Government to force greater data sharing

Increasing pressure on ministers has seen the government unveiling sweeping legislation to allow greater data sharing. Will it work? asks David Bicknell

The recent case of a disabled four year-old girl who was abused by her parents, despite no fewer than 20 visits or contacts made by social services and a string of health professionals, has once again increased the pressure for greater data sharing between the NHS, local authorities, and the police.

At the same time, government ministers unveiled sweeping legislation in the form of the Serious Crime Bill, which contains measures to allow widespread data sharing between public and private sectors for the first time.

In theory, the proposed legislation would allow public and private sector anti-fraud agencies to access personal financial information, including pay, tax, pension and benefit records held across the public sector.

It follows a decision by a cabinet committee to overturn the principle that personal information provided to a government department for one purpose should, in general, not be used for another. The existing data sharing policy meant that public bodies and departments had to provide a legal justification when they wanted to share data about individuals, specifying the purpose.

Now, the policy has been turned on its head. Instead, government officials will be able to assume that data can be shared unless there are reasons not to disclose it.

The government is already attempting to paint the policy as a citizen-friendly move. For example, when a family moves home, they could register the new address online with their local authority, which would then update the records of the local authority.

In turn, the information would be passed on to the Driver and Vehicle Licensing Agency (DVLA), and Inland Revenue for tax purposes, and the electoral register.

Yet senior figures within the IT industry and public sector believe the government still has a long way to go to achieve its information sharing goal. One senior figure who has worked closely with government departments to deliver information processing on key projects, described a "vision statement" put out by the Department of Constitutional Affairs late last year as, "Great rhetoric, but pie in the sky."

The Department for Constitutional Affairs had outlined a vision where, "information will be shared to expand opportunities for the most disadvantaged, fight crime and provide better public services for citizens and business".

It added that it would work with the Information Commissioner's Office (ICO) to encourage use of codes of practice to ensure personal information is kept safe and secure, and complies with the Data Protection Act.

In response, the ICO issued a cautionary note on greater information sharing. "It is important to strike a balance between the need to share information as part of delivering efficient public services and the need to ensure privacy and the integrity of personal information.

"There must be clarity of purpose and some limits to sharing - information must not be shared just because the technology allows it. It is essential that information is only shared to the extent that it is necessary and reasonable to do so and that strong safeguards are put in place that work in practice, not just in theory.

"We all want to see information used to provide high quality and efficient public services, but public trust and confidence may well be jeopardised with any wholesale or unrestrained sharing of personal information."

Indeed, to focus on the implications of information sharing more closely, the ICO recently appointed one of its long-term staffers, Iain Bourne, to a new position as head of information sharing.

At the heart of the problem of information sharing is that most of the data within government is contained in "silos", in other words within separate departments, whose mindset is not to share with other departments, because they don't see it as a core responsibility of the department.

"I came across a situation where one government department was asked to supply some information regarding an application for a Job Seeker's Allowance," says David Piggott, managing director of healthcare IT specialist Integrity Consulting Partners.

"It refused, saying it was not central to the mission of the department. How can you talk about information sharing in government when that sort of mindset exists?" Piggott insists more can be done to prevent tragic social services cases.

In the landmark Victoria Climbie case, a failure to share data between four London boroughs, two hospitals, two police child protection teams and the National Society for the Prevention of Cruelty to Children contributed to the tragedy.

In Piggott's experience, "Usually the social worker ends up in court when a case comes to light. There clearly must be shared information on case histories between the social worker and other GPs or health workers, teachers or others involved."

Piggott believes the government's Connecting for Health scheme could make a difference to local authorities which are seeking to connect to N3, the replacement network for NHSnet as part of the NHS National Programme for IT.

"The one-off fee to local authorities for connecting to N3 is around £100,000. What Connecting for Health should do is give subsidised N3 connections to local authorities, and get police connected to N3 as a node on the network as well."

Rod Aldridge, founder of outsourcing group Capita, who now runs his own foundation focusing on public service reform, says before government can focus on delivering shared information, it should make a success of shared services first.

"The case for shared services has long been argued and documented in numerous government reports. However, on the ground little progress has been achieved, and back office inefficiencies have largely been ignored.

"The Local Government White Paper promoted shared services as a core element in achieving potential savings of £40 billion over 10 years from sharing HR & IT alone - and that is before addressing council tax, business rates and housing benefit where over 400 local authorities still have their own ICT infrastructure, staff and call centres to administer what is a transactional service.

"Shared services are not simply about aggregation but also require standardisation, process re-engineering and consolidation to deliver modern, efficient services for the customer. It is difficult to imagine councils getting together to centralise the running of these services into four or five national centres. What is needed is a framework of inc entives from government encouraging authorities to share, with clarity given over retained savings and pump priming to fund set up costs."

There have been some examples of success stories where data sharing takes place to deliver a service as a partnership between the public and private sectors, such as Voca's processing of civil service payments and pensions, or in local government, where several innovative schemes are currently in place.

One, at Hampshire County Council, facilitates information sharing through a secure IT network across the county, incorporating unitary authorities, town and parish councils, fire and emergency services, and child protection services and stakeholders.

The information sharing evolved out of Hampshire's eGovernment work, and Hampshire's CIO Jos Crease believes the sharing could go further, culminating in an integrated contact centre covering the county, with the ability to put citizens in direct touch with the necessary council services.

"When it comes to information sharing, I don't think anyone believes this can be done by some vast national website hosted by central government. It is going to have to be delivered in a local form," he says.

Philip Virgo, secretary general of Eurim, says when it comes to greater future information sharing in government, some key principles will have to be addressed.

"For information sharing, the big issue is, "What is the legal framework for governance and accountability?"

"Government already has too many governance regimes, although no-one knows what they are. They all have different routines. Ultimately, information sharing must be seen in the context of the application - the Home Office, Department of Work and Pensions, for example - and not the DCA's 'vision statement'."

A Eurim working group currently involving lawyers from engineers WS Atkins and international law group Bird & Bird among others, is planning to deliver a report on the characteristics of data sharing protocols commanding professional (both application area and information systems) and public support.

The group will also look at a publicly scrutinised and recognised set of application-specific best practices for data sharing that can be used as models for future local and central government data sharing initiatives to build on.

Piggott suggests what might be required are charters, detailing good and bad information sharing.

"In reality, information sharing is an awfully long way off. Even in the NHS, it might be a great idea to say that patient data and medical records can he shared. But that only works if you're taken ill in England, not in Scotland, Wales and Northern Ireland."

Nick Kalisperas, director at IT trade association Intellect, believes the public sector must learn from the private sector, especially the financial sector when it comes to guaranteeing trust and confidence in the data being shared.

And he worries that there is still too much of a "silo" mentality within government departments, with no clear strategy for sharing information.

"You can't say the current system is 'joined up'. There is too much duplication of data, and we have to look at better management and filtering to eliminate that duplication. Departments can't share in an ad hoc structure there has to be an overarching information sharing strategy to deliver improved services that are beneficial to the citizen."

"The challenge is how do you deliver it? Will it get there? Yes, but it might take 10 years."

Government targets data sharing

IT staff in 'data integration mire'

Comment on this article: [email protected]

Read more on Privacy and data protection