EURIM Information Governance Working Group
The original objective of this group was to rebuild confidence in the competence
of the public, private and voluntary sectors to securely manage the sharing of
identity and information services by identifying and publicising good practice.
It has, however, become apparent that much of the data on file is not only
insecure but unfit for purpose, sometimes lethally. There are wide variations in
quality and availability alongside poor safeguards against fraudulent
manipulation and policies of “no departmental liability”. The political
implications of this situation go well beyond the issues of privacy and
surveillance.
Introduction, Objectives and Strategy
This
group builds on work on Privacy, Personal Identity and Data Sharing,
from the debate on the original European Data Protection Directive
and the Regulation of Investigatory Powers, through exercises on
Medical Data Protection and on Identity Cards, to the recent
inquiries with regard to Information Assurance.
The current
objectives include:
-
to reconcile
practical experience of what works with the aspirations of those seeking to
promote new methodologies and technologies (including for privacy and
surveillance);
-
to understand
and address the issues of individual and organisational behaviour and
motivation;
-
to provide
practical guidance as to who should be responsible for doing what,
reconciling conflicting legislation over what can/should/not, be retained or
shared, with whom and under what circumstances;
-
to ensure the
UK has governance regimes that make it a location of choice for the identity
and information services that are at the heart of global electronic
commerce, because if these move offshore so do many of the wealth creating
industries they support;
-
to greatly
improve the quality (accuracy, availability, presentation etc.) of the
information used for public service delivery and for policy formation,
implementation and performance monitoring.
Strategy
Parliamentary and political:
to change the nature of current debate on data protection and
information assurance by showing that the secure sharing of good
quality information is already commonplace, including in the public
sector and that the need is to replicate, reinforce, reward and
build on existing good practice.
Industrial and professional:
to provide a neutral umbrella for officials to meet with industry
(users as well as suppliers and consultants) to discuss practical
co-operation in overcoming fragmentation and confusion regarding
responsibilities, liabilities and governance, including to share
experience of existing processes for handling interactions between
those who do not trust each other as well as those who do.
Work
Programme for 2010 and Forthcoming Meetings
This follows up
on work that arose from the Directors Round Table in November 2008. The overall
objective is to set the agenda and provide a forum to bring together the people
and organisations that will provide the critical mass to make things happen.
There are six overlapping and inter-linked sub-groups.
1.
Basic Principles:
tasked to –
-
produce and
publicise balanced guidance covering the elements that constitute good
governance (clarity of accountability, responsibility, ownership, quality,
security, availability, people processes etc.);
-
create credible
policy frameworks against which suppliers can deliver transparently, thus
enhancing client and customer confidence in their products and services.
The main task for
2010 is to turn the material produced to date into attractive and effective
multi-media presentations for the influence-rich, time poor audiences who decide
policy priorities. The sub-group is looking for partners to help achieve this.
2.
Security by Design:
tasked to –
-
change market
behaviour so that the security of the complex online systems on which
society now relies is commonly built in from the start and from the top
rather than added “by afterthought”;
-
change public
sector behaviour so that clear statements of the level and nature of
security expected form part of the initial planning for new programmes with
shared audit and assessment services.
The outstanding
task is to assemble a consortium of those willing to work together to:
-
ensure that
good practice becomes commonplace among the market leaders;
-
present and
promote the material produced to date, adding case studies of success from
their experiences and that of their partners and customers; and
-
secure action
on the recommendations by government and by the relevant professional bodies
and trade associations.
3. Value
of Information: tasked to –
-
cause
organisations, particularly public sector, to treat information as a
valuable asset, to be invested in and protected, alongside finance, people
and property, less neglect turn it into a toxic liability;
-
educate the new
intake of MPs on the critical importance of good information to policy
formation and public service delivery.
The outstanding
task is to assemble a consortium of those willing to work together to:
-
see that good
practice become commonplace;
-
present and
promote the material produced to date, adding case studies of success from
their experiences and that of their partners and customers; and
-
secure action
on the recommendations for action by government and by the relevant
professional bodies and trade associations.
4.
ID Governance:
tasked to
-
address those
issues that may require political action, including governance frameworks
for responsibility, liability and accountability, with the aim of also
making the
UK a location of choice for
international operations that must exchange information with those operating
different regulatory regimes. That entails basing the UK regime on global
best practice, particularly for cost-effective and efficient
inter-operability, disputes resolution and redress;
-
brief MPs and
senior officials on how best to implement electronic Individual Voter
Registration (eVR) in Great Britain, as provided for by the Political
Parties and Elections Act 2009, under which individuals will be able to
update their own registration data, replacing the traditional method in
which the head of the household tended to provide all the information. A
political priority is guidance on avoiding pitfalls.
The sub-group has split the
two exercises with draft material timetabled for high profile review meetings in
June/July, with the new intake of MPs, including a workshop to look at the
experience of the Scandinavian nations. The drafts will then be expanded for a
next round of review in the Autumn. These are potentially major exercises
because we can find no other group looking at the issues of governance (as
opposed to technology) in the UK/EU.
5.
Quality of
Information: tasked to follow up the round table with the Audit
Commission, National Audit Office and others on 22nd February, “Uncovering
the Truth” by:
And
drafting recommendations for:
-
industry
and professional action to improve the quality of information management at
all levels;
-
improving
understanding of the basic principles and importance of good information
management among policy makers, decision takers and other end-users at all
levels;
-
improving
the quality of public sector information management and its use for policy
formation.
The group aims to
have its first drafts ready for review June/July.
6. Secure Sharing
This sub-group is joint with the Security by Design and Public Service Delivery
Procurement sub-groups. It is currently assembling a team (including from the
relevant trade associations, professional bodies, suppliers of all sizes and
observers with procurement and policy responsibility), to look at the
procurement of security advice by the public sector. There are problems of
fragmentation and duplication of process compounded by severe shortage (both
quantity and quality) of those with the necessary skills.
Forthcoming
Meetings
All sub-groups work mainly by e-mail/teleconference with physical review
meetings at approximately six-week intervals. The Information Governance Group
has been asked to organise a high profile political briefing meeting in
June/July for the new intake of MPs. The precise date has yet to be fixed.
Recent
Meetings and Papers
Group
Outputs (Papers & Briefings)
Other Relevant Documents and Links
|
