FINAL WORD
“
48% OF THE UK PUBLIC
AGREED THAT SHARING MORE
INFORMATION WILL LEAD TO BETTER
SERVICES, SO THEY ARE OPEN TO
BUILDING THAT RELATIONSHIP.
How does this affect data privacy?
However, for public sector organisations
to make the most of their data, there are
several steps they need to undertake first,
including ensuring they are aware of all
relevant data protection laws and are
abiding by ethical standards.
This issue is growing ever more prevalent
as the rise of Machine Learning (ML) and
use of predictive models by organisations
raises important questions, both ethical and
legal. For example, what constraints need to
be considered? Also, what safeguards and
oversights are needed to ensure that privacy
laws aren’t broken?
(GDPR) and provides a principle-based legal
framework for processing personal data in
ways that respect individuals’ rights.
Starting with the rights of the individual, a
data subject has the right to be informed
about how their data will be used, which
implies that this information is available at
the point when the data is first collected. In
simple terms, it means that the following
questions require clear unambiguous
answers: what data of mine do you need?
Why do you need it? What will you do with
it? How willyou keep it safe? Who will you be
sharing it with? And what will you do with it
when you no longer need it?
Maintaining citizens’ trust
With data being collected and stored at an
unprecedented rate, it is easier than ever for
firms to share, merge with other data and
analyse to gain valuable insight. However,
organisations must not forget that the
rights of the individual, the data subject, are
enshrined in new laws including what may
and may not be done with their personal data.
There is a tension between what can be done
(technically) and what may be done (legally).
Data privacy in the UK is covered by the
Data Protection Act 2018, which replicates
the EU’s General Data Protection Regulation
On top of the operational challenges
that councils face, maintaining a trusting
relationship with their citizens is paramount.
More still needs to be done as Civica
research found that only 11% of the UK
public completely trust their local authority
or the government to handle their data.
Although councils are continuing to
transform their services through insight-
driven models, more work is needed for
improved data transparency, security and
shared access.
On the positive side, 48% of the UK public
agreed that sharing more information will
lead to better services, so they are open to
building that relationship further.
Data analysis vs. data collection
Regarding the primary purpose of data
collection, it may well be straightforward. For a
council, data may be collected with the aim of
collecting council tax, providing social housing
or the day-to-day management of schools.
Data analysis is different. It rarely starts
with the collection of fresh data; it typically
86
INTELLIGENTCIO
starts with a question and then looks for the
answers in data that is available, which is
usually in multiple databases, collected over
years for diverse and unrelated purposes. In
the case of the councils, some may question
whether it’s possible to identify families
where children are at an increased risk of
abuse. This leads to a series of hypotheses
about the selection of existing datasets held
by the council and other public services. It is
very unlikely that local residents ever thought
that their council tax payment records might
one day be combined with police records
and used to assess the risk of child abuse.
A proven model for insight and
data privacy
To address current and future data
regulation challenges and enable analysis
and data sharing between agencies under
GDPR/DPA18 requires a reliable, robust data
governance framework, including:
• Data review and roadmap – Reviewing
the personal data you have, how and why
it was collected and its limitations
• Scope of analysis – What data will be
included in the scope of the analysis,
whether or not personal data is required
and if so, whether or not there is a
legitimate legal basis for the processing
• Validation and governance – Designing
governance processes that include
Data Protection Impact Assessments
(DPIAs) to help validate and approve
the use of personal data for specific
new purposes. Identify any necessary
steps or precautions that are required to
stay within the law and to prepare any
necessary communication. When data is
shared between agencies, this will include
multi-agency governance
All three of these aspects form part of good
data governance practice and create leading
insights-driven organisations – reconciling
the need for high-value data while respecting
comprehensive data protection laws.
Ultimately, organisations that can
demonstrate they can be trusted with other
people’s data will gain an advantage over
those who can’t. Not only will they reduce
the risk of large-scale fines, they’ll also
reduce the much more serious risk of losing
the trust of their customers or citizens. We all
know that public trust is hard to win but very
easy to lose. n
www.intelligentcio.com