Data and securityGDPRAchieving the right balance between insights and data privacy

Achieving the right balance between insights and data privacy

Mark Humphries, Managing Consultant for Civica Digital, explores the importance of data structure and governance for insights-driven councils and public bodies.

In the last few months, there have been several stories of councils developing predictive algorithms to identify families where children may be at risk from abuse or gang exploitation. According to research by The Guardian, algorithms have been developed via data from at least three separate agencies: school attendance and exclusion data, housing association repairs and arrears data, and police records on antisocial behaviour and domestic violence.

Such insights from data analysis is invaluable to councils. Supporting vulnerable families is arguably the most important task that councils can provide and for many councils the combined budgets for adult and child care account for more than half of their total spend. Early intervention has the potential to both improve outcomes by preventing difficult situations spiraling out of control and to reduce long term costs.

How does this affect data privacy?

There are several steps needed to be undertaken first for public sector organisations to make the most out of their data. This includes ensuring they are aware of all relevant data protection laws and are abiding by ethical standards.

This issue is growing ever more prevalent as the rise of machine learning and use of predictive models by organisations raises important questions, both ethical and legal. For example, what constraints need to be considered? Also, what safeguards and oversights are needed to ensure that privacy laws aren’t broken?

With data being collected and stored at an unprecedented rate, it is easier for firms nowadays to share, merge with other data and analyse to gain valuable insights. However, organisations must not forget that the rights of the individual are enshrined in new laws including what may and may not be done with their personal data. There is tension between what can be done (technically) and what may be done (legally).

Data privacy in the UK is covered by the Data Protection Act 2018, which replicates the EU’s General Data Protection Regulation (GDPR) and provides a principle-based legal framework for processing personal data in ways that respect individuals’ rights.

Starting with the rights of the individual, a data subject has the right to be informed about how their data will be used, which implies that this information is available at the point when the data is first collected. In simple terms it means that the following questions require clear unambiguous answers: What data of mine do you need? Why do you need it? What will you do with it? How will you keep it safe? Who will you be sharing it with? And what will you do with it when you no longer need it?

Maintaining citizens’ trust

On top of the operational challenges that councils face, maintaining a trusting relationship with their citizens is paramount. More still needs to be done as Civica research found that only 11% of the UK public completely trust their local authority or the government to handle their data. Although councils are continuing to transform their services through insights-driven models, more work is needed for improved data transparency, security and shared access.

On the positive side, 48% of the UK public agreed that sharing more information will lead to better services, so they are open to building that relationship further.

Data analysis vs data collection

The primary purpose of data collection may well be straightforward. For a council, data may be collected with the aim of collecting council tax, providing social housing or the day-to-day management of schools.

Data analysis on the other hand is different. It rarely starts with the collection of fresh data. It typically starts with a question and then looks for the answers in data that is available. The data might be usually in multiple databases, collected over years for diverse and unrelated purposes. In the case of the councils, a reasonable question might be, “is it possible to identify families where children are at an increased risk of abuse?” This leads to a series of hypotheses about the selection of existing datasets held by the council and other public services. It is very unlikely that residents ever thought that their council tax payment records might one day be combined with police records and used to assess the risk of child abuse.

A proven model for insights and data privacy

Addressing current and future data regulation challenges and enabling analysis and data sharing between agencies under GDPR/DPA18 requires a reliable, robust data governance framework. This will include:

  1. Data review and roadmap: Reviewing the personal data you have, how and why it was collected and its limitations.
  2. Scope of analysis: What data will be included in the scope of the analysis, whether personal data is required, and if so, whether there is a legitimate legal basis for the processing.
  3. Validation & governance: Designing governance processes that include Data Protection Impact Assessments (DPIAs) to help validate and approve the use of personal data for specific new purposes? Identify any necessary steps or precautions that are required to stay within the law and to prepare any necessary communication. When data is shared between agencies, this will include multi-agency governance.

All three of these aspects form part of good data governance practice and create leading insights-driven organisations – reconciling the need for high-value data whilst respecting comprehensive data protection laws.

Ultimately, organisations which can demonstrate that they can be trusted with other people’s data will gain an advantage over those who can’t. Not only will they reduce the risk of large-scale fines, but they’ll also reduce the serious risk of losing the trust of their customers or citizens. Because we all know that public trust is hard to win but very easy to lose.

Related Articles

Councils using predictive algorithms to uncover child abuse

Data and security Councils using predictive algorithms to uncover child abuse

1y Amy Mason