Castlebridge was invited by Digital Rights Ireland to jointly submit a response to the Department of Public Expenditure and Reform’s consultation on a proposed Data Sharing and Governance Bill.
This is not the first time we have engaged in Regulatory consultations of this kind and we hope that the research and insights we provide in the response help shape a more effective system for the exchange of data, not just personal data, through effective Data Governance.
In our submission:
- We put forward an alternative definition of Data Sharing that is an improvement on that proposed by the Department in the initial proposal in that it defines sharing and identifies a number of different categories of sharing that might need to be addressed
- We provide a working definition of Data Governance, which the Department appears to take as a given but which our experience has shown should never be assumed as a point of common understanding in any organisation
- We set out a high level vision for a more effective Data Governance framework for the Public Sector that wil support coherent implementation of standards, the development of a standardised Business Data Glossary, improved co-ordination and standardisation of work practices for Data Protection Officers, and the provision of a centralised oversight and review capability for information sharing and data standards that will support effective and appropriate re-use of data.
- Stress the importance of effective Data Governance in the establishment of trusted and trustworthy data sharing mechanisms, with reference to specific high profile failures on previous Public Sector intitiative such as PPARS and REACH
- Set out clearly the importance of segregation of duties in Data Governance, and the reasons why the Data Protection Commissioner may not be best placed to have a direct involvement in defining Data Governance requirements and standards for the Public Sector given the obligation on the State that the ODPC be independent of Government.
While there is much to be commended in the initial proposals for this legislation, Digital Rights Ireland and Castlebridge Associates share the view that an emphasis on sharing of data as a panacea to Public Sector reform is misplaced.
Rather an emphasis on effective and scalable Data Governance structures that ensure the operation of clearly defined decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods, based on fundamental Information Processing Principles (of which respect for Data Privacy and compliance with Data Protection legislation are but two) will provide a strong foundation for trusted and trustworthy sharing of data in a manner that is easier for the citizen and the public servant alike to understand and engage with.
Given the comments on Public Sector attitudes to Data Protection expressed by the former Data Protection Commissioner, and the litany of issues which have emerged in day to day Public service operations and the implementation of certain high profile data-related changes in the public service, Data Governance is the elephant in the room and this Bill presents a singularly unique opportunity to establish a clear statutory basis to address the fundamentals of Data Governance across the entire public sector, and by doing so support effective and efficient data sharing and measurable Public Sector Reform.