|
EURIM Information Governance Working Group |
The group aims to help rebuild confidence in the online world by addressing the
conflicts of
guidance that get in the way of good practice. These include UK/EU
legislation that forbids or mandates different approaches towards the sharing of
information according to circumstances that require judgements on which few can
agree, with the risk that wrong decisions by over-worked and under-trained
junior members of staff can lead to personal tragedy or corporate bankruptcy.
|
The measures
of success include:
|
|
-
ensuring
UK/EU governance regimes that make
it a location of choice for the identity and information services that are
at the heart of global electronic commerce;
-
improving the quality (accuracy, availability, presentation etc.) of the
information used for public service delivery and for policy formation,
implementation and performance monitoring.
-
ensuring that all responsible for action have access to clear and practical
guidance as to what should, or should not, be retained or shared, with whom
and under what circumstances.
Introduction, Objectives and Strategy
This
group builds on previous work on Privacy, Personal Identity and Data Sharing,
from the debate on the original EU Data Protection Directive
and the Regulation of Investigatory Powers, through exercises on
Medical Data Protection and on Identity Cards, to work on the
importance of
Identity governance
(not just systems),
Unlocking the Value of Information: “From Toxic Liability to
Strategic Asset”,
the problems caused by lack of attention to quality
“Improving the Evidence Base” and
the need to move from Security by afterthought to
“Security by Design”.
That work led to a growing appreciation of the need for industry
(users as well as supplies) to work together to embed good practice
within collaborative relationships and ensure problems are not
compounded by governments and regulators dictating local
“solutions” without recognising that business has to increasingly
operate across application, jurisdictional and other boundaries.
The group is therefore working to organise a major policy study with
the aim of joining up UK/EU regulatory structures and initiatives so
as to:
-
attract and foster reputable, wealth-creating businesses with regulatory
regimes that support and encourage good practice, including for secure
interoperability with trusted partners in other parts of the world under
different legislative and regulatory regimes;
-
avoid driving reputable businesses offshore to avoid spending time and money
on tick box regulatory regimes which get in the way of good customer
service;
-
reduce reliance on systems that are liable to catastrophic failure, let
alone data leakage.
The long-term aims include to:
-
ensure that our growing reliance on the online world is not inhibited by
fear of e-crime and the consequences of failure to ensure adequate
cybersecurity;
-
preserve and enhance UK/EU competitiveness by making it a natural hub for
global law enforcement: civil (including contracts and disputes) as well as
criminal;
-
ensure democratically accountable regimes for partnership policing (law
enforcement and industry) and cybersecurity: locally, nationally, regionally
(e.g. pan-EU) and internationally;
-
ensure compatible identity, data protection, sharing and surveillance
regimes that attract rather than repel globally trusted information
operations.
The strategy is to build a leadership team with a track record of
success that can credibly deliver the long term objectives.
The short term objectives for that team include to:
-
help ensure UK/EU proposals for regulatory and legislative initiatives face
joined up scrutiny;
-
identify case studies of success that make it easier to build on and join up
what already works;
-
build on the work of the
EURIM Security
by Design Subgroup and ensure that security/privacy by design/default is
embedded in new public sector systems and procurements;
-
build on the work of the
Value and
Quality of
Information subgroups and update information management skills;
-
ensure political
appreciation of the importance of the issues and also of the experience
already available from successful identity and information assurance
schemes;
-
look at the issues from the
perspective of the victims of
impersonation, corporate or individual.
Strategy
Parliamentary and political:
to change the nature of current debate on data protection and
information assurance by showing that the secure sharing of good
quality information is commonplace, including in the public
sector and that the need is to replicate, reinforce, reward and
build on existing good practice.
Industrial and professional:
to provide a neutral umbrella for officials to meet with industry
(users as well as suppliers and consultants) to discuss practical
co-operation in overcoming fragmentation and confusion regarding
responsibilities, liabilities and governance, including for handling
interactions between
those who do not trust each other as well as those who do.
Generic:
to work with and through partners, including the European Internet Foundation
and Internet Caucus and their members and supporters, to assemble consortia of
those who need to deliver results, not just those who wish to study problems or
sell solutions.
|
Parliamentary Chairman: |
Earl of
Erroll |
|
Parliamentary Vice Chairmen: |
To
be confirmed |
|
Industry Chairman: |
John
Bullard (IdenTrust) |
|
Industry Vice Chairmen: |
Electronic Voter Registration - Paul Wilson (De La Rue)
Quality of Information - Guy Daines (CILIP)
Privacy – Alma Whitten (Google)
Secure Sharing - Rob Carmichael (Atkins) |
|
Rapporteurs: |
Dr
David Wright supported by Dr Edward Phelps |
|
Parliamentary Monitors |
Rt Hon David Blunkett MP, Baroness Neville-Jones |
|
Members: |
Alcatel-Lucent, Atkins, Barnardo's, BCS, BT, Cassidian, CEDR, CILIP, Cisco,
Citibank, CPHC, CSC, De La Rue, Experian, Everything
Everywhere, Fujitsu, Gemalto, IBM,
IdenTrust, Intellect, ISACA, ISCē, ISSA,
Kaspersky, LINX, Logica, McAfee, Microsoft, NEN Trust, Nominet, RIM, Royal Mail,
SAS, SOCITM, Symantec, Trend Micro, The Law Society, UK Payments Admin,
VocaLink, Wave Systems |
|
Observers and Partners: |
All-Party Space Committee, Audit Commission, BIS, Cabinet Office, Centre
for Policy Studies, CESG, Citizens Advice, Conservative Technology
Forum, Consumer Focus, Cumbria Police, DCLG, DEFRA, Directgov,
DWP, ERA, FSS, Government Connect, Home Office, House of Commons
Library, IAAC, ICO, IPPR, IPS, Met Police, MoJ, NAO, NFSA, NPIA,
OII, ONS, UKERNA, UK NTAC |
Work
Programme for 2011-2012
Quarters 1 and 2
Quarter 3
-
Assemble leadership team for major study and produce outline work programme,
including objectives, structure, methodologies and timescales for discussion
with target participants.
-
Produce formal response to consultation on the implementation of Electronic
Voter registration systems.
Quarter 4
-
“Come and Join Us” recruitment activities for major study.
-
Identification
of research topics for academic partners.
-
Identification of initiatives to be subjected to joined up scrutiny.
2012 Quarter 1
Forthcoming
Meetings
All sub-groups work mainly by e-mail/teleconference with physical review
meetings at approximately six-week intervals. The Information Governance Group
has been asked to organise a high profile political briefing meeting in
June/July for the new intake of MPs. The precise date has yet to be fixed.
Recent
Meetings and Papers
Group
Outputs (Papers & Briefings)
Other Relevant Documents and Links
|
