WRITTEN ON December 1st, 2007 BY Ruth Kennedy AND STORED IN Data nitwittery, Design: Co-creation, Design: user-oriented, Foundation of Trust, Identity, Transformational Government, What do we want?, Wibbipedia/MindtheGap

A different distinguished group met somewhere to consider whether information – its use, management, ownership – is set to be the new battleground for public service transformation. Despite the recent loss of 25m people’s details by HMRC, we agreed that ‘battleground’ might be too provocative a term. But the resignation of a distinguished permanent secretary shows the full implications of responsibility for stewardship of personal information is dawning on Accounting Officers, who are now urgently checking risks and procedures. This information is stored in systems and based on architectural decisions the non-CIO Board members (and their political masters) do not, as a rule, understand.

One argument says that the HMRC episode is not just a deep shock: it’s a predictable and long-overdue wake-up call. Does that leave Transformational Government – a strategy underpinned by the use of large centralized databases – fine, fatally flawed or fixable?

The immediate view seems to be that all is fine. There’s no single central database. Transformational Government is citizen-centric, about services which may or may not use centralized data to deliver the personalisation.

But there’s a subtle yet important difference between something that is citizen focused, and something which is citizen centric. Centralised systems that do things to people can be called citizen-focused, but the world looks very different from the citizen’s point of view. A central approach to citizen-centric services might involve freeing information and processes, enabling citizens to do much more for themselves. It’s scandalous that essential aggregated information that belongs to the citizenry is kept as a state secret. Such secretiveness encourages the fallacy that government will do everything for and to us. But it’s not MI5/MI6 alone that will save us from terrorists: it’s a change in society. People are the first line of defence and should be treated and engaged as such.

Inside government people are taking the view that the post-HMRC panic and headlines of recent days are driven by an ill-informed media, and that it would all be quite different if only the centre could get its message across. This sounds like “They’re disagreeing with us so they can’t be listening”; but perhaps the centre has forgotten how to listen.

Others in government see the media rightly helping the public understand what is going on, and picking up on a hitherto understated concern that government is requiring more and more of their personal data, but at the same time information is escaping and things are going wrong in manner which feels unacceptable. No-one has yet convinced the citizen that these large-scale projects – health, children, identity management – hold benefits for them.

Government wants to share data so it can be more citizen focussed. The law enforcement agencies can see that the most vulnerable and children are most likely to suffer from violence. But it has not been able to share this insight with the public, or gain a mandate for acting on this desperately important insight.

Personal data is managed using technology, but the question of how it is treated is one of culture and also subject to the law. It’s questionable whether our public services are designed, in a formal sense, for users’ needs. This producer-centric culture is hard-wired into technology systems and prevalent in day-to-day practices. Unraveling something like the HMRC debacle requires understanding of how all these things interact. NAO never needed identifiable sensitive details, but the reason it asked for them to be stripped out was that otherwise the file would be too big. The reason HMRC didn’t strip it out was because that would cost £5000.

One argument says you simply can’t provide citizen-centered or personalised services without large centralised databases. Suppliers argue they can make them secure with technical fixes. Other experts argue that no valuable information can be kept safe in a system to which tens or hundreds of thousands of people have routine access. The point of access is the point of failure, so if it’s usable it’s insecure.

The deeply radical project to turn customer relationship management (CRM) on its head and create Vendor Relationship Management (VRM) challenges this view powerfully. VRM allows a user community to manage their individual identities and resources and to share supplier reputation. They operate on the terms they want. CRM may make the capitalist wheels turn, but it creates relationships which are deeply inequitable and privilege the enterprise at the expense of the ‘customer’. Giving the individual the tools to manage their own relationships and processes, user-centric ID and personal data stores offers a whole new set of solutions for the need for personalised services.

Early hints of this approach exist: my Google personalised homepage feels customer-centric. The Microsoft HealthVault sounds customer-centric – Steve Ballmer isn’t going to leave my health records on a CD if they’re on my PC. We’re told we could create a truly user-centric VRM architecture for ID management and online transactions for around £1m a year.

Thus the innocuous-sounding topic of information management takes us into the question of what sort of democracy we want to live in. There’s an enormous dislocation between the rhetoric and how people are actually treated. Government says it wants to devolve and empower, but centralizes information and decision-making. It claims to be customer-centric, but addicted prisoners are turfed onto the streets with two days’ methodone and no GP to turn to. Nothing will “transform” until public servants can see citizen journeys that make sense.

Local authorities are closer to people and see things differently. Leading councils are identifying those citizen journeys and using an accurate database to release previously unclaimed benefits to the citizen. They offer enough services to offer a trade-off between things that are easy to get with things that are hard to get, and can be much more citizen-centric. Keeping your town hall up to date with your address makes sense when they’re offering you valuable things to which you’re entitled.

Information sharing must involve trust – ethics and standards – between public bodies as well as with the citizen. The gap between local and central government is described as “never bigger”. It’s at the local level that there’s a real opportunity to build trust with citizens. But power and control resides with those (in Whitehall) who have fewest dealings with the citizen. Local government can do so much with its customers, but the overall strategy continues to feel like being ‘done to’.

Whose information is it anyway? This question deserves a lot more unpacking. We should expect a campaign for the right lifetime ownership of one’s personal data by the data subject.

Of course ethics are not always as clear cut as we might like. At first glance it may seem as though complaint data from regulators should be made public, but when looked at more closely this raises a series of interesting challenges.

Certainly the current review of the HMRC data loss being carried out by security people sends out the wrong message about where the risks lie. As the leader of a series of key database projects admits, ‘Human error will always catch us out’.

Some participants boldly committed to doing things differently:
– Improving dialogue between government, the awkward squad and NGOs
– Making greater effort to sell the case for large-scale information sharing projects to citizens in their multiplicity
– Demonstrating more clearly appropriate stewardship of personal data
– Being bold enough to say as often as necessary, ‘it’s not as simple as that!’
– Get buy-in of the privileged 80% when delivering for the 20%
– Being real
– Repositioning of a supplier as an enabler of policy, and committing to look at all government accounts, endeavouring to support them by presenting reasons why the citizen will benefit from each programme
– Encouraging upwards disruption
– Finding a political narrative abut enabling trade-offs (not assuming a zero-sum game)
– Asking ‘why are we not sharing this information with the public?’
– Engaging as a force for good, continuing advocacy
– Clarification of the VRM proposition, and creation of an organized third sector which enables citizens to own their own data
– Besieging silences – making it my job to open dialogues
– Checking implementation of security on databases
– Couching everything in citizen benefit terms, not ‘do it to them’ terms.

Before the discussion the mood seemed to be that Transformational Government was fine. Afterwards the prevailing voices said it was “fixable”.