which leads to the abuse of public funds, but this is a different story.
It's to avoid corruption.
I worked for the equivalent of the IRS for two month in my country (student job basically). When people asked for a deferred payment, i could accept it if it was the first time, but when they asked for a deffered payment the second time, or for reduced taxes (recent job loss, loss of a house or big events like this), i had the mean to verify who the person asking for this was, but not the mean to approve it.
I verified the information and filled a form, then asked for approval. The person approving had no idea who the person asking was (he had no access to the tool i used to match the internal ID to an actual person), but had the form i filled, and approved of the deferred payment/reduced taxes without any knowledge of who asked. Also i did not know who that person was, and he did not know who i was.
All of that is not very effective, but it reduces the risk of corruption from civil servants: you either have limited information, or limited power (this isn't the case with mayor or other elected officials though).