As increasing amounts of data are stored electronically it becomes easier to allow information to be shared across a number of parties who could find access to the information useful. Not only can information be shared but it can also be aggregated and used to make inferences. There may often be significant benefits in facilitating information sharing but, as this paper will demonstrate, there is a need to approach information sharing with caution if we are to protect the ordinary citizen in the process. The ultimate aim has to be to ensure that we achieve the benefits of allowing wider access to information whilst still protecting the public interest.
There is currently a great deal of interest in issues of data sharing and multi-agency working1 but relatively little work has been undertaken on the governance structures that could support these aspirations. There is a recognised need for IT systems to provide the technological support that will allow the sharing of information to take place but at the same time there is a need to develop appropriate governance processes that will be used in the operation of such systems. Governance has been defined as ‘the system by which organisations are directed and controlled’ and the three fundamental principles of governance are ‘openness, integrity and accountability’2. This paper is based on research undertaken in the UK in the public sector and outlines the issues that need to be considered when implementing governance models for information sharing.
The requirement for sharing information is applicable across both the public and private sectors and depends largely on trust. This paper explores what we mean by ‘trust’ with regard to information sharing and the elements that contribute to the building of trust in each element of the information sharing architecture.
This paper considers the importance of understanding the different contexts across which information will be shared and the way that current relationships (both formal and informal; internal and external to the organisation) and working practices shape expectations of what can be achieved with information sharing. It moves on to explore the conclusion that in order to implement ethical governance processes for sharing information it is necessary to separate out the specific implementations from general aspirations and to consider the impact on the individual (both as citizen and as employee) alongside the welfare of society as a whole.
This section of the paper looks at the broad requirements that must be satisfied to ensure that information sharing is successful. A case is made for separating out the technical implementation from the governance processes and for ensuring that there is both technical robustness and operational flexibility in the system. Other criteria that are examined include the need to ensure that governance processes are aligned with organisational structures and ways of achieving stakeholder buy-in. Finally, the breadth of legislative requirements is considered such as human rights, data protection and freedom of information and the impact that this has on information sharing aspirations.
The middle section of the paper concludes that there are a number of tensions that need to be balanced in order to develop good governance processes for information sharing. These include the need to balance organisational structure with public perception by implementing rigorous audit trails and ensuring that privacy of the individual is maintained.
A further tension that has been highlighted in current research in this area is that between ‘formal institutions of law and guidance on the one hand, and the informal institutions of organisation and inter-organisational functioning on the other’. This is explored in the paper alongside the difficulties of classifying the information that is shared as objective or subjective, and the issue of what happens when information is aggregated across systems and used to draw inferences.
The final area of tension that is examined is between the need to separate the IT implementation from the governance structure and yet to maintain communication and alignment between the two. Some areas of particular concern that threaten to complicate this issue are to do with outsourcing, acquisition of technology and services, building and maintaining supplier relationships and the addition of new partners and/or technology to the information sharing structure.
Given the requirements and tensions that have been highlighted the paper goes on to consider the governance structure for information sharing and explores the roles and responsibilities that have to be assigned. In this section the paper highlights the need to comply with various standards and regulations, the need to have an external facing role that can promote the need for information sharing, the separation between technical and procedural accreditation issues and the difficulties of building a team with the relevant expertise to handle the governance processes.
The paper concludes by highlighting the principles that need to be considered in order to gain the benefits of information sharing whilst still protecting the privacy of the individual citizen. Furthermore it highlights areas where there is still significant research to be undertaken and explores how an inter-disciplinary approach is likely to be the most successful way forward.
See the Bichard Inquiry final report for a discussion of the need to share information across law enforcement agencies http://www.bichardinquiry.org.uk
Cadbury quoted in ‘Towards a ‘Generic Framework’ for Information Sharing between Public Sector Agencies’, Framework for Multi-Agency Environments (FAME), p.8
‘Data Sharing and Confidentiality: Spurs, Barriers and Theories’, Perri 6, Christine Bellamy and Charles Raab, paper given at the Political Studies Association Conference, University of Lincoln, April 5-8, 2004