Recent announcements by two government agencies, the HMRC and the Health and Social Care Information Centre (HSCIC), regarding the sale of information has thrown a spotlight upon government information and the attendant debates of privacy verses exploitation. What is the ownership of information collected by the state? Held in trust for the citizen, or seen as assets like 3/4G mobile phone licences to be sold by government to the highest bidder? Or should all government data be treated as open data that is made freely available to all?
Government information is gathered in a number of ways, by legal requirement and from its nodal position within networks. Data, then, may not be provided willingly. The willing provision of information is governed by the concepts of notice and consent. Consent is given by the citizen having the right to know why information is collected and for what purpose, and is supported by the right to withhold agreement. Without this procedural fairness, the use, and sale, of data can fatally undermine trust in the data collector.
The sale of public data is not a new phenomenon brought about by the clamour for “Big Data” or the development of database services like Hadoop; indeed the trend for the sale of public data may be seen with the sale of the edited electoral register under the terms laid down by the Representation of the People Act 2000. The sale of personal address data, for those who have not opted out (and the sale of all data to Credit Reference Agencies), is now well established and has fuelled the direct marketing industry, allowing large numbers of companies to purchase and exploit information. Consent is assumed with a default opt-in, the citizen having to actively request that their information is not sold. The principle established then is that data accumulated by the state is an asset of the state, and may be disposed of as such.
Turning to the recent examples of the proposal to sell some HMRC tax data, described by Conservative MP David Davies as “borderline insane” and the currently suspended care.data plan under which the HSCIC will make data available to a range of organisations, or customers in the language used by the HSCIC, meeting the wide ranging description of “academics and universities, healthcare commissioners and providers, third sector organisations, information intermediaries and commercial organisations including life science companies”. These groups can purchase, and a detailed cost schedule is provided for, what is described as “De-identified data for limited disclosure or access – data that has been through a process of pseudonymisation, however there remains a risk of individuals being identified”.
The question turns to who owns personal data; that is the data likely to infringe privacy, and is this still considered to be a state asset? At first glance medical, social care and financial information would appear to be central to the definition of the private realm, especially when combined with name and address. However does this still hold when the information is pseudonymised? How secure is a pseudonym, could the data still make the individual identifiable; for example how many individuals with Crohn’s disease and one child live within a given postcode? The exact nature of the information and the ability to cross-correlate data can lead to individual identification.
In all of these examples, it can be seen that government treats the information at its disposal as an asset which it owns outright and can sell within the bounds of data protection legislation, if it so chooses. In taking this step, the government assumes the best use of this data is to sell it to a small number of selected users, rather than releasing the information wholesale.
The voluntary sharing of what would otherwise be considered sensitive or personal data has been commonplace since the introduction of store “loyalty” cards. These cards act as a method of exchange for personal details, for example basic demographic information (including name and address) together with a detailed transaction history allowing the store to determine the spending habits of the individual and of a cohort of similar individuals; (Rust, et al., 2010). People are happy to voluntarily part with some personal data as part of a transparent process, where there is an obvious reward and where they may consider themselves to be in control.
The Government approach is somewhat different; it appears to take the view that information its asset to be disposed of as it sees appropriate, in what is perceived as the national best interest. This is a case of acting without procedural fairness, which as can be seen from press coverage, results in a fatal loss of trust.
So, where does this leave the question of the sale of information? The issue that government must address is the conditions and terms for the release of data; and it must take the public with it on this journey. A keystone in this debate, government must determine whether it sees public information as a saleable asset or as a national resource. Transparency regarding the state’s attitude to information that it holds is crucial to popular support for either open data initiatives or the treatment of information as an asset. This transparency must include an understanding of the value of the information.
Tom Barrance is a part time Doctoral Researcher looking at Gov 2.0 in UK Local Government, and a full time Business Analyst/Project Manager at the London Borough of Hackney. He has worked in the public sector for the past 13 years, at a number of different local councils in a range of roles in Economic Development, business change and delivering ICT solutions.