APPENDIX 50
Memorandum submitted by Her Majesty's
Government Chief Information Officer
1. INTRODUCTION
1.1 The Ministry of Justice (MoJ) is responsible
for the Government's domestic policy on data protection and data
sharing and represents the UK at European and international level.
1.2 This memorandum sets out to cover the
roles of the CIO Council, Her Majesty's Government Chief Information
Office and the Transformational Government Strategy.
1.3 It does not provide detail of specific
examples of public and private databases in existence as this
is the accountability of the Departments, who "own",
collect or process this data.
1.4 The Transformational Government Strategy
enabled by Information technology was approved by Ministers and
published in November 2005. It set out three core themes. The
first theme firmly positions the Citizen at the heart of the Public
Services and ensures that products and services which are implemented
meet the needs of the consumer not the product or service provider.
The second theme sets out to ensure that the Public Sector moves
to a shared culturein the front office, the middle office
and the back office. And finally the third theme focuses on the
professionalism and capability of the Public Sector to deliver
IT enabled business change.
1.5 The Transformational Government strategy
is underpinned by 13 strands of work, several of which are relevant
to this committee. They are:
1.5.1 Identity ManagementBefore you
can share Citizen Data you must be sure that you have identified
the correct Citizen before data is shared.
1.5.2 Data SharingHow do we share
data appropriately across the Public and Private sector to aid
the efficiency and effectiveness of Public Services. What policies
and procedures need to be designed, or updated/clarified, and
then implemented.
1.5.3 Information AssuranceHow do
we ensure that as Citizen Data is shared it is accurate, safe
and secure and only those with a legitimate need to know know
it exists or sees it.
1.5.4 Shared Services Common InfrastructureAs
we share data and we connect Public Sector organizations together
to fulfil the Citizen request how do we ensure that the technology
is safe, secure and not prone to "prying electronic eyes".
2. ROLES AND
ACCOUNTABILITIES
2.1 The Accounting Officer for Public Sector
bodies however defined are accountable for ensuring that Citizen
data is used for the purposes that it was intended for under the
various elements of legislation. The Ministry of Justice submission
to this Committee sets this out in more detail.
2.2 Accounting Officers are also accountable
for ensuring that the appropriate policies, procedures, people
and technology are deployed to ensure that at all times Citizen
data is protected from rendering it from becoming inaccurate;
ensuring that appropriate security policies surrounding the employment
of people, the protection of physical access to building and the
safety and security of the technology holding Citizen data is
at all times maintained to the appropriate standards.
2.3 Accounting Officers are also accountable
for ensuring that defined roles and responsibilities exist within
their organisations to ensure that necessary risk identification
and mitigation strategies are executed to ensure that the safe
operational use of Citizen Data is maintained.
2.4 The Ministry of Justice has the accountability
for the development and gaining approval, of the Data Sharing
Vision, the Data Sharing Strategy and any supporting guidance.
The Ministry works closely with the rest of Government and with
other relevant parties to ensure that the correct balance is maintained
between the rights of the individual to privacy and protection
of individuals from terrorism and other crime. Policies and practices
are monitored continually by the Government, the Ministry and
the Information Commissioner to ensure the balance is in the right
place and to prevent abuse.
2.5 The CIO Council's remit is improve the
public service delivery by ensuring that the strategic use of
technology and computer systems are aligned to the overall government
strategy as detailed in the Transformational Government Strategy.
Specifically it is:
2.5.1 To act as a focus for partnership between
IT professionals across government, agreeing and implementing
best practice methods, tools and techniques of undertaking IT
enabled business change.
2.5.2 To bring the Public Sector together
by drawing a membership from the wider public sectorcentral
government, local government, and agencies in fields such as health
and policing.
2.5.3 Charged with creating and delivering
a government-wide CIO agenda to support the transformation of
government and to build capacity and capability in IT-enabled
business change.
2.5.4 To balance government-wide agendas
with accountabilities in line organisations.
2.5.5 Take a holistic approach to the IT
enabled change portfolio ensuring where appropriate and possible
the Public Sector does not duplicate the creation of technology
based systems.
2.6 The Central Sponsor for Information
Assurance within the Cabinet Office is accountable for the development
of strategy, policy and guidance appertaining to the protection
of data including Citizen Data. They are also accountable for
ensuring the accreditation of Departmental computer systems and
networks has occurred and that they conform to the agreed minimum
standards of security, availability and quality.
2.7 Her Majesty's Government Chief Information
Officer chairs the CIO Council. His role is to work with departmental
CIO's and those undertaking IT enabled change to ensure they are
aligned and support the Transformational Government Strategy.
In this role, the Government CIO provides leadership to the IT
Profession across the wider public sector, enables public service
transformation through the strategic deployment of technology,
drives the development of shared services and act as the "face"
of UK Government IT both home and abroad.
3. THE TRANSFORMATIONAL
GOVERNMENT STRATEGY
3.1 The Transformational Government Strategy
set out 13 strands of work that are intertwined and need to be
completed if the personalisation of Citizen based services which
are convenient to the Citizen are to be delivered. The strategy
is not a menu of items that can be picked from that suits the
budget, resource or whim of individuals.
For instance:
There is no point in suggesting that we can personalise
Citizen based services if we cannot identify who the Citizen is
without any degree of certainty. The Identity Management Strand.
If we can identify who the Citizen is, then this
is not much use if this basic Citizen Datathat is enough
data to execute a Citizen request within another public sector
bodycannot be shared. The Data Sharing Strand.
An organisation would be foolish to accept Citizen
Data unless they were certain of its quality and provenance. It
would be equally foolish for an organisation to share Citizen
Data with another organisation unless it had some certainty that
the Data would be protected in line with best practice. The
Information Assurance Strand.
And finally to enable greater certainty over
the quality of the computer systems and networks that store and
process Citizen Data it is logical to reduce these to a smaller
number and share them so that greater investment and protection
can be applied to the few rather than spread over the many. The
Shared Services and Common Infrastructure Strands.
3.2 The CIO Council is the body that looks
to ensure that in their departments and in the wider Public Sector
the strands of the Transformational Government Strategy are executed.
October 2007
|