What’s new?

A Warning to Local Authority Chief Officers on Information Management and GDPR

In the dim distant past, the UK’s Office of the Deputy Prime Minister (ODPM) set targets for e-Government. Those of us in the know looked on in horror as one local authority after another threw themselves at the feet of IT suppliers who could tick the ‘priority outcome’ box for them. The figures for the e-Government programme speak for themselves: UK local authorities ‘invested’ £3.90 billion but realised just £0.97 billion of savings.

From 2004 onwards, I was one of the few who dared to thump the table about the dangers of ‘point solutions’, arguing instead that government ought to be steering a course that would deliver regional IT service centres, with their own regional transformation teams, delivering truly joined-up, citizen focused services across multiple public sector agencies. Sadly, the nuts and bolts were the least of the issues, it now being apparent that too many local authorities lacked the skills required to deliver truly strategic governance. Central government was no better and whilst there were clearly a number of individuals who did understand the pitfalls, they were silenced by the lobbying clout of major suppliers who knew that chaos was more profitable.

And so the cycle begins again, this time with Digital Transformation which appears to have even less strategic governance focus than its e-Government predecessor. Cloud services may have reduced capital costs but too often local authorities commit themselves to hybrid environments that are not sustainable and, in some cases, just don’t work. Business managers with little or no skills in information technology and information management are tasked with delivering solutions without any of the strategic governance that prevents long term issues… and costs.

With the looming deadline of May 2018 for GDPR (General Data Protection Regulation) compliance, we will see yet more local authorities handing off responsibility for compliance to their IT suppliers, missing the reality that, if the solutions are not strategic, the costs will escalate to the point where they become unsustainable… except that, this time, local authorities won’t be able to rip out their GDPR solution and write it down to experience. If local authorities are already failing in basic records management, what chance have they got with GDPR? Yes, it’s also about organisational structures and processes but if you don’t have governance that’s driven by all of your core strategies, you’re essentially blind to the longer term challenges and risks.

Chief Officers are running out of time to ensure that they have the required skills onboard to navigate a safe passage without falling prey to the myriad of IT suppliers who will be only too happy to provide their solution. Step One: is to accept that GDPR, and Information Management generally, has to be a board level issue. Step Two: is to make sure that is stays a board issue by appointing a CIO. Step Three: is to move very quickly; there are very few individuals in the UK with the requisite skills and experience to make this happen.

You’ve been warned…

David Gale is a consultant CIO, Business Transformation Director and Enterprise Architect and has briefed over six hundred local authorities across EMEA, as well as Ministers and senior civil servants of fourteen national governments. He is the originator of the Strategic IT Framework and TADAG (a component of which spawned OpenID).

TADAG – a 21st century vision for the internet

One of the central questions of our time is how to make the internet safe whilst providing citizens with the capability to view and control their data. tadag represents a paradigm shift in information management and security and provides an architectural framework that can secure the internet and radically improve service provision, whilst protecting vulnerable members of society.

David Gale is the originator of the OpenID concept now found on over one billion computing devices worldwide. OpenID uses only one small component of tadag. Find out more about David Gale’s architecture for a 21st century internet at: tadag.com

Not every cloud has a silver lining…

There has been much furore of late about Cloud Computing, the focus becoming so intense that we are well into Emperor’s New Clothes syndrome, as organisations leap towards something they think ‘have to have’ without necessarily understanding ‘it’ or the consequences. Whilst there are plenty of examples of organisations that have benefitted from off-loading their IT infrastructure, the fledgling public cloud industry has unsurprisingly done little to highlight the downsides.

Let’s take a step back for a moment and, instead of starting with technology, look at people and their need to access information. For most organisations, people and information are their primary assets. Without unfettered access between those assets the organisation will lack efficiency and flexibility and may even grind to a halt. We have already seen the product of a lack of strategic architectural planning in large organisations where islands of information are not joined to provide a single 360 degree view of the customer. The customer suffers. In organisations with multiple services and scenarios where multiple organisations have to collaborate around the delivery of a service, joining up information from multiple disparate systems becomes a day to day necessity. In these cases, it would be right to ask a few basic questions before unhitching my corporate data centre. I had better be very sure that:

  1. the available cloud-based applications are the right choice for my business
  2.  I have access to my data without being bound by restrictive licence terms and conditions
  3. I am legally permitted to offload the storage of sensitive information to a third party
  4. I am happy that a third party has control over one of my primary assets
  5. my data is not locked away inside an application over whose development path I have no control
  6. I can securely share my data with people, other organisations, and other applications
  7. I can respond rapidly to changing business needs without having to buy an expensive add-on to a monolithic application every time my process needs to change
  8. I can push and pull information as quickly as I need to
  9. I don’t have to pay an application licence fee just to access my data
  10. all of my data is in one place and is structured in a way that is flexible enough to deal with network outages and any number of changes to my business processes that might be required… forever.

