In safe hands

According to a recent BCS survey, public trust in government’s use of personal information has been rather battered over the last year. A series of lost discs, laptops and files has damaged the reputation of government data handling.
    
At the same time large projects such as the National Identity Scheme and NHS National Programme for IT are attempting to consolidate and expand personal information collection and use. To the public, this looks irrational. It does to some experts too. How, then, do we reconcile this?
    
The BCS has long been concerned about the trends in personal information, particularly in the public sector. Working in consultation with experts in this field in academia and both the private and public sector, the BCS has developed a set of workable principles for information governance and data guardianship. A full explanation of these principles and the report on a workshop where these were discussed can be found at www.bcs.org/ trustworthyegovernment.

Key principals
The BCS principles for information governance and data guardianship are:

Accountability

  • All government departments should follow sound, publicly accessible, information governance principles (clear responsibility, accountability, authority and processes for: collection, retention, identity matching and sharing, dissemination, disposal, risk assessment and audit of personal information) in order to foster public trust in their data guardianship.

Visibility

  • Citizens should have the right to be informed of and to have free access to all the data that is held by the government about them.
  • Citizens should have the right to correct data about themselves if it is wrong.

Consent

  • Citizens should be asked for their informed consent in respect of private data to be held about them for a specific purpose.
  • When it is suggested that such personal information might be used for a purpose other than that for which it was originally collected, the consent of individuals should be explicitly obtained.

Access

  • Citizens should have a right to know which officials or groups of officials (e.g. the police, all staff in DWP and HMRC, doctors) will have access to the personal data (that they have consented to have held) and who has actually accessed data about them.
  • For elements of specific types of private data, e.g. personal healthcare information, the citizen should have the right to limit who has  access to the data without his or her explicit informed consent.

Stewardship

  • The original collector of personal data should have a duty of care with respect to that data. They must ensure any organisation sharing it understands both the risk assessment associated with that data holding and any caveat associated with its integrity and appropriateness for use for purposes other than that for which it was originally collected (e.g. has it been verified or is it interpretation and hearsay, when was it collected and does it have a finite useful life, has it been cleansed).

Making change happen
What is encouraging is the broad consensus that exists on these principles and the enthusiasm to see such cultural changes brought about. However, enthusiasm may wane when it becomes clear what needs to happen for such principles to become a reality.
    
For example, responsibility and accountability of civil servants in a way that is visible and accessible by the general public is an uncomfortable concept if you are on the receiving end of it. Another more modern example may be the presumption of re-purposing and sharing data. It is regarded by some as too difficult or too costly to seek informed consent when data is already inside the walls of government.
    
The logic goes that such concerns can be ignored when there is a clear public interest, and expediency for the civil service is in the clear public interest. When less immediate concerns about consent stand in the way of service transformation, they are brushed aside thus, in favour of the more obvious, immediate and sometimes only localised benefits.

A worthwhile challenge

One sympathises, at least to some extent; the clock cannot be turned back on the digital age, but there may be a need to re-examine the costs and benefits. Good information governance is certainly costly and difficult. However, the way government is being turned upside down because of recent losses is far more costly, in terms of money, but also of reputation and, ultimately, trust. If the ultimate effect is that government’s strong public mandate to collect and use personal information is weakened, that could be fatally damaging for the relationship between citizen and the state.
    
More importantly, the idea that information governance must be a backwards step for services is wrong. As government takes the first steps in embracing a more interactive ‘Web 2.0’ approach to information management, good governance can enable better services. Meta-data, information about information such as how it was collected, who owns it and has access to it is key to this.
    
Traditional ways of working married with data sharing can lead to all sorts of problems that are difficult and costly to solve. Information entered by trusted officials, is in turn assumed to be correct. For example, a simple mistake with information on child protection, tax or criminal records can have a huge impact on individuals. In practice, the onus is on the individual to prove themselves against ‘facts’ in a government database. If sufficient metadata were present, such mistakes could more easily be traced and sorted out, or may not happen in the first place.

Data protection
Interestingly, the way Wikipedia makes use of ‘untrustworthy’ contributors to generate content that collectively turns out to be authoritative and trusted is worth a mention. Its article on the data protection act - http://en.wikipedia.org/wiki/Data_Protection_Act - provides a quick one-stop portal for official reference material and related topics. Each article has an audit trail, a discussion area to debate changes, and is accurate enough to be very useful.
    
In fact, Wikipedia arguably has better and more responsive information governance than most official government services. The example of Wikipedia shows that information governance can be an enabler if done well, and it can be freeing rather than constrictive.
    
Anyone familiar with system design knows that the clever bit is not getting things to work, but designing for when they don’t work. Poor design means people spend more time on ‘work-arounds’ and fixes to problems than on the job itself. By contrast with traditional systems, today’s generations don’t need a training course on Wikipedia. Web 2.0 is about self-organisation and self-correction that can lead to better organisation and correction than a more top-down approach. Government in the UK could certainly do with some of that.

For more information
Web: www.bcs.org
        www.bcs.org/blogs/davidevans

Please register to comment on this article