IG practices and best practices in the French public administrations context
In France, the IG domain is growing. Serda Group initiated an annual study to profile the IG practices maturity in public and private entities. The 8th Annual Report (Serda, 2019) reveals relevant findings on major developments in information practices in this regard. Conducted among 410 organizations in France, this survey confirms that interest in IG is growing and that the main issue of digital information management is access to information resources and knowledge of the organization. A significant 85% of participants from the public sector prioritized data access and knowledge sharing control as key concerns. In contrast, the main obstacle was the lack of commitment of the public entities in this respect. The lack of knowledge of this domain was further mentioned. Around 55% of participants stated that managers are not sensitized to IG issues, around 50% think they lack knowledge on methodologies, and around 47% claim the managers under-estimate potential risks that could arise in the absence of an established corporate IG approach.
Other initiatives have been proposed in French public administration. More specifically, three relevant tools were proposed to help public administrations systematically and securely manage their data (Naud, 2019)
- • Octave, which allows the archivist, after import, to process and manually modify file tree structures (deduplication, selection, deletion, merging, classification, renaming) (France Archives, 2020)
- • Archifiltre, a tool for appraising structured data on the basis of a visualized file plan (Digital Factory of Social Ministries, 2020)
- • Vitam, which allows building and manipulation of archival tree structures and editing of metadata, has import (SIP) and export capabilities (as disk hierarchy or in CSV form for file plans), and can process office files or mail containers (Programme Vitam, 2020).
However, in the French context, the multidimensional IG vision is still missing. The policy is not articulated clearly to make sure that all services, such as rhe tools mentioned previously, are well synchronised. The public administrations are, however, more sensitized to invest in such approaches.
IG practices and best practice in UK public administration
In 1984, the UK enacted data protection legislation to protect and provide personal information rights for digital data. In 1995, KPMG, working from London, published a report which fore-fronted the place of information as an asset thus changing corporate and public sector perceptions on the place of information in strategic planning (KPMG, 1995). Recognition of information as an asset assisted in raising the responsibility for its protection to the board level. In the same year, the EU’s Data Protection Directive required the EU member states to implement national legislation to protect personal data (Directive 95/46/EC, 1995). Thus, the UK developed and refined the legal requirements for managing personal data. In addition, the British Standard on information security (BS7799), now ISO/IEC 27000 (International Organization for Standardization [ISO], 2018), was published.
Compared to many nations, the UK was slow to provide legislation to enable access to public sector information. The Public Records Act (1958) did provide for the protection of public documentation, but access was normally delayed for 30 years. In 2000, new access legislation was enacted (the Freedom of Information Act 2000), and this changed the balance of power between citizen and state in terms of information management. The legislation required public sector organisations to have publication schemes showing their structures in terms of creation of information to establish records management programmes, under a Records Management Code of Practice (Lord Chancellor, 2009), and to provide timely access to information requested, subject to any exemptions.
Parallel to enactment of the UK freedom of information laws, the EU developed requirements for providing access to environmental information. The requirements extended the reach of access, not only to public entities but also to the third parties delivering public functions. It is to be noted that in the last 20 years, the UK has changed the divisions between public and private delivery with the development of public-private initiatives (PPIs). Within this context, there has been a public expectation for certain citizen accountability.
In 2010, Lomas (2010) published an article with a UK lens that made the case for information security and records management to work together under the IG umbrella. The most overt UK recognition of the value of multidisciplinary IG frameworks has and continues to be within the frameworks in place to support the UK’s National Health Service (NHS). The NHS was quick to adopt the concept of IG and to develop and deliver an Information Governance Toolkit in 2003 bringing together compliance requirements from across the health and social care sectors (National Health Service - Department of Health, 2017); it was replaced with a Data Security and
Protection Toolkit in 2018 (NHS Digital, 2018). Lessons learned from this model have been cascaded across national and local governments, with many regions developing IG framework documentation.
Across the UK, there has been an increasing push for openness. The Open Government Partnership has been pushing this agenda framed by an Open Government Manifesto (Open Government Partnership (2019). It considers not only access rights, but new implications for ownership as well. Within the UK, a University College London (2019)-led project entitled MIRRA (Memory-Identity-Rights in Records-Access) has been pushing for new standards for access to records for all care-experienced persons who participated in the creation and ownership of their records through time. As a result of these concerns, ethical considerations implicit in an IG framework are increasingly discussed in terms of balancing organisational and societal concerns.
More generally, there is work on reusing and gaining value from data through time. This relies on IG frameworks to ensure data quality, but in addition to consider the rights and risks to those whose data may be harvested. Initiatives have been developed in this context to manage the issues; for example, the Local Government Association has considered data quality rights and usage in the context of data lakes developed by public administrations (Local Government Association, 2019).
Information and data as assets are now well recognised in the UK with the complex dynamics of citizen delivery and public responsibilities at the fore. Practical tools for identifying and managing information assets properly, such as information asset registers, have been shared (The National Archives, 2017). While not uniformly in place, IG represents a key framework tool to ensure this delivery.