Agencies across the public sector are jumping into big data and analytics initiatives. They want or need to share their data resources with employees, citizens and businesses so that they can make more informed and insightful decisions, create new services and develop more efficient processes.
South Australia is already making a move to trial data sharing across agencies. The arrangement could allow for such opportunities as pooling reports of domestic violence, criminal background checks and health notifications to help better identify a ‘child at risk’. Western Australia and other states are following suit in their own way.
But this type of data sharing at a broad scale can be risky. Sharing the wrong data can lead to breaches. Unprotected data ‘in motion’ is vulnerable. Access rights to data can be too loose to contain.
The only way to truly ensure the public will be comfortable with this level of sharing is through a sound understanding of the risks involved and the methods of prevention in place.
Here are a few ways to ensure a smoother transition and get holistic buy in from those within agencies and from citizens themselves.
Ward off insider threats and mishaps
Many data breaches of late were the result of mistakes made by individuals within an organisation. While data is the life blood of any organisation, it doesn’t mean every employee should have access to everything. It is time to place serious controls on the data itself and more tightly restrict access for employees.
For example, consider granular level security. It is relatively simple to grant or not grant access to a document stored in a database. But what if your organisation needs to control access to specific elements of a document or data set?
Consider these latest data security features that protect at the very core of where data lives and breathes.
- Redaction: The technical ability to mask sensitive information when data is exported for sharing purposes. It gives organisations the ability to remove, replace or block sensitive information to prevent leaks or the violation of laws or regulations.
- Element level security: Security at the element level—based on an employee’s role—allows specific elements of a document to be hidden from users, protecting sensitive information during queries and updates.
- Advanced encryption: With standards-based cryptography, advanced key management, and state-of-art algorithms, advanced encryption helps to provide separation of duties between the security administrator and any system, network or database administrator significantly reducing exposure.
Tackle the problem of data
Agency heads today know they need to fully and effectively leverage all data. They know they must capture a wide variety of data, store it in a way that makes it accessible and query it based on the rapidly changing needs of the public or changing public policies.
The problem is, there is an extraordinary amount of data that comes in all shapes, sizes and forms. These different data types do not fit neatly into the rows and columns of legacy relational database systems and cannot be used together seamlessly.
By deploying an operational data hub, organisations can more effectively leverage information assets to be processed, analysed and shared in real time. This new, next-generation framework allows for richly structured data, graph data, geospatial data and unstructured data to all figure into a single query or transaction, saving organisations critical time and money.
Build advocacy from within
The Digital Transformation Agency announced it will place 250 staff in government agencies through its entry-level program. While this is a good start, we have to ask: what are the plans for educating beyond this group and beyond entry level?
Fundamental to any organisational change, and especially important for change of this magnitude, is building advocacy from within. It will undermine the entire digital transformation process if managers on up are not fully informed about the wide range of data security risks and the important role data governance plays in data protection.
By providing more robust and comprehensive training, agency heads have the opportunity to demonstrate their own commitment and in the process build greater employee advocacy. At a minimum, decision makers should ensure all agency staff are well-educated about the security-enabled protections such as those mentioned above. This will be a crucial step toward ensuring the success of these security features and their usage.
Getting the public on board
Once you have covered the first three points, the next job to do is to educate the public. After all, it is the government’s job to make sure that people are comfortable with how their data is being used.
This education needs to start with explaining exactly how a person’s personal data will be kept safe and when and under what circumstances data will be shared across agencies. The whole purpose of data sharing is to extract more value for the public. The government should better explain its position and ensure alignment between the intended benefits of its policies, programs and regulations with citizens’ needs.
The road to developing superior government services begins with bedding down the data itself and ensuring the highest level of protection and control. Equally important is to build internal advocacy within agencies through training programs that educate all stakeholders.
Without having these fundamentals in place, data sharing across agencies sounds reckless. If people can’t feel confident in the safe delivery of smart services, they won’t get on board.
Tim Macdermid is Area Vice President, APAC at MarkLogic