The above list is far from exhaustive but it does serve to demonstrate that unless you are the manufacturer of a single widget and you’ll never have to deal with anything more complex than selling and producing your single widget, you might want to look at the alternatives to hosting in a public cloud. Certainly, there are many advantages of cloud computing that can be brought into your data centre to deliver your own, very much more flexible private hybrid cloud. In a private cloud, you can mitigate the lack of flexibility by mixing old with new. Not everything has to be in your cloud. The important point being that you have control.

We’ve done some informal research of our own on the new wave of public cloud offerings. Without a doubt, there are some stunningly talented and innovative technologists out there but, in our experience, very few of them are customer-focussed in a way that makes them accountable. Even fewer can begin to understand the culture, the processes, or the information needs of their larger customers. They are focussed on rapid growth. So, as with internet hosting companies a decade ago, if you’re unhappy, they will only bend so far before concluding that ‘there’ll be another customer along in a moment’.

Lastly, for large, complex organisations, particularly the public sector, there is an even more fundamental question with which to conjure. Public cloud computing exists to make money. With some providers making up to 30-40% margin, why would you want to sell off the family silver of shared services when a public sector owned private cloud, delivered on a public sector network would bring national savings of £billions? We’re back to building a Strategic IT Framework that focuses on people again…

David Gale

Tactical vs Strategic

For the record, as well as a background managing blue-chip corporates for companies like IBM, I’ve also had 22 years in professional motorsport. The motorsport involvement perhaps changes my perspective. Whilst mid-season, one has to work around design deficiencies to find the two tenths of a second that makes the difference between 8th and pole position in qualifying, there is always an appreciation that close-season design is the cornerstone of a sustainable, competitive advantage.

In the UK, the business-driven (sic) focus of Government Connect (GC) is in danger of contracting the same malaise that affected ‘Priority Outcomes’ set centrally for Local Government organisations. Someone sets a business objective with a short-term timescale, money is thrown at a tactical solution, the realisation dawns that it’s not sustainable, and the business case collapses. In the case of GC, one has to wonder if the technology strategist is again being disregarded as a mere mechanic. For sure, there is an understanding of federated identity management within their technical team, but it doesn’t sound as though anyone’s listening. It’s a bit like trying to overcome a handling problem with expensive new suspension components, despite having been told by the Design Director that it’s the chassis that is at fault.

There is not necessarily an issue with delivering a small proof of concept in an area like ID cards that demonstrates the business benefit, so long as the tactical technology solution is replaced by a sustainable architecture. But that doesn’t seem to be what’s happening. Brown field, dirty solutions are in danger of becoming the technology solution, severely impacting the long-term business case, because no one understood the significance of technology strategy.

The days of allowing the business to run around implementing business solutions, without any governance from those delivering the technology strategy, need to end, right now. That mentality has already resulted in dozens of ‘point solutions’ being deployed into local and national government, making it difficult and expensive to join up. Let’s not kid ourselves, many of the suppliers know full-well that there is a better way, but continue to foist point solutions as a means of tying in the customer and maximising revenue.

If the technology is ever to be aligned with the business need, we need the Design Director to be committing the team to the longer term delivery of a new chassis. In this case, our ‘new chassis’ will move away from the organisation-centric technology architecture, putting the customer at the centre of: security, authentication, identity management, and records management. Done like this, issues like civil liberties around information sharing disappear, because the customer is given control.

Whilst we continue to tolerate performance managed, career objectives of civil servants and suppliers being allowed to jointly promote the delivery of tactical solutions, we are, I fear, on a hiding to nothing. To paraphrase a couple of recent quotes:

“I don’t care about strategies, I’ve promised Gordon Brown that he’ll have a solution within 18 months, and I don’t care how brown-field or dirty it is” – Senior Civil Servant overseeing the development of Government Connect.

“Yes, a strategic framework is the obvious way forward, but that would need 4 engineers rather than 40. I have shareholders to answer to. What would you do?” – MD of a well-known FM outsourcing company.

We will continue to communicate ‘within’ central government to assist those that do understand, but I suspect that they will be sidelined, being categorised as mere mechanics, so that their strategic vision doesn’t impede the tactical solutions upon which the career progress and profits of others depend. No, I conclude that the only way to resolve this is to change the culture at the top. If that means delivering communications to a wider audience that prompts them to ask awkward questions of their government, so be it.

