The Rowntree Trust report on the Database State is compulsive reading but the obvious knee jerk reaction may well do more harm than good – rather like the take-over of Whitehall’s information assurance by CESG in the wake of the leak reports. The objective of good Information Governance is not just to protect data. It is to ensure data that is fit for purpose, when and where needed.
Some of the previous Audit Commission reports show a horrifying scale of information error among those they audit. Most errors are probably “accidental”: because data is not routinely checked or updated by those who use it, let alone the subject of the data. A growing proportion is, however, systemic: to distort data that might be used to support decisions on resource allocation or performance related funding/bonuises.
Among the papers tabled for the EURIM Directors Round Table on Information Governance last November was a “modest proposal” from Metanoya for “Rights and Responsbilities for Citizens in the Digital World“. This goes rather further than the recommendations in the Rowntree Trust paper and is based on Swedish thinking in this space.
The Swedes have the world’s most oldest, comprehensive, integrated, citizen database: created by Marshall Bernadotte (elected King Charles XIV John to re-organise the army for possible war against Russia) to not only support conscription but the medical services to ensure the conscripts were fit to fight. Most Swedes have about as much privacy as the inhabitants of St Mary Mead and they abuse seriously.
The EURIM Round Table led to a comprehensive exercise on Information Governance: from what the various terms mean and to whom ( to clarify debate), through value and quality to “security by design” – i.e. not just e-sticking plasters and e-immodium to counter the data diarrheoa that is currently endemic.
The problem of information incontinence is not, howver, confined to government.
It is the very basis of the business models behind search engines and social networking operations such as Google and Facebook.
The main suprise to me in the Rowntree Trust report was the failure to suggest that those who propagate false information, without giving the subject the opportunity to correct it, should be liable for damages that are at least as great as the usual penalties for giving false information to a government department. Whether or not that is a good idea, I was surprised not to see it, given the pedigree of some of the authors.
I would liken the impact of this report to the opening stages of the Battle of Jutland. Well targetted German fire from the Geman battlecruisers sank several British Battlecruisers: each stuffed to the gunnels with cordite, not just in their magazines – i.e. rank bad practice and waiting to be blown up, whether by hit or by accident.
The real engagement has yet to begin. Jutland was inconclusive and it was the Germans who withdrew from the field. The task is not just to condemn bad practice and make sweeping recommendations, but to replace it practice with good. Protecting bad information from scrutiny may well do more harm the risking the abuse of good information. Changing cultures to embed good practice in information governance is a major task – especially when there is little or no agreement on it is.
Those driving the EURIM Information Governance exercise are having serious “fun” unravelling the current state of debate: a swamp of debate and proposals on re-active protection. There is far too little work on value, quality and secure sharing.
More-over almost all reports agree that the problem is people and culture.
But almost all the proposed solutions are to do with technology.