Good Governance - Effective use of IT

Written evidence submitted by William Heath (IT 36)

1. This submission synthesises some discussion from the blog, work by Ctrl-Shift Ltd and work of Mydex CIC.

2. It makes some overall observations on government IT before focussing on the architecture and role of personal data. It envisages a "Big Society" future of more participative public services coupled with reduced expenditure.

Overall observations on cost, efficacy and design of government IT

3. PASC enquires about the overall strategy for government IT including procurement policy and practice. Much has been written about how Whitehall and public services spend too much on IT, and the lack of efficacy, poor value for money and ever increasingly intrusive nature of government's large central databases. The very designs conceived under the Transformational Government policy, in the climate of the "War on Terror", create an environment in which breaches of data protection and human rights law are inevitable.

4. It's true that Government expenditure on IT has been excessive in the last decade. It's the highest per capita spend of any major European economy, approaching the very high per capita spend of Nordic countries which offer higher and far more e-enabled levels of social care. Reasons include large, unmanageable centralised systems, excessive supplier margins, inflexible contracts which exact punitive charges for essential changes. But above all the problem is a deeper and wider failure to ensure government IT is based on the right intentions.

5. It would be a mistake to examine IT, including procurement and practice, in isolation of what public services are trying to achieve and what role public-sector IT plays in information-age society. Talking to officials, other IT experts and suppliers won't be enough; to understand the effects of public-sector IT on people's lives you have to talk to job-seekers, taxpayers, patients, students etc and judge how their real experience of public services measures up against aspirations. This is hard to do but there are proxies: user/patient/traveller associations, feedback services such as PatientOpinion and MyPolice, commercial market research and NGOs such as Citizens' Advice Bureaux.

6. What will emerge is that many major government IT systems are not just poorly designed; they were never designed at all. They were never rooted in an understanding of the individual's journey through life episodes and their interactions with public services. Ctrl-Shift's work suggests that a very high proportion of services failures can be seen in the light of "information logistics": the right person didn't have the right information at the right time. This causes great inefficiencies for the organisation, and is frustrating and disempowering for the individual. But it's solveable.

7. Structured processes and language exist to make it possible for customers to help create effective services. The discipline which understands this best is "servicedesign". It's possible to design and create government IT systems with empathy, but we never did. The public cycle of identifying a social problem, forming political resolve, drafting legislation, procuring and implementing IT based services was never a "service design" process, and turns out largely to have failed as an IT system design process.

8. The final general observation is that to attack government IT expenditure in isolation is to look at one percent of the problem.

9. Amazon or YouGov prove that an organisation taking a smart approach to IT can eliminate large swathes of running costs. Government's running costs are ten times what it spends on IT so this administrative overhead is perhaps 10% of the public expenditure problem. But Facebook, iTunes, Wikipedia and countless other examples prove that you can do quite different things or achieve results in a quite different way with contemporary technology.

10. To assess the impact of public-sector IT on public spend you need to look at public spend as a whole. The big-money question for government IT is what are the opportunities to use contemporary technology in a smart way to deliver core programmes: health, education, welfare, tax, transport, defence. Failure in strategic use of IT costs the UK far more than IT which is merely ineffective or cost more than it should. PASC should if possible focus on the big picture.

The biggest opportunity: personal data

11. The biggest specific opportunity for radical improvement in public services at low cost lies in rethinking the approach to personal data and the opportunity it affords to improve the data logistics that underpin public services.

12. The present approach in government (and across all businesses with many customers) is entirely organisation-centric. Organisations hold personal records, often many times over. We know of no study which maps the full extent of government's holdings of personal data, or which measures the quality of that data. HMRC holds perhaps 1bn records, the typical local authority has perhaps a dozen personal records per resident (with one customer database for each line of service).

13. The theory behind these databases or "customer-relationship management" (CRM) systems was that the organisation that achieves single version of the complete truth about its customers can cut costs, perhaps outsource customer contact, upsell, drive a shrewder bargain and achieve higher profits and overall deliver a complete "personalised" service. Furthermore, customers would like this service, and trust the organisation more.