We have a saying in racing: ‘everyone wants to be a racer, but no one wants to go fast’. So, if I stray outside of your comfort zone, tough. If I come across as brusque and abrasive, that’s because I am. I’m only interested in winning the race that delivers sustainable transformation, otherwise I lose my citizen sponsorship deal…

David Gale
March 2007

What the customer really wants…

From all of the discussion around ‘take-up’ and the associated gala dinners, one might justifiably conclude that the e-Government tick-boxes actually achieved something that’s worth monitoring. True, if there are volume enquiries that usually come in by telephone, you might want to streamline the process, or even encourage self-service, so that Middle ‘upwardly-mobile’ England can arrange their bulky waste collection via SMS, in a brief window between their busy, scheduled morning appointments.

The reality of practical experience of delivering multi-agency, integrated services through a ‘Neighbourhood Base’ is somewhat different. In 2002, the City of Derby (UK) embarked on a pilot neighbourhood office, with a ‘Derby City Partnership’ community manager coordinating integrated service delivery, alongside elected representatives, delivered either through area panels, through the neighbourhood base, or directly into homes.

The results of the pilot led us to categorise service requests in three ways, when architecting a strategic IT framework to enable our transformational agenda:

Category 1 – single service, simple process (probably already mapped), the majority anonymous (GC, please note), ripe for CRM / back office integration

Category 2 – multiple service or agency, simple processes (again, probably already mapped), equally ripe for CRM / back office integration

Category 3 – complex enquiry. Real example: I’ve had a fight with my wife, she’s locked me out of the house, I’m sleeping in my car, I’ve lost my job, I don’t have access to my kids and, by the way, I have mental health problems

The category 3 enquiry is typically the type of case where councillors, the police, the voluntary sector, and community managers, can use their experience to take a stab at which agencies need to assist. In technology terms, it’s actually the easiest to deal with. A paragraph or three of narrative text, with an ability to check box select a number of agencies, pushed out through the integration hub, auto-generated multi-agency collaborative workspace, linked to automated business process workflow, with responses monitored by CRM.

You’d expect, wouldn’t you, that category 3s are few and far between. After all, we’ve all just been through a process that encouraged us to deliver bulky waste and abandoned vehicle solutions, and we’re just itching to measure the take-up.

The shocking result of Derby’s research is this: guess what percentage of  enquiries that were received (and thoroughly documented) at the neighbourhood base in the first two years were Category 3?


That means that delivering the benefits of e-Government into disadvantaged areas isn’t about joining your front office to your back office on simple processes. The most vulnerable people, who use most of the most expensive services, need MEDIATED, proactive engagement before their needs become critical. So, the focus should be on providing enabling technologies for community-based service deliverers AND the voluntary sector. It’s about taking complex human issues, making sure that they get to the right people in the right agencies, ensuring that those agencies have a consistent view of any information that relates to the customer case and, most importantly, allowing agencies to monitor where each other is up to in the resolution of that case.

Now that really would be worth a gala dinner…

David Gale
March 2006

Protecting your business transformation vision

Getting Information Technology onto the agenda of any board has to be recognised as an achievement, but too often it happens solely on the back of a specific business requirement, and without the context of a clear strategy for IT.

The costs of this approach are seldom obvious up-front, with business cases being delivered on a ‘point-solution’ basis. Few organisations are considering the longer term costs of integration and, worse still, no one is asking about the sustainability of their point-solutions, in a world where there is an increasing requirement to ‘join-up’.

For example, UK Central Government has focussed on setting business-specific targets for the delivery of e-Government. As a result, millions of pounds of public money have been poured into the delivery of point-solutions that were never designed to join-up. IT suppliers too must shoulder a proportion of the blame; in many cases, providing supposedly ‘open’ interfaces, on the back of proprietary application architectures, that lock naïve customers into a never-ending requirement for ‘modules’ and ‘customisation’ to extend and integrate the capabilities of their business systems.

We’re already seeing the effects of this, as organisations that took the applause for early adoption of ‘e-Government targets’, are now faced with spiralling maintenance and integration costs. Those responsible for this charade will move on, but UK tax payers will get to pick up the tab for years to come. This is avoidable, but not without a strategic vision and framework for the deployment of IT in your organisation.

Far from trying to “consume an elephant in bite-sized chunks”, we need to build our elephant. Without a vision of the animal that we’re trying to create, we’re in danger of delivering, not an elephant but a giraffe, or worse still, some weird hybrid that survives only for a few moments when released into the wild.

That the Strategic IT Framework should evolve in England is no coincidence. Organisations are beginning to realise that, to make sense of it all, they need to start with an over-arching, customer-focussed vision, delivering a range of generic services from a Strategic IT Framework.

David Gale
May 2006