8 December 2009
Connecting the Public Sector – underpinning secure data sharing
Over four in ten - 44% - of local authorities regularly put sensitive citizen data in the post or use couriers, but the advent of the pan-public sector secure network, GCSX, is raising awareness of the need for secure communications.
Research by LGITU and UKauthority.com conducted across UK local authorities and other frontline services late summer 2009, found that 44% of authorities regularly put sensitive citizen data into the postal or courier systems in paper, USB stick or disk formats.
In light of the constant haemorrhage of data loss suffered by the public sector in recent years this can be described, at best, as unfortunate.
However, 61.9% of councils were, by the end of summer 2009, already using the secure government network (GCSX), and 15% a secure point to point connection, when sending information to central government. Forty one percent used the GCSX to share sensitive data with other local authorities.
In the run up to the extended deadline for connection to GCSX it would appear that the programme had gained significant traction - many indicated that they would be using the infrastructure more often once everyone was connected at the end of September: “Not yet,” said one, “But we will begin to as we have just had our GCSX connection approved.”
By definition, delivering public services to the citizen involves the collection and processing of personal data; in many cases (79%) ‘highly sensitive’ personal data.
It was disappointing, therefore, to learn from the research that the LGA Data Handling Guidelines for Local Government published last November - developed in partnership with Socitm, endorsed by Solace and the IDeA – were not universally adhered to. Worryingly, there appears to be disconnect from the centre, where chief executives believed these guidelines to form the base for policy and practice, and the frontline, where many respondents had never heard of them.
Just 40% said that their council had an ‘Information Charter’ outlining how citizen data is handled. A total of 45%, all technology or departmental respondents, said ‘no’ or ‘don’t know’ to their council having a Corporate Information Risk Policy; 41% did not know if there was a clear incident reporting mechanism in place in case of data breach. Just two thirds (66%) said that staff were regularly trained regarding the sensitivity of citizen information and the importance of adhering to the correct procedures for its handling.
The answers, of course, should have been 100% ‘yes’ according to the guidelines. Indeed, it is noteworthy that no chief executive or senior technology officer answered ‘no’ to these items.
These results contrast starkly with the finding that 96% of respondents felt that the legal requirements of the Data Protection Act impacted they way in which they handle citizen data. Nearly eight in ten (79%) felt that the Human Rights Act, and 94% the Freedom of information Act, had an impact on the way their council handled sensitive citizen data.
It is clear that the importance of keeping citizen data safe has permeated throughout local authorities. But the practicalities of ensuring that this be so – for example by implementing the LGA Data Handling Guidelines throughout the authority – are not filtering down to the troops.
But does data need to be shared?
Almost eight in ten (77.1%) of the quick poll said that, yes, in order to improve the quality and efficiency of public service delivery data would need to be shared. Added one respondent, “There is clearly a need, as all headline cases of child abuse could have been prevented if agencies communicated with each other.”
Stated another: “Total Place looks at how a whole area approach to public services can lead to better services. In order to achieve this it requires data analysis across the whole area. This data will come from a range of service providers on a range of different criteria, ie information on crime and anti-social behaviour. Unless this data is shared an informed and holistic view cannot be taken on issues such as where services need to be better targeted. The approach must be evidenced based and cannot be delivered by a single agency or group. It needs a consistent and collaborative approach which eliminates duplication and joins up activity.”
Indeed, data sharing was expected: “Citizens only want to tell us things once. The organisational and departmental divides within the public sector are not understood by the citizen when they are accessing services. However, this does place a very high profile on data integrity, security and methods of data sharing.
Nearly eight in ten of the sample (78%) currently share data with other local authorities, 74% with the police, 71% with DWP, 64% with the Audit Commission, 59% with HMRC, 56% with HM Courts Service, 56% with health organisations, 51% with schools, 47% with CLG, 42% with DCSF, and 47% the Ministry of Justice.
External databases that most would find electronic access helpful to in their own office were: National Fraud Initiative (62%), National Blue Badge Register (60%), DVLA (59%), National Pupil Database (54%), Joint Asset Recovery Database (53%), Hospital Leavers & Admissions Database (52%), Persistent Offenders Register (50%), Electronic Patient Care Records (50%). Interestingly, only just under half, 48%, thought that access to ContactPoint would help.
As the report is published, at the end of November 2009, all UK councils are connected to GCSX.
It will be interesting to see how this new capability to communicate securely between frontline services and across the wider public sector can help improve public service delivery over the coming year. With GCSX in place the barriers to close working between organisations are no longer technical or cost. Culture, as ever, may be the biggest barrier facing joint working teams or shared services initiatives as the sector faces perhaps its most difficult times.
The perfect storm of spiralling demand for services in the face of inevitable budget cuts will prove one of frontline services greatest challenges. Will the sector look to existing infrastructure to make the most of available resources?
- Download the full report here or view as an eBook
- Download the Executive Summary here or view as an eBook
- Read Government Connect's response to the report in Nov/Dec LGITU here
- Read Sep/Oct LGITU's round up of the report findings here
LGITU’s research, conducted over the same time period - late summer 2009 - looked at who was sharing what, and with whom, across frontline services when it came to citizen data. With support from Government Connect, its sister online news services, UKauthorITy.com and Tomorrow’s Town Hall, LGITU magazine conducted two surveys:
- an in-depth questionnaire (103 respondents)
- a quick poll among those not participating in the in-depth survey (105 respondents)
Both surveys had over one hundred respondents from the breadth of local authority types, from across the country, with a number of police, fire and health organisations also participating. The response rate for local government was 34.4% - over one third of all UK authorities. Approximately two thirds of these responses came from departmental users, one quarter from heads of IT and IT seniors, and the remainder from chief executive/councillor/senior corporate officers.