The loss of 25 million records of UK citizens’ personal data by HM Revenue and Customs gives a clear indication that the government, which is aiming to modernize public services through the increased use of IT, has a highly inflated view of its departments’ IT skills and capabilities. Urgent action is now needed if government IT projects are to achieve their objectives.
The main consequences of the data loss scandal have already been covered by the press in some detail. These can be summarized firstly as a huge loss of confidence in the government to handle citizens’ data responsibly, and secondly the threat of identity theft that now hangs over two generations of UK citizens.
The first is a big problem given that data is at the heart of government services – e.g. income and council taxes, the health service, schools registration and the land registry. The second, the threat of identity theft, is part of a real and growing problem; according to CIFAS, the UK’s fraud prevention service, there were 80,000 cases of identity theft in 2006 – 56,000 more than reported in 2001. That is an increase of 192% in five years, and a trend that is expected to increase sharply.
There is a third and less obvious consequence of the data loss scandal – a lack of confidence in the government’s capability to deliver modernization of public services. That modernization hinges on the increased use of IT and data sharing. Yet, the very basic and avoidable errors that led to HM Revenue and Customs’s (HMRC) data loss suggest a failure to appreciate the fundamentals of information management and governance. This indicates that the government’s pursuit of modernization through IT is not being matched with the development of skills. So far, there has been altogether too much attention on outcomes and little on developing the required IT, and the associated personnel and management skills.
Government departments have had to collaborate and share information for decades, and no doubt they have been sending each other floppy disks and CDs for years too. However, the practice has not changed with the times, and the concepts of data security, confidentiality, governance and stewardship have not been taken onboard. These types of failure to adapt and move with the times are often due to cultural issues. Symptoms of these include a glaring lack of training of junior or new personnel, no processes for transfer of knowledge, insufficient communication of requirements and objectives, and poor practice being tolerated rather than stamped out. These types of ingrained cultural issues are very difficult to change and yet must be overcome if the government’s modernization objectives are to be realized.
Another issue is the management of outsourcing contracts. The Conservative Party claims that HMRC failed to desensitize the data to remove bank details and other sensitive information because it would have required an extra payment to data management contractor EDS. That raises questions about an outsourcing contract that has the effect of ‘straight jacketing’ the organization and increasing data security risks as a result. Such contracts would definitely impact the government’s plans for improving data sharing among its departments. The government needs to find out how many of its other departments have similar contracts, and what the cost and risk implications of those would be.
Source: OpinionWire by Butler Group (www.butlergroup.com)