Public sector data protection should allow us to share data - not hinder us
Data sharing, often a major stumbling block to joined-up working in the public sector. How to use a systemic approach to thinking about the problem and delivering a different and far easier solution.
Lets start with a real case study and define the problem that this organisation had.
The Problem I came across a new data sharing issue in a new Hub we were redesigning recently. In this situation local government Council staff were newly sitting next to and working with the Police. The question was:
How do we now share information between us?
This was a project started to develop the workflows, policies and practice in the Hub. The Police, and Council front line staff were in a multi-disciplinary change team, and the managers were connected to that team.
What the Police Did If anyone works with the Police you will find that they have a quite different way of making decisions than any other type of organisation. In the situation with the Hub, they made a local decision to share data in the way that supervisors on the ground thought was reasonable. However, when they went and asked their Data Controller, and the Controller replied they could not share any of the data. As simple as that! The Police then spent the rest of the three months in this position - frustrated, but unable to proceed.
The Standard Solution As is usual, the purpose has to be defined or understood. It will be defined by managers, and may be defined something like;
we need a set of rules on how to legally share data between us, that protects people and allows us to work together efficiently.
This is the usual approach in most organisations to solve a problem like this. They will ask a consultant with analytical knowledge to look at this as a project and study the data. They also need to be fully aware of the legislation, so they ask the Data Controller and get a copy of the Data Protection Act, and read it in detail.
This consultant then takes the data types from a data analyst, and attempts to categorise the data into the categories that make sense, and that show different levels of risk. They would look at the job roles of all the people involved and attempt to make a judgement as to the data they are required to view and why. And engage with the Data Controller and put all the collected findings on the table.
The outcome will be a report, that will be approved, and then circulated down through the hierarchy - as each manager makes sure that their particular concern or point is contained in the final report. In some cases this step in the process can take many months and the problem is seen as:
the needs of different stakeholders, which must be taken into account.
Staff groups are put on a schedule to listen to their managers tell them what the new rules are.
The Systemic Approach Understand Again, the first step that has to happen is that the problem has to be understood. This is done by going to where the work is. The change team listen to demands coming into the Hub, by actually listening to the conversations. They have to understand the whole problem and what matters to the person making the demand.
The purpose they define for the sharing of information remains undefined.
Redesign. The next step, after listening to the demand, is to undertake the work - by just doing the work that matters to fix the problem - together with the person.
The Data So what of the data sharing? Well, the example above is looked at by the team, and the key information that was needed to provide the knowledge required to solve the problem is written down.
The above process is repeated several times, until the team understand enough about the demands and the knowledge. They might do 20 or more demands.
Then the team sit together and analyse what knowledge is needed, and where it is usually held. Interestingly it is quite often held in peoples memories rather than simply in a computer.
The purpose they define for the sharing of information now emerges from the evidence.
The Outcome This analysis is then used to define the agreement on the sharing of knowledge. If a manager does not like this, or wants to add other rules, then they have to work with the team to demonstrate that the evidence proves that this change should be made.
The word data is not included in any document or discussion. The purpose of this exercise is the sharing of knowledge
From a systems thinking perspective, what is important in this problem is not about data, but pertinent information regarding a council officer about to visit the property of someone. As soon as you make it data you have entered the world of concepts and ideas. Systems thinking has to be firmly rooted in the reality of what the the system is really about.
The solution was surprisingly easy, focus on the information - not the data. When there is a new demand, and the council officer wants to know about the what we know about the person making the demand, then they ask a police officer in-front of a computer if there are any issues I need to be aware of when I visit Mr. Smith. The officer could respond with;
maybe you should go with a colleague,
the mother has difficulties talking to a official,
there may be someone staying there illegally,
talk to Jason, he knows a bit about this family,
a police officer will go with you as it might be tricky,
dont go - lets have a conversation...
After the demands were understood, It took about two weeks to define, and make into a workshop for staff.
The Difference Between Systems Thinking and our Usual Approach? Point 1 - there is are no stakeholder needs, as the person and the demand defines the need. Point 2 - there is no inflexible set of rules that applies to certain categories of demands. Point 3 - the managers do not initially define the outcome, the evidence does. Then the managers agree the analysis the team undertook.
What is needed is not the data, its the knowledge I need before the visit and during the process. This real need by-passes all data arguments, as the real basis of data sharing is the sharing of knowledge. The sharing of data can be a side issue to the main principle, that is often used when sharing is between people far away from each other and who are unable to collaborate. If you can collaborate with your colleague in the other service, then the sharing becomes one of knowledge - and a different and much easier problem to fix.
In addition, this approach supports the front line staff and is flexible to every situation. So no detailed procedures or rules are necessary - just the creation of a set of principles to work to in a framework that front-line staff can be coached to use.
This is an real example of using systems thinking to the problem of data sharing. The problem is redefined from data to knowledge - which is should have always been in the first place, if the legislation had been looked at from a systemic perspective then maybe the problem so many public sector organisations are having would be made alot easier.
The data protection act in the UK is actually written to help data sharing and to prevent private organisations from marketing our data. But we tend to see it only as the method of restricting communication. Certainly those who wrote it made a big error in the way that it puts across the central concept of what it is about. But, it really does focus on DATA, and in public sector operations we are far more interested in information.