Regardless of which political party wins the next general election, pressure on the public sector to be more efficient – and to do more with less – will only grow. Greater use of IT will be essential to meet those goals.
But government can only use technology to improve efficiencies – and improve services to citizens – if departments and agencies can share information effectively. They can only do this if data is accurate, systems are reliable and secure, and if processes respect the public's need for privacy.
This was the message put forward by attendees at a recent GC round table on Simplified, secure information exchange, sponsored by Oracle. The session discussed the barriers to data sharing, public and private sector approaches to data privacy, and whether the arrival of "digital natives", both as majority age citizens and public sector employees, will change attitudes.
As the government attempts to rebalance the public finances, factors such as the Operational Efficiency Review are likely to increase the demands for public sector systems to become more integrated, at national and local levels, in order to improve efficiencies and to drive down costs.
Removing duplicate steps in business processes, and designing systems so that they provide more accurate information about citizens' needs and service delivery targets to managers, will be key features of public sector computing over the next few years. But moves are already being made towards a more joined up view of government systems, through citizen-centric and role based approaches to the way individuals interact with government at all levels.
Increasingly, citizens want to be able to give information to public bodies just once, saving them time and the public sector money.
"The citizen wants to 'tell us once'; the challenge is how we share that information across organisations," noted one attendee. "It should be possible to report a death once, in one interview, rather than 10 times, and as government, that will be saving us money."
Technical and political barriers to data sharing – as well the way that public sector systems have tended to develop in silos centred around applications or business functions, means progress in this area has been slow.
In fact, citizens often believe, and expect, that government is far more joined up than it is, whether it is in critical areas such as law enforcement and public safety or for more mundane matters, such as changing a name.
"If you marry and decide to change your name, it is a nightmare," one attendee pointed out. "You have to identify yourself across a myriad of different services. We have to put ourselves in the shoes of the person this is being done for. How is information collected, managed and shared in an effective and secure way?"
Information sharing in the public sector is still largely based on a Victorian way of doing things, another delegate pointed out, both when it comes to security and for the processes themselves. "When we set up sharing, we design it around sending a piece of paper from A to B, and the assumption is that sharing means copying."
Too many public sector data sharing projects have simply replicated steel filing cabinets and manila folders in electronic form, rather than looking at the actual business or administrative processes they are set up to support.
In other areas, however, data sharing has moved forward. Even the controversial ContactPoint programme is going ahead. Attendees suggested that the pressing need to share information in areas such as child protection, the focus of ContactPoint, are overcoming some of the administrative hurdles as well as changing attitudes among public sector data managers.
ContactPoint operates by creating a new database with basic information about children. However, the emerging generation of data sharing programmes are more likely to be based around a "data as a service" model.
Under this structure, organisations will no longer transfer bulk data to their partners within government, but rather grant selective access to their own systems to trusted third parties. This should reduce costs, allow organisations to give only the minimum necessary levels of access permission to third parties, and reduce the risk of data loss that goes hand in hand with large scale data transfers.
"Government is moving away from collecting information into large data warehouses where it is shared in big chunks, to service-centric data sharing, where you can make decisions on an individual, and what their entitlement is (to access information) and then share that to them as a service," an attendee explained.
Such models also work best where a government organisation might need to share information with a third party, such as a private sector company, and be able to turn off such access at the end of a contract. "Having the ability to share data is not the same as everyone sharing," an attendee pointed out. "There have to be constraints."
Attitudes to data sharing, and data security, have also changed significantly since the data loss incident experienced by HMRC in late 2007. The loss of discs containing details of child benefit recipients is now widely seen as a wake-up call to the public sector. Although there is no evidence that any individual has suffered as a result of the data loss, local and central government policies on data sharing and data security are now far more rigorous.
Public sector bodies have looked again at both the way they transfer data, electronically and via physical media, and at whether information should be transferred at all.
Immediately after the HMRC breach, data transfers were "locked down" at a number of government departments, preventing information from being shared and in some cases, with a serious impact on day-to-day operations. But attendees suggested the public sector is in a much better position to share data safely now than had the HMRC incident not happened.
HMRC reacted by introducing data guardians, senior officials from its business operations who have the final say on any data transfers. The data guardians' role also goes beyond security, and covers making sure data is accurate and that it maintains its integrity throughout the business process.
The department has introduced other security measures, such as encryption and moving away from transferring physical media, such as discs, and using secure electronic processes instead. This model is being followed elsewhere in government, with data sharing rather than transfers becoming the norm. HMRC and the Department of Work and Pensions (DWP), for example, regularly share data electronically. Previously it was transferred.
Government departments, agencies and local authorities are now much more likely to carry out privacy and risk assessments before they share information. Organisations have embarked on large scale awareness and training programmes for staff, as well as adding to their data protection technologies. Public sector organisations now also pay much more attention to why data is collected, and whether they have citizens' consent if they are going to use it in other ways.
Ensuring staff are educated in data privacy and security issues, as well as picking the right tools, is far more likely to allow public bodies to achieve their efficiency targets than reactive measures, such as total blocks on data movements or using glue to block up USB ports on computers.
There have, though, been disadvantages to tighter controls on data sharing and strengthened data security. Some public sector bodies have felt obliged to stop providing information to other organisations, either because of security concerns or because of worries about consent. This has led to a number of promising projects being delayed or even cancelled, because appropriate data sharing arrangements do not exist.
In other cases, organisations' internal processes have been badly affected, and it has taken time, effort and money to return to "business as usual". But gradually, this is happening.
The public is also becoming more aware of the need for properly controlled data sharing, and more supportive of it, attendees suggested.
"There are some cases where we have taken a hit, where security issues have taken precedent over the business process," admitted one attendee. "But there have been other cases where IT has been able to soak up the risk, and make it easier for the business. But that's a big step for one department to take – let alone all of government."
The participants:
Andrew Watson – group director, security, standards and architecture, Metropolitan Police
Andy Neal – information management, HMRC
John Skipper – design lead, Employment Identification Service
John Stubley – programme director Public Sector Network, Cabinet Office
Josh Ellis – chief information officer, Serious Fraud Office
Mark Brett – policy and programme manager, Socitm
Siobhan Coughlan – senior improvement manager, Improvement and Development Agency
Toby Stevens – director, Enterprise Privacy Group
Martin Cooper – director of architecture for strategic and emerging business, Oracle
Des Powley – technology director, security and IDM, Oracle
Steve Lamb – senior director commercial and strategic business, Oracle
Mark Say (chair) – editor, GC Magazine
