Expert contribution: Robert Montgomery, Audit & Governance Lead Manager, Telford & Wrekin Council
Part risk manager, salesperson, counselor and subject matter expert - the modern Data Protection Officer (DPO)/Information Governance (IG) Manager really does have more roles than a bakery!
By far, one of the biggest challenges for any public sector DPO/IG Manager is the requirement to facilitate compliance with the different threads of data protection whilst ensuring an embedded privacy culture exists within the organisation in an environment that requires fast, efficient, cost effective and transformational secure digital commerce/data sharing. It can often feel like knitting spaghetti.
The appetite for consuming data digitally is at an all-time high and increasing daily, particularly with the growing use of, and interest in, AI both on the part of businesses and consumers. The digital landscape now encompasses an individual member of the public wanting digital commerce at a low level through to public sector analytics where teams of people are slicing and dicing significant volumes of both personal and non-personal data to provide senior management with data to support evidence-based service transformation.
Added to this is the complication of digitally sharing data sets securely with partners, suppliers and other third parties. Sharing must be legal and secure but, above all, it must be shared with a stated purpose in mind. A lack of purpose, particularly when digitally processing, can lead to project creep, over sharing and ultimately non-compliance with legislative requirements leading to a data breach.
Embedding a privacy-centric culture in any organisation is the critical foundation on which all data handling should be built but particularly in a world of ever-increasing reliance on digital services processing data. Getting yourself in front of key stakeholders, particularly the senior management team, and communicating simple messages on privacy and good governance is essential; perhaps more important, however, is ensuring they are also aware of any challenges that exist in the organisation which might undermine that privacy-centric culture and how to tackle them. A house will collapse without sound foundations and so will your organisation’s digital privacy arrangements without a sound, embedded privacy culture. Get in front of senior people regularly and don’t regurgitate the law to them. Know their services, talk business to them and help them achieve their objectives. Information governance is about sound facilitation and not putting speed bumps in the road.
Earlier I mentioned public sector challenges with digital consumption particularly in terms of security, compliance and overall efficiency of service provision. I think there are common mistakes being made in organisations where the method of digital commerce is shaping service provision and the actual IT solution is seen as the ‘end’ and not a ‘means to an end’. Firstly, the purpose/service requirement should decide the IT solution and not the other way around.
Secondly IT solutions are an enabler to support your purpose and should not ‘be’ your purpose.
There are lots of powerful digital solutions to allow you to process (store, analyse, share, etc.) vast amounts of data real time, a veritable digital pick ‘n’ mix. But sometimes in life there can be too much choice. If I want to share data electronically now, I have 6 or 7 different methods to choose from. Are all of these options really needed? Are we confusing end users? Are we implementing new technology for the sake of it? Is this choice creating risk rather than mitigating it?
It’s an exciting time to be a DPO/IG Manager. Whether its evolution or revolution that your organisation is looking for, make sure you are in the middle of it and being heard.
Be relevant…always be relevant! Digital transformation, privacy and data protection are here to stay!
From interoperability to digital inclusion, we tackle the big issues facing public sector organisations in our latest report.