Public agencies that are seeking to gain the public’s trust over the stewardship of data in the digital realm need to invest in that goal
Although we have come to associate the mass collection of personal data with technology behemoths like Facebook and Google, the public sector is equally reliant on the extensive collection, curation, and sharing of the personal data of individuals in order to deliver public services and conduct critical research.
Like the private sector, the public sector also is more reliant than ever on digital technology to deliver services which necessarily involves even more collection of personal data. From your local DMV to your county clerk recorder’s office, to local health agencies registering you for your first COVID-19 vaccine appointment, the public sector requires access to your personal data to deliver needed services.
A 2019 Pew Research Institute study, however, found that public is largely unaware of how their personal data is being used even as 64% of Americans surveyed expressed concern about government collection of their data. And the pandemic crisis has only accelerated the digital transformation of the public sector and thus the need for more data. Prior to the pandemic, less than 20% of government employees worked remotely, and many of the public’s interactions with the government employees were face-to-face, like at your local DMV, for example. Now, the darkest days of the pandemic may be behind us, the public sector continues to adapt to the breakneck speed of its digital transformation to ensure continuity of public services.
Of course, this begs the question: What practical steps can public sector agencies and organizations take to gain the public’s trust in regard to its collection of personal data?
There is one clear answer. The public sector needs to invest in transparency, data governance, and a digitally trained workforce — and soon.
Investing in transparency
Just as private sector companies are being asked to make adjustments with respect to data collection practices, public sector agencies and organizations are making better efforts to inform individuals how their data will be used. For example, when a member of the public submits a form online, he or she should be told if their data will be made available for academic research purposes. And while the legal basis for public sector data collection is founded upon a mandate to deliver public goods (in contrast to the private sector, which is often based on companies’ business interests) the legal and ethical imperative for individuals to be informed about how their data is being used remains the same.
Government agencies and public organizations need to be investing in the tools that will allow them to deliver timely privacy notices, particularly when individuals are receiving digital public services perhaps for the first time. This alone may be the single simplest step to take when building trust with the public in the digital realm.
Public sector organizations, including academia, should consider going a step further by highlighting in privacy notices clear statements detailing the public interests that are being served through data collection, data sharing, and research efforts. Individuals should be provided with enough information to understand how their data is being used to serve a wider public interest as this will increase the individual’s understanding as to why their data is being collected and why it is important.
Investing in data governance
While transparency is critical to enhancing trust in data collection, answering the question of how data is handled is really paramount to retaining that trust. As government agencies continue their digital transformations into 2021 and beyond, elected officials need to ensure that they have allocated the appropriate resources to properly invest in data governance infrastructure.
Data governance allows public sector organizations to employ the people, processes, and tools required to effectively utilize and protect the personal data they are collecting in greater volume from the public. To support the public interest mandate for collecting personal data, public sector institutions should ensure accountability protocols that govern when data is collected and shared, how it is collected, who can use it, and under what circumstances.
By investing in data governance in this manner, elected officials are investing in the protection of the very data of which they are the ultimate public stewards.
Investing in a digitally trained workforce
With a foundation of transparent data collection and appropriate data governance, the final step to securing public trust is ensuring there are resources available to adequately train front-line teams to handle personal data securely and responsibly.
A recent joint study conducted by Stanford University and security firm Tessian found that as many as 88% of data breaches could be attributed to human error. These teams play a fundamental role in preventing breaches caused by common digital mistakes, but that is only one part of their role.
Equally important is training them to know how to react if an issue arises. Do they know who within the organization to contact? Or, what to do if they suspect a cyber-incident has occurred?
Pivoting to remote work and digital service delivery in the public sector has required new skills and training to support continuity in the safe delivery of digital public services. Training initiatives such as establishing information security awareness weeks, refreshing training modules, and creating role-based training for front-line digital staff are all key investments that should be expanded and continued.
Going forward, investments in transparency initiatives, data governance infrastructure, and a establishing a strong, digitally trained workforce should be the top priority of any government agency and public sector organization involved in the collection of the person data of public citizens.
In a multi-part series, Privacy by Design, author Leslie Stevens looks at privacy and data security issues at corporations, government entities, law firms, and tax & accounting firms.