7. We will set common standards for Data Security
There is no clarity today over where responsibility lies for data security. There are responsibilities within the government CIO’s Office and within GCHQ, as well as in a number of separate departments. There will be different requirements in different departments but there must be some minimum standards and procedures that apply across the whole of government.
There will always be a trade-off between the citizen’s interest in the privacy of personal data and the citizen’s interest in the convenience that can flow from government-held datasets being “joined up”. The difficulty of letting all the different agencies of the state know that a relative has died is often quoted in support of the need for connecting these datasets.
Yet there may be more unsettling reasons for the state to create concentrations of personal data. In 2006, Sir David Varney, the Prime Minister’s Adviser on Public Service Transformation, said that government needs “a deep truth about the citizen (or business) based on their behaviour, experiences, beliefs, needs or desires, that is relevant to the task or issue and rings bells with target people.” Sir David’s interest was a wholly benign one, based on the idea that a government possessed of this “deep truth” can fashion public services more precisely around the individual’s needs. But there can be more sinister uses for such “deep truths”. Information really is power, and when the state has too much information about its citizens, there is too much scope for that power to be abused.
To start to address this issue, we have already announced that we will nominate a senior civil servant with responsibility for data security. In addition, the approach the Australian government has taken with respect to data-sharing across departments warrants further examination. When departments want to data-match records, they are obliged to request permission from the Privacy Commissioner who permits them temporarily to combine data (using overnight batching and fuzzy matching) to achieve a particular outcome. Once that outcome has been achieved, the combined data-set is eliminated. One example is combining information from various sources to validate a means-tested benefit claim.
I might choose to give [my bank][my supermarket][my whatever] loads of data about me – but the moment they screw up I can sue them/attack their reputation publicly/walk – all of this is possible only because there are contestable alternative channels.
There is no contestable alternative to the government service experience. Solve that and a lot of problems will disappear.
There are few hard to reach people: someone, somewhere, is selling them a bottle of milk or a loaf of bread. Find out how to enable that value chain. Pay Point (and others) did.