Michael Cross
The Guardian, Thursday March 20 2008
One casualty of last November's missing-disc fiasco was a government strategy for sharing citizens' personal data between departments. It was scheduled to appear on November 22, just two days after Chancellor Alistair Darling told Parliament the HMRC had lost the details of 25 million people. Unsurprisingly, the data-sharing announcement was buried in a deep vault under Whitehall where it has languished ever since.
It can't stay there indefinitely. Huge chunks of the government's programme to reform public services depend on the presumption that information gathered by one public body is made available to others in the interests of efficiency, customer-centricity and detecting fraud.
Until now, government policy has assumed that data-sharing enjoys public support. Many public service managers can tell of citizens being amazed that data are not shared, even when failure to do so costs lives. Ordinary citizens don't differentiate between different arms of the state, the argument goes.
I'm sympathetic to this assumption. However, it is untenable in the current climate. Ordinary citizens clearly do care what officialdom does with their data, and don't necessarily view the NHS or their local authority as a branch of the state. Last week, the British Computer Society (BCS) released a poll showing two-thirds of Britons say their trust in the government to look after personal data has fallen in the light of recent revelations. At the same time, parliament's joint committee on human rights painted a picture of a government with a frighteningly gung-ho attitude to new data-sharing procedures. Its report criticised the approach of passing laws containing very broad enabling provisions, while relying on secondary legislation, generally unscrutinised by parliament, for data protection safeguards.
Even more than the data loss fiascoes, this is a symptom of a government out of step with growing public awareness of the power of information. If IT-based reforms - let alone schemes like the ID card - are to retain credibility, the government must recognise these concerns.
New guidance on officialdom's management of personal data is expected to appear shortly. A seminar organised by the BCS last week suggested it could start by embedding the importance of personal data in Whitehall's own criteria for success or failure. All IT-based changes should have a privacy impact assessment; this should be carried out regularly as part of "gateway" reviews of major projects. Meanwhile, "capability reviews" should test government departments' ability to handle information safely (possibly instead of current criteria such as their ability to "ignite passion, pace and drive" - I'm not making that up).
Meanwhile, ministers could send a signal to society by giving the Information Commissioner real powers to spot-check organisations for data protection breaches, and to put unauthorised snoopers in prison. (Incredibly, the government is contemplating backtracking on tougher sentences, apparently under pressure from media organisations worried about their executives going to jail.)
Citizens need to be brought in to the equation, too. This means gaining more informed, active consent before information is shared - and creating workable procedures through which individuals can revoke that consent. Vitally, citizens should have an automatic right to correct data about themselves.
The whole information relationship between citizens and the state needs to be put on a new ethical basis. What we need, someone told the BCS, is a Magna Carta moment. I agree.
The Guardian, Thursday March 20 2008
One casualty of last November's missing-disc fiasco was a government strategy for sharing citizens' personal data between departments. It was scheduled to appear on November 22, just two days after Chancellor Alistair Darling told Parliament the HMRC had lost the details of 25 million people. Unsurprisingly, the data-sharing announcement was buried in a deep vault under Whitehall where it has languished ever since.
It can't stay there indefinitely. Huge chunks of the government's programme to reform public services depend on the presumption that information gathered by one public body is made available to others in the interests of efficiency, customer-centricity and detecting fraud.
Until now, government policy has assumed that data-sharing enjoys public support. Many public service managers can tell of citizens being amazed that data are not shared, even when failure to do so costs lives. Ordinary citizens don't differentiate between different arms of the state, the argument goes.
I'm sympathetic to this assumption. However, it is untenable in the current climate. Ordinary citizens clearly do care what officialdom does with their data, and don't necessarily view the NHS or their local authority as a branch of the state. Last week, the British Computer Society (BCS) released a poll showing two-thirds of Britons say their trust in the government to look after personal data has fallen in the light of recent revelations. At the same time, parliament's joint committee on human rights painted a picture of a government with a frighteningly gung-ho attitude to new data-sharing procedures. Its report criticised the approach of passing laws containing very broad enabling provisions, while relying on secondary legislation, generally unscrutinised by parliament, for data protection safeguards.
Even more than the data loss fiascoes, this is a symptom of a government out of step with growing public awareness of the power of information. If IT-based reforms - let alone schemes like the ID card - are to retain credibility, the government must recognise these concerns.
New guidance on officialdom's management of personal data is expected to appear shortly. A seminar organised by the BCS last week suggested it could start by embedding the importance of personal data in Whitehall's own criteria for success or failure. All IT-based changes should have a privacy impact assessment; this should be carried out regularly as part of "gateway" reviews of major projects. Meanwhile, "capability reviews" should test government departments' ability to handle information safely (possibly instead of current criteria such as their ability to "ignite passion, pace and drive" - I'm not making that up).
Meanwhile, ministers could send a signal to society by giving the Information Commissioner real powers to spot-check organisations for data protection breaches, and to put unauthorised snoopers in prison. (Incredibly, the government is contemplating backtracking on tougher sentences, apparently under pressure from media organisations worried about their executives going to jail.)
Citizens need to be brought in to the equation, too. This means gaining more informed, active consent before information is shared - and creating workable procedures through which individuals can revoke that consent. Vitally, citizens should have an automatic right to correct data about themselves.
The whole information relationship between citizens and the state needs to be put on a new ethical basis. What we need, someone told the BCS, is a Magna Carta moment. I agree.
© Copyright :
http://www.guardian.co.uk/technology/2008/mar/20/politics.intellectualproperty
http://www.guardian.co.uk/technology/2008/mar/20/politics.intellectualproperty
Be the first to reply!
Post a Comment