Data governance is becoming increasingly important in the public sector to ensure information is shared securely.
There’s a realisation that data needs to be made more widely available so that departments can prevent duplication of effort, citizens can benefit from joined up services, and civil servants can work more collaboratively. However, sharing data presents real security challenges and, with many public sector organisations mindful of the data protection compliance requirements of the GDPR and FOIA, opening up data can be a daunting prospect.
As the Digital Strategy states, government “must maintain the confidence and trust of those who provide us with their data: that it will be kept safe and secure: that it will be handled legally, responsibly and ethically”. It warns that any failure to do so will result in strict penalties for misuse. Yet the strategy also calls for data to become “open by default”. So how can public sector organisations make data both open and secure?
The first step outlining how data will be stored, archived and retrieved securely is a document and records management policy which many government bodies already have. This provides the organisation with a uniform set of requirements which align to the Digital by Default mandate by reducing reliance on paper-based documents, making documents available in common formats (in keeping with the open standards advocated for government data and technology), and promoting accessibility through support for data over any device.
Data as a resource
The policy should also embrace current compliance requirements. HMRC’s Records Management and Retention and Disposal Policy, for instance, align with the FOIA, PRA, DPA and GDPR legislation. It’s policy scope is to protect critical records, ensure efficient retrieval, reduce risk by supporting audit and government investigations, and minimise storage requirements and costs.
What’s missing - and is going to become increasingly important in the future - is a reference to how data will be shared.
The government’s Digital Strategy recognises and pushes for central government agencies to begin viewing data as a shareable resource. It states, “the true potential of data can only be harnessed if it is open for use by others” and says government has a duty to make it “easier where possible to access and use data” and to “ensure that data is used to its maximum potential within government to provide more efficient and responsive public services”. The aim is to “collect data once and use it many times”, thereby increasing efficiency.
For this to happen, public sector organisations must have the requisite infrastructure in place, encompassing storage, software tools, networks, cyber security and data management. In real terms, this means a solution capable of facilitating data discovery, building taxonomies and of managing data using automated tools. Only a dedicated document management system can perform all of these functions, providing end-to-end lifecycle management.
Electronic Document management systems facilitate secure data sharing in the following ways:
- Data discovery: siloed data can be identified and tagged from across disparate systems or locations. A ‘Redundant, Obsolete, Trivial’ (ROT) analysis can be carried out to determine which data needs to be retained. Even so called ‘dark data’ can be mapped.
- Disparate data formats: documents can be scanned or converted into digital open standard formats. Even images can be scanned and the contents automatically converted to text
- Centralisation: documents are filed in taxonomies in a central archive, eliminating the problem of data loss and making search and retrieval easier. Filing is performed automatically using Artificial Intelligence and pattern-matching to read and categorise content. Documents can also be flagged for retention, disposal or review
- User access: permissions-based access allows authenticated users to access and manipulate documents ensuring staff can collaborate effectively and securely. Changes are tracked showing when a document has been edited for auditing purposes
- Secure storage: confidential data can be encrypted and provision is made for secure data disposal at end of life
- Compliance: automatic compliance with FOIA, DPA and GDPR requirements. For example, tools facilitate search across structured and unstructured data for Personal Identifiable Information (PII) in keeping with the demands of the GDPR.
It’s only by putting in place a document management system that can automatically identify, classify and track data handling that public sector organisations can begin to move towards the democratisation of data envisioned in the Digital Strategy.
To become ‘open by default’ organisations will also need to revise their document management policies to support wider and inter-departmental data and even commercial access. The Digital Economy Act makes provision for such data to be made available to businesses with a recognised public interest, such as utility providers, for example, making it imperative government organisations look to open up access beyond their immediate networks.
To systematically capture and control data in line with compliance requirements the public sector needs effective document management. Armed with a watertight policy and AI powered document management platform, the organisation can provide the assurance and evidence needed to demonstrate that data is being handled securely and responsibly.
For more information on how we can help you share your data securely, contact us today.