14. This "organisation-centric" or CRM mindset informed the last administration's Transformational Government policy.

15. The problem is the data never lives up to expectations. The inaccuracies, omissions and duplications are such that it's expensive to operate and ineffective in delivering services. Worse, the process is so annoying and alienating for customers that they walk away from the so-called "relationship" in droves. We opt out of direct marketing, the edited electoral roll, we try to minimise the data we release or mislead organisations with inaccurate data.

16. Mydex' ethnogrpahic research (which we can share with PASC) describes people who are somewhere between depressed and in denial about what happens to their personal data "out there". The more they learn the less they like it. It's the very antithesis of a "Big Society" approach. Government is a substantial and growing part of the problem.

17. The alternative is to add a person-centric model for personal information management which can work with the existing organisation-centric model in a structured and scalable way. Many individuals have mobile phones; most of us are online with access to a computer and the Internet. The person-centric data model sees the individual equipped with structured personal data store (PDS) so they can control, manage and share their data. The PDS has additional capability. They can gain external verification of claims: proof they have a drivers' licence, a passport, are on the electoral roll or have accounts with a given bank or phone company. They are then able to share their data for example with a pre-completed and verified form, or as a "subscribe to me" service that underpins a relationship.

18. An early stage of this is being piloted by several London Boroughs, Cabinet Office and DWP in the Mydex Community Prototype. Full learnings on the technical, legal and social implications of the "person-centric" model can be made available to PASC from February 2011, along with an initial exploration of the implications for government IT.

19. This model of online working which adds a person-centric structure to the existing organisation-centric structure has been called in the UK "buyer-centric commerce" or "customer-managed relationships" and in the US - where much of the original thinking on social networks and user-centric identity on which this builds was done - it is known as "vendor-relationship management" (VRM).

20. The implications of this person-centric architecture for a "Big Society" with participative public services at its core are considerable. First in terms of cost saving when individuals have a convenient and trusted way to help clean the administrative content in records held many dozens or hundreds of times across public services. People will have a "tell them once" service but under their own control and provided at no cost to government.

21. Public services can then be planned and delivered on the back of clean data with clear potential for efficiency. Beyond that one can envisage user-driven journeys, through health, education of job search for example where the logic, the design and function are available from a competitive market of "apps" at the user's end rather than through huge central systems. This puts the energy and inventiveness of tech markets at the disposal of next-generation public services.

22. PASC should consider this possibility and make recommendations in preparation. This is not something which government has to "do"; it's a fundamental change in the personal-data ecosystem for which it can prepare and which it be instrumental in catalysing.

23. There is an analogy, which is the recent history of the "Power of Information" and in changing the government mindset towards public data (I this case non-personal data about things, statistics, numbers, assets, geography). This very promising process drew on far-sighted political will and the effort - often voluntary - of a series of experts over three years.

24. PASC should consider a recommendation for a comparable new "Power of Personal Information" report or programme which looks at how government and the public sector works with personal data. This would examine the potential for what the new person-centric model could bring to the public services mentioned above but also national priorities such as the Census, voting, volunteering, child protection and CRB checks, smart energy metering and the London Olympics.

25. Pursuing this approach might entail:

- a high-level Power of Personal Information study looking at the implications and prerequisite conditions for flows of "volunteered personal information" that are possible with a person-centric model

- cost-benefit analysis or business case by line of public-sector activity

- a test or audit of readiness for each public service to work with the new model

- test of compatibility with existing legal and security requirements

26. Prerequisite also is resolving government policy towards online identity, for example by moving explicitly towards a US-like "trust framework" model (such as was envisaged in UK policy in 1999/2000).

27. Both Labour and Tory manifestos included commitments to start to restore control over personal data to the individual (a sentiment wholeheartedly endorsed by LibDems but omitted from the manifesto probably for reasons of brevity). That is the personal data environment in which future government IT will operate. PASC would do a great service if it focusses government minds on the questions this raises.

January 2011