Image: Paolo Marconi
Talking to a room full of child protection practitioners at the launch of our work with Brighton and Hove City Council recently, I outlined the story of Patchwork to date. The response was great – I couldn’t have hoped for more enthusiasm and participation from everyone there. We had a full house and even a potential fire hazard at one point, until we made more space for the nearly 90 practitioners that turned up.
It was a proud moment sharing our journey with Patchwork so far and it’s clear that designing the app with practitioners instead of at them has led to a product that meets their needs. No one questioned the point of Patchwork – all the questions were asking what it does and what more it could do (answer: plenty!).
As you can imagine, a lot of the questions were about information security. Is it open to just anyone? How do you stop people randomly searching for others? And of course people wanted to know if they could upload their case notes and use it as a multi-agency messaging system. This is where my heart sinks a bit. Technically can we do that stuff? Of course! In reality will we be able to do that stuff? Right now it seems a couple of years off.
The problem is Information Governance. I don’t have the background to go into the detail of it, but our work on Patchwork has introduced us to a moral maze (or is that a legal labyrinth?) of Information Governance issues. The law (or is it policy? or guidance?) is confusing to say the least, but more confusing is the way that the public sector’s policies seem set up to prevent good working links between different agencies – health, police, local councils, voluntary sector, housing associations, private companies, fire service and even individuals like parents and carers.
This post is not a rant about how bad the policies are, or how the law should be changed. It’s a call to local authorities and other public sector agencies to invest in their Information Governance teams. Investing in anything right now is a tall ask but if there’s anything that can save money in the medium to long term it’s having an all-star, red-hot Information Governance team.
I know what it’s like – you see ‘Information Governance’ on a budget line and think ‘That’s got ‘cut’ written all over it’. After all, who really knows what those guys do? Didn’t we just invest in Sharepoint? Wasn’t that supposed to solve all these problems and mean that information is flowing round the organisation like a well oiled machine? (How’s that working out for you by the way?).
Here’s what a top-notch Information Governance team should be doing: working out how local authorities can share information with other agencies (and vice versa) without compromising people’s privacy and security; thinking about how to work with cloud computing and the security and information implications of having data hosted outside of the council; helping staff in services understand how to use the web safely; helping you figure out how you can stop investing in big expensive systems and start running lightweight web-based apps. I’d like to see more suggestions in the comments…
Most local authority Information Governance teams are only a couple of people strong if you’re lucky, and those we’ve encountered in the NHS seem to be about the same. They’re overworked, under-resourced and operating in a world that is rapidly dying. No wonder their default position is to say ‘no’ and to operate an approvals-based system that leaves you guessing at what might satisfy their standards. They don’t have time to work together to find solutions and ways to break through the barriers, they only have time to highlight risk. Furthermore they work in a field that is tabloid heaven. If something goes wrong it’s their responsibility (legally) and their name in the Daily Mail. The fear of blame is endemic in the public sector and leads to restrictive practice all over the place. But that’s another post for another day.
The point is that it’s easy to blame Information Governance teams for not being progressive enough or for constantly blocking innovation. But good information governance is essential to keep services running in a web-enabled world, and it’s the last thing that should be running on a shoestring. It’s time to invest in professionals who know their stuff, have in-depth knowledge of web technology and security, and have time to support the organisation in how they use technology and use it right, not whether to use it at all.
If this post had any influence at all we’d see 400 councils rushing out to recruit their own Information Governance teams. But in reality a district probably doesn’t need its own team, and in many ways even a county doesn’t. It would be way more interesting to see local authorities and other public agencies investing together in a shared Information Governance resource, perhaps at county or city level. They could afford more and better advice and the advice would be applicable to a region rather than a fragmented agency-by-agency basis. That would put organisations on an equal footing and create the conditions for multi-agency working to be successful.
Meanwhile, back at PatchworkHQ we’ll be spending the next 6 months trying to work through the information governance issues associated with letting practitioners from different agencies just see who else is working with their cases. The title of this post is a quote from a social worker who refuses to let the absurdity of current Information Governance rules dictate her practice, and we’re fortunate to work with many others who feel the same.
Onwards!
Brilliant that you have raised this ‘boring’ issue.
Socitm has published extensively on information governance and management, but being at the distinctly unsexy end of ICT, something most managers still feel uncomfortable with anyway, this material is not as widely read or acted upon as it should be.
Planting the Flag – the strategy for local public service reform that Socitm has developed on behalf of local government, identified six key issues, of which two were information governance and information management. Here’s what we said about information governance:
Efficient, effective, local public services depend on fast, secure access by authorized personnel to ‘a single version of the truth’ about people, assets, finance, service usage and performance. This requires changes to current practice in information governance, architecture and responsibilities that span local public services.
And about information management, assurance and transparency:
Most managers do not recognise the value of information or appreciate the importance of its quality. Failure to share and a tendency to duplicate information across local public services are endemic. There is no common, local public services security framework………these issues need to be addressed with new, shared, information management policy and practice across local public services.
A third key issue identified was ICT polices of central government departments. Here we said:
We would like to see common information assurance approaches and standards, especially around health services. Mandating all public service organisations to move to the proposed Public Sector Network would usefully standardise networks and services. A single identity management and verification standard for employees and citizens to access all government services (excluding the highest levels) would also help, as would the application of appropriate levels of information assurance management for local public services delivery, based on
associated threats or risks.
