The chorus of people calling for personal "data sharing" in the public sector seems to grow by the day. Yet rushing to propose "data sharing" is to start in the wrong place. If "data sharing" is the answer, what was the question? I guess it's something like "How do we ensure the right people get the right access to the right information at the right time – with the knowledge and active consent of the individual who it's about?"
Yet "data sharing" is a poor answer – a toxic atavism from the analogue world, rooted in the era of typewriters, triplicate carbon paper and filing cabinets. From a time when the only way to provide multiple people and organisations with access to information was to make copies and share them around to everyone who might need them. All too often "data sharing" seems to have become the lazy sticking plaster of habit to cover up more systemic problems – such as the dysfunctional organisational structures and processes involved with looking after some of the most vulnerable in our society.
The digital era has rendered this idea of slopping our personal information around to everyone in case they might need it both redundant and dangerous. It would be a damaging mistake to allow this paper-era model to persist. Better solutions exist, relying upon trusted, canonical sources of well-secured data retained under appropriate governance arrangements by their owning organisations or individuals – but where those appropriately authorised are able to obtain timely access. This model can also facilitate legally governed exceptions, enabling access to appropriate data without their owner's knowledge and consent during the likes of criminal investigations.
Even better, we no longer need to run the risks associated with directly opening up raw personal data. It's more efficient and secure to simply affirm an attribute ("Yes, this person is over 21") rather than to start slopping their personal data around. Once data bleed from their original legal repository, governance becomes significantly more complex, with control over how such data are protected moving outside the domain of the original controller, multiplying issues of data security, integrity and accountability. Data rust quickly unless they are well maintained, one of the reasons for UK government policy that users should have access to, and control over, their own personal data.
The assumption that personal data silos are in themselves impeding better public services is a dangerous myth: such silos can authorise appropriate access to data (or data attributes) where there is a well defined need. There are good security engineering reasons for intentionally designing and maintaining personal data in silos, including ensuring that the compromise of one silo (by either insider attack or external adversary) does not contaminate others.
The pressing task now is to refine and implement this digital-era data access model. Doing so will also support better, data-driven service design, helping to transform broken organisational structures and processes. It's time we put the idea of "data sharing" back where it belongs – in the museum of typewriters, carbon paper and filing cabinets.