1.  INTRODUCTION

  1.1  The Ministry of Justice (MoJ) is responsible for the Government's domestic policy on data protection and data sharing and represents the UK at European and international level.

  1.2  This memorandum sets out to cover the roles of the CIO Council, Her Majesty's Government Chief Information Office and the Transformational Government Strategy.

  1.3  It does not provide detail of specific examples of public and private databases in existence as this is the accountability of the Departments, who "own", collect or process this data.

  1.4  The Transformational Government Strategy enabled by Information technology was approved by Ministers and published in November 2005. It set out three core themes. The first theme firmly positions the Citizen at the heart of the Public Services and ensures that products and services which are implemented meet the needs of the consumer not the product or service provider. The second theme sets out to ensure that the Public Sector moves to a shared culture—in the front office, the middle office and the back office. And finally the third theme focuses on the professionalism and capability of the Public Sector to deliver IT enabled business change.

  1.5  The Transformational Government strategy is underpinned by 13 strands of work, several of which are relevant to this committee. They are:

1.5.1  Identity Management—Before you can share Citizen Data you must be sure that you have identified the correct Citizen before data is shared.

1.5.2  Data Sharing—How do we share data appropriately across the Public and Private sector to aid the efficiency and effectiveness of Public Services. What policies and procedures need to be designed, or updated/clarified, and then implemented.

1.5.3  Information Assurance—How do we ensure that as Citizen Data is shared it is accurate, safe and secure and only those with a legitimate need to know know it exists or sees it.

1.5.4  Shared Services Common Infrastructure—As we share data and we connect Public Sector organizations together to fulfil the Citizen request how do we ensure that the technology is safe, secure and not prone to "prying electronic eyes".

2.  ROLES AND ACCOUNTABILITIES

  2.1  The Accounting Officer for Public Sector bodies however defined are accountable for ensuring that Citizen data is used for the purposes that it was intended for under the various elements of legislation. The Ministry of Justice submission to this Committee sets this out in more detail.

  2.2  Accounting Officers are also accountable for ensuring that the appropriate policies, procedures, people and technology are deployed to ensure that at all times Citizen data is protected from rendering it from becoming inaccurate; ensuring that appropriate security policies surrounding the employment of people, the protection of physical access to building and the safety and security of the technology holding Citizen data is at all times maintained to the appropriate standards.

  2.3  Accounting Officers are also accountable for ensuring that defined roles and responsibilities exist within their organisations to ensure that necessary risk identification and mitigation strategies are executed to ensure that the safe operational use of Citizen Data is maintained.

  2.4  The Ministry of Justice has the accountability for the development and gaining approval, of the Data Sharing Vision, the Data Sharing Strategy and any supporting guidance. The Ministry works closely with the rest of Government and with other relevant parties to ensure that the correct balance is maintained between the rights of the individual to privacy and protection of individuals from terrorism and other crime. Policies and practices are monitored continually by the Government, the Ministry and the Information Commissioner to ensure the balance is in the right place and to prevent abuse.

  2.5  The CIO Council's remit is improve the public service delivery by ensuring that the strategic use of technology and computer systems are aligned to the overall government strategy as detailed in the Transformational Government Strategy. Specifically it is:

2.5.1  To act as a focus for partnership between IT professionals across government, agreeing and implementing best practice methods, tools and techniques of undertaking IT enabled business change.

2.5.2  To bring the Public Sector together by drawing a membership from the wider public sector—central government, local government, and agencies in fields such as health and policing.

2.5.3  Charged with creating and delivering a government-wide CIO agenda to support the transformation of government and to build capacity and capability in IT-enabled business change.

2.5.4  To balance government-wide agendas with accountabilities in line organisations.

2.5.5  Take a holistic approach to the IT enabled change portfolio ensuring where appropriate and possible the Public Sector does not duplicate the creation of technology based systems.

  2.6  The Central Sponsor for Information Assurance within the Cabinet Office is accountable for the development of strategy, policy and guidance appertaining to the protection of data including Citizen Data. They are also accountable for ensuring the accreditation of Departmental computer systems and networks has occurred and that they conform to the agreed minimum standards of security, availability and quality.

  2.7  Her Majesty's Government Chief Information Officer chairs the CIO Council. His role is to work with departmental CIO's and those undertaking IT enabled change to ensure they are aligned and support the Transformational Government Strategy. In this role, the Government CIO provides leadership to the IT Profession across the wider public sector, enables public service transformation through the strategic deployment of technology, drives the development of shared services and act as the "face" of UK Government IT both home and abroad.

3.  THE TRANSFORMATIONAL GOVERNMENT STRATEGY

  3.1  The Transformational Government Strategy set out 13 strands of work that are intertwined and need to be completed if the personalisation of Citizen based services which are convenient to the Citizen are to be delivered. The strategy is not a menu of items that can be picked from that suits the budget, resource or whim of individuals.

  For instance:

There is no point in suggesting that we can personalise Citizen based services if we cannot identify who the Citizen is without any degree of certainty. The Identity Management Strand.

If we can identify who the Citizen is, then this is not much use if this basic Citizen Data—that is enough data to execute a Citizen request within another public sector body—cannot be shared. The Data Sharing Strand.

An organisation would be foolish to accept Citizen Data unless they were certain of its quality and provenance. It would be equally foolish for an organisation to share Citizen Data with another organisation unless it had some certainty that the Data would be protected in line with best practice. The Information Assurance Strand.

And finally to enable greater certainty over the quality of the computer systems and networks that store and process Citizen Data it is logical to reduce these to a smaller number and share them so that greater investment and protection can be applied to the few rather than spread over the many. The Shared Services and Common Infrastructure Strands.

  3.2  The CIO Council is the body that looks to ensure that in their departments and in the wider Public Sector the strands of the Transformational Government Strategy are executed.

October 2007