Copies of Planting the Flag are free to download at http://www.socitm.net/info/20101/planting_the_flag-a_strategy_for_ict-enabled_local_public_services_reform
A really interesting article. Great that you’ve highlighted the case for supporting information governance professionals. Much of the work that started with Total Place and which has become Community Budget and Local Integrated Services has also pinpointed information governance and management as being in the top two issues.
It is however interesting to see that this subject comes up in a safeguarding context where there is specific provision allowing data sharing around as risk children without consent. Most of the issues that we are helping with relate more to ‘welfare’ and ‘better life chances’ where there isnt currently enabling legislation.
Data Protection, IG / IM are definitely becoming an endangered species and it has been interesting to note that only when someone in that role is leaving does the organisation suddenly realise the capability that is walking out the door. Ive a couple of examples of this going on at the moment.
One of the things that we do at NWEGG is run a network of 250+ IG managers across the NW. This links with our Warning, Advice and Reporting Point service and is supported directly by the Information Commissioners Office. The relationship with the ICO is enormously valued because our members are able to receive immediate (or quick) answers to knotty problems and we are very grateful for their support.
This network is available to people outside the NW – we’re rebranding next week and part of the reason is to emphasise this. If anyone wants to find out more about this please get in touch – details are on http://www.nwegg.org.uk.
Best wishes
Phil
I think you are spot on regarding helping staff to use the web safely and stopping the investment in big IT. It’s all about building confidence and competence.
We at IRISS frequently come up against the barrier of bocked access (see our report on access to social media in the social services: http://comment.iriss.org.uk/content/social-media-social-services
We’re happy work with others to get things moving…
Pingback: Three roles local authorities need to fill right now « News from a Nerd
That’s a dodgy quote you’ve used there. It has no meaning whatsoever, and is frankly unprofessional. If that’s a social worker then actually the information governance is fairly clear because of the statutory work she does. Governance becomes more difficult when we are talking about sharing information at realm below statutory intervention, when we have to be mindful of the rights to privacy members of the public have. This isn’t about ‘going to prison’ this is about professionals respecting the wishes of the people about whom they are sharing the information. And once again (perhaps I should have a second read) we are talking about the needs of data owners rather than the desires and wishes of data subjects.
Hi Mat
Thanks for the comment. Maybe the quote is a little sensational but it came from a place of frustration with the current system and a genuine passion for keeping children safe. Unfortunately the information governance is not clear, regardless of the statutory duties, because it’s clouded with ‘guidelines’, policies and different interpretations of the rules in different places. Similarly there is an obsession with blame if things go wrong, which leads to the idea that this is about ‘going to prison’. All of this is why it’s so vital to invest in information governance right now, because expert advice can help clarify and simplify things. As I say in the post, the role of good information governance teams should be about helping agencies work together in a way that also ensures families’ privacy.
I strongly agree with what you say about the needs of the ‘data subjects’ (though really I think these people should be referred to as the ‘data owners’ as it is after all their data). Unfortunately we are finding that people are either having their data wishes ignored, or misinterpreted. This works both ways and we have equally talked to people who wish practitioners would share their data between agencies but don’t because of a slightly paternalistic approach to ‘protecting’ people. Likewise there are people who have told us they don’t want the fact that they are involved with the police to be shared with other agencies and we are working with them to understand more about this and how Patchwork can help.
I strongly believe that the only way to get around many of these problems, as well as the overall lack of clarity, is to give families ownership of their own data and let them share it ‘on their own terms’ (ref. @adriana872 for that phrase in this context). This is a personal hobby horse for me but we are also testing the idea with families to see how it could work in practice. This is a very sticky area though, not least because the very people about whom you might want to share data between agencies (i.e. abusers) are also the people who are least likely to want that data shared. We are working through these issues with practitioners and families because I think they hold the answers.
Please do stay tuned for more on this as we will definitely return to it in future!
Hi Ian
Cheers for the link. Blocked access is such an issue, especially for children’s practitioners because more and more it’s the only way their clients communicate. As you say, good information governance teams don’t block web technology, they help people use it safely. This kind of support has never been more needed than it is now.
Hi Phil
Thanks for sharing that. We’re definitely up for getting involved in the network and I’ll drop you an email about it
Carrie
Hi Vicky
It is unsexy isn’t it?! Good to hear that SOCITM are on the case, though I would challenge the idea that you can ever get to ‘a single version of the truth’, especially where public services are concerned. This sort of thinking tends to lead to big centralised systems. I still hold that the best point of integration is the citizen themselves, rather than at the systems level.
I do agree that the PSN will help things, though the idea of the government having ‘single identity management and verification standards’ initially scares me as I’d like to be the authority on whether I exist, rather than the government! But perhaps I’ve misunderstood what that means and my cynical brain has leapt to 1984?!
Just picking up on Carrie’s point about the data owners being the individuals and families themselves. In 1993 Bryan Glastonbury and Walter Lamendola wrote a book called “The Integrity of Intelligence” http://www.amazon.com/Integrity-Intelligence-Bryan-Glastonbury/dp/0333605217 and made just that argument in the book. All these years later we are still stuck in the same quagmire. There has to be a way out but I can see families not wanting to either hold or share data that is negative in nature. My daughter when she was 4 gave a friend who had just become a father a “good daddy” certificate. 23 years on he mentioned it that he was still proud of it. I cannot see the same happening with a “bad daddy” certificate. There are real issues about the meanings of words held on data records “assessment” in health is not the same process as “assessment” in social work, etc. Again in the 90s work was begun on what was then called the Read Codes to align health and social work terms, unfortunately the government pulled the plug on funding. I believe Scotland has gone further down this road than England.