With its National Data Strategy, the UK government has fired the starting pistol on what could be a whole new era of data usage in the country. The government aims to improve the use of data to drive growth, boost innovation, create new jobs and improve public services. In a previous blog we discussed how to unlock this capacity with a new data operating model. Now, we turn our attention to applying a strategic approach to securing this new infrastructure.
The National Data Strategy looks to build on existing pockets of excellence for the use of data in public services. For instance, data curated by NHS Digital, and serviced through NHS DigiTrials, successfully enabled researchers to discover that dexamethasone can be used as a treatment for COVID-191. TFL, meanwhile, has opened its live travel data via APIs2 to allow developers to create useful services such as online maps and journey planners.
But while it’s possible to list many similar cases, it’s also clear that much more could be done were data to be made more freely available to a broader range of public sector bodies. Estonia is the pioneer in the use of data for public services3, and has won plaudits as the ‘most advanced digital society in the world’. Ninety-nine percent of government services in the country are online, and include services like e-voting, e-residency and e-ID cards that would be considered revolutionary anywhere else.
The UK government is trying to introduce an approach that’s similar in scale and ambition, which shows that it understands the potential of data-driven services to improve the lives of citizens.
Securing data infrastructure
However, as with any innovation, there’s always risk involved, and when it comes to data it’s not difficult to guess that security figures highly. Only very recently the world has seen the potential for bad actors to carry out cyber-attacks on a vast scale4 and we have previously highlighted the five trends that are shaping this landscape. If the government is to ensure that citizens buy into and trust new e-services, then it must ensure that these services are secure by design and when in live use.
The security and resilience of data infrastructure is in fact a core concern for the government and it takes up an entire pillar of the National Data Strategy. Rightly, the government is looking to take responsibility for ensuring that data is sufficiently protected when in transit, or when stored and processed in external data centres.
Some practical measures
For its strategy, the government is looking at a range of tangible steps it could take. Firstly, it is assessing what responsibilities and requirements should be placed on virtual or physical data infrastructure service providers to ensure data security, continuity and resilience of service supply. Next, it is exploring how agencies can determine the robustness of security controls and processes when choosing data infrastructure services. And finally, it is examining the most important risk factors in managing the security and resilience of the infrastructure.
It is likely that a lot of strong, practical measures will come from this work. And it goes without saying that if the UK is to use data more extensively, then industry leading security measures must be embedded from the outset.
This would ensure data infrastructure and service providers meet robust security standards, for example alignment with global standards. Additionally, ensuring that providers make available all certifications and accreditations held by their services or facilities would allow for the security posture and maturity to be identified. This can be particularly pertinent when looking at areas such as the geographical location of where data is stored, processed or transmitted.
The strategic view
However, such matters are largely tactical. What’s needed now, at this early stage in the UK’s plans for ramping up data use, is that equal consideration is given to higher-level, strategic issues. There are several such considerations that should be reviewed as a priority. These include:
- Data Access. How can we develop a pattern for who should have access to data and at what levels? How are these permissions managed and prolonged through the lifecycle of the data? How should service providers automate the lifecycle rights of access to data?
- Data sovereignty. Does the UK government want to ‘own’ the data? Once shared, it is out in the open. What level of sovereignty does the UK government want and need?
- Trust. What is the best approach to building trust in any government-owned data sharing platform? Would using a variety of providers or an independent platform provided by industry be more appropriate?
Answering such questions is fundamental to the broader and deeper use of data in government services and they will help decide the shape and limits of the UK government’s final data model.
There’s a huge opportunity for the UK to leverage data to improve the lives of citizens and help drive growth. But this will only be realised in full if we have identified an overarching security strategy and provide the public with confidence that their data will remain secure at all times and accessible only by those who are permitted to do so.
To build personalised and frictionless experiences that meet citizen needs, security must take centre stage. Accenture’s expertise in cybersecurity and data could help you make the right choices as you unleash innovation and lead with impact. Connect with Mark and Freha on LinkedIn to continue the conversation and see how we could help.