Data-sharing failures cause real loss of trust

The real threats to increased data sharing by government departments are not legal impediments, but poor information management, says David Clarke

Any organisation that wants to handle personal data — including government — must satisfy data management standards as well as the law, says David Clarke.

People often find interacting with government departments to be a slow and difficult process, designed more for institutional needs than their own. There is hope that the lastest technology combined with methods taken from the private sector can change that. One example is one-time notification of death: tell the government a relative has died and that information is shared with other departments.

You would be forgiven for thinking that the British Computer Society (BCS) was at odds with that vision. We recently ran a campaign to halt plans for greater data sharing contained in the Coroners and Justice Bill, which is awaiting approval by the House of Lords.

Those provisions would have undoubtedly opened the door to a greater use of IT in the public sector. Unfortunately, they could also have removed all meaningful protection for personal information in public-sector hands. Our intention was not to block the expansion of IT in government, but to avoid the chaos those provisions could unleash on the UK.

Notification of death
One of the scenarios used by the Ministry of Justice to justify removing data-protection controls in the proposed bill was notification of death. It is better, it argues, to notify government once about a death and have that information shared across departments. That measure would save time, energy and discomfort for grieving relatives.

This removal argument implies that single notification is not possible as things stand. That is incorrect. Not only is it possible to notify just once under current legislation, it is, in the opinion of the BCS, foolish to avoid the checks the law requires. The consent needed to make sharing legal can be given at the time of notification.

The real threats to this type of service are not legal impediments, but poor management of the information. Were a mistake to be made — confusion over a name, for example — it might be impossible to correct it once it had been shared, unless the right provisions were in place. The legal protections that may seem onerous actually make a lot of sense.

Audit trails and mechanisms to update across multiple systems are vital. Without such provisions, a mistake could make life miserable for relatives, causing continued confusion when they deal with government, credit agencies and many other organisations.

Errors and duplicates
Collecting the information is far easier than maintaining it. Every database contains errors and duplicates, and dealing with them is expensive and full of risks. Failing to plan systems on that basis is even more costly for businesses and government departments in terms of public trust.

If information is accessed, shared, copied or amalgamated, the issues with errors increase. Local workarounds can cause system-wide problems. Simply put, the more widely information is shared or copied, the worse the potential problem becomes.

A pragmatic examination of the true lifecycle risks and costs of storing and maintaining personal information is paramount. Energy spent building customer trust can be undone in a flash when it is lost or slowly eroded by battles to correct mistakes.

IT professionals need to consider the long-term impact of their projects on both the affected organisation and the wider society. Whether it is getting social services, doctors and police to work together to prevent child abuse, Google publishing photos of our houses, or our children tagging us in a photo on Facebook, questions are being raised that are not yet being answered.

Given the long-term financial issues of storing personal data, putting in place some decent information governance looks like the easy choice.

David Clarke is chief executive of the British Computer Society (BCS), the professional body for UK's IT industry, representing over 65,000 IT professionals. Clarke took up his post at the BCS in May 2002 and has nearly 30 years' involvement with IT systems, first on the supply side with HP, DEC and Compaq, then as chief executive in the Virgin group of companies and at Trinity Mirror.