Wednesday, 30 January 2008

large databases good, small bad

Quoting from todays BCS newsletter "Last year provided plenty of news stories about lost laptops and CDs containing masses of personal data. Confidential data wasn't exposed by corporate systems being compromised by outsiders (foreign or otherwise) but by insiders doing dumb things, like sending unencrypted data in unregistered post."

Whilst it isn't necessarily true that large databases will have well thought out security, in my experience paper systems and small databases don't tend to have very much at all. The exception being where a commodity system, like a primary care health system is replicated. The important thing in security is to have the staff that build systems and control access to data aware of what they need to achieve in terms of data protection, and that is more likly to be achieved in large databases.

Monday, 28 January 2008

Citizen centric does not mean information sharing

There has been a fair bit of commentary recently that makes transformational government synonymous with an ID card and data sharing. The key criticism being that rather than enabling it will be controlling, with citizens being managed rather than served based on what's known about them . For example using HMRC records to ask only low income pensioners whether they like would like pension credit sounds like a service improvement but could be seen as fraud control.

I'm not in favour of the words data sharing, rather that data is openly used to achieve an ethical and public value objective whereas sharing implies a loose uncontrolled pool of data. I see nothing wrong with checking against a tax return income statement to validate that someone is telling the truth when they claim a benefit, but a lot wrong with doing it secretly. What's wrong with saying we'll check you income, or even bettter tell us your tax reference and we'll make sure you get the right benefit?