The spate of recent and ongoing high-profile public sector data losses and leakages have elevated the question of Information Management, in its widest sense, to high visibility and high priority. With public sector databases proliferating and data sharing and matching increasing exponentially, all in the name of efficiency and security, the risks also proliferate. With the prospect of the National Identity Register the risk of fundamental identity compromise as a result of information leakage or theft cannot and must not be ignored. The new field of ‘Information Governance’, encompassing identity management, information sharing, privacy and data retention, has become a hot topic.
Following the high-profile incidents, numerous reports have been published and many recommendations made. However, the changes recommended, as with all changes, bring new risks including the risk of introducing more complexity into situations and structures already criticised for being too complex.
Proposed solutions based on greater system integration and complexity ignore research indicating that the results can also be the opposite of that intended because of the increasing incidence and impact of unexpected and uncontrollable side effects.
The political-level alarm brings the risk of hasty legislation and more bureaucracy. Management fears bring the risk of unworkable procedures and ill-judged technology-based solutions, all in the name of satisfying compliance, but ignoring the significant human dimension of the problems.
Complexity and people are the main causes of the problems and seeking to manage information securely by creating a climate of personal liability and punishment without clear and simple solutions is unlikely to succeed. Recruitment advertisements for ‘Information Governance Officers’ have already started appearing. Right now, that job feels like ‘Chief Blame Officer’. Would you want the job? Just say no!