The big fuss in parliament over the lost DNA disc is about the risk to the UK public, as a result of vital information on criminal activities having been ignored.
It's the latest episode in a series of lost information catastrophes in government departments.
And there is a blame-game going on that may or may not get to the root of the problem: the need for effective Information Governance.
In this latest case, last year the Dutch Police sent a disc with 2,000 DNA profiles from crime scenes to the Crown Prosecution Service, to be checked against the UK's database. But the checks did not start until this month - and so far 15 matches have already been found. The Police are now urgently looking for the matching individuals suspected of serious and violent crimes.
What was the systemic reason for the failure? Is it true that the information was left in the desk of an official away on sick leave?
There is a parallel here with lost information in Financial Services, resulting in heavy fines and/or significant financial risk - and also financial losses for the UK public.
Even though every case involves Information Systems & Technology (IST), this is not about IST as such. It's about the overall system, the organisation, and the management of information; in fact it's about Information Governance.
Unfortunately, Information Governance in current parlance has a restricted meaning, in referring to the security & compliance issues. But this is only a sub-set (albeit a critical one), of a deeper need - the management of Information Itself in business organisations (as opposed to the library setting). This is what real Information Governance in business organisations is about!
It's similar to COBIT (Control Objectives for Information Technology), being wrongly described as IT Governance. It's not. Or at least, it's a restricted, security & compliance view of IT Governance (for a book on real IT Governance see Peter Weill & Jeanne Ross).
This is a fundamental problem with IST - too many misnomers!
It's a bit like Humpty Dumpty, who said "When I use a word . . . it means just what I choose it to mean". But getting back to Information Governance:
- Is Information Itself a strategic resource?
- Does it need to be managed as a strategic resource?
- Would this make a difference to the type of losses mentioned?
- What are the principles of Genuine Information Governance?
- Information is a strategic resource - and it needs to be managed as such.
- There needs to be a specific responsibility for managing Information Itself.
- The responsibility for managing Information Itself must include that of managing Information Overload - InfoLoad - and its consequence of vital information lost & buried.
- Information relevance is the paramount need for managers and organisations - and the primary goal in all information.
- Information quality is dependent on the data from which it is formed - data quality.
- Data quality - and security - is largely dependent, first, on the business process (has it been mapped collaboratively end-to-end to make it rapid & reliable?), and second, on the IST that supports the process.
- Effective business process has seamless linkages both internally and externally to the organisation.
- Optimising Information Net-Value (the value of information less its real & total cost), is the basic aim, in conjunction with information relevance, of Information Governance.
- An Information Architecture, defining & describing (a) the main elements or entities of information, (b) their linkages across the organisation, (c) where the information elements reside and where used, and (d) the external interfaces, is mapped out and managed.
- Security-sensitive and critical information needs to be tagged as such, in some form.
And it might be concerned with Information Lifecycle Management, Business Process Management and Customer Relationship Management in terms of principles & policies, but not the detailed technology or practice. Again it's governance, rather than management.
Any comments?
No comments:
Post a Comment