At the end of 2015, there was a project in the Government Digital Service about the structure of data. There was open.gov.uk, where the data was quite unstructured. The consumer had to wrangle it into the form they needed. In the legalisation, there were hundreds of thousands of mentions of registers – datasets that different departments and minsters needed to keep. The idea was to publish these registers of things government knows.
One core principle: these are owned and maintained registers. This makes them about governance – about making sure that there are people in positions of power with responsibility for them. You can’t spread the decision-making around – it has to be a named individual. There’s been some work done by the Open Data Institute in the last year about collaborative ownership models.
How do we go about structuring that data in a usable, frictionless way? Startup companies just build APIs to capture and share this data. Existing businesses tend to spend ages thinking and talking about it, and then wrangling round it.
An aside on cybersecurity
Are companies doing enough to protect themselves from cyber-attack? It appears not. Government might have to eventually regulate, if companies don’t start spending enough on this. The SSL encryption methods work around the idea of “trust but verify” – because SSL certificate issuing bodies have been compromised. If it’s all logged, you can track what happened, and spot bad actors.
Register discovery and maintenance
Is there a list of all the registers? If so, where can you find it? There is a list of GDS ones, and that is still maintained. However, not all the ones on that list are being updated. If they’re no updated, it creates pain – the user needs to be able to manipulate the register to use it. For example, the FCO haven’t been quick at updating the countries register. Once you encounter that, it erodes your trust in the other registers.
It’s really hard to discriminate between maintained one and unmaintained registers. Can we actually trust them at all?
GDS was very ambitious in what they did – and there’s a lot of interest around government in the registers – but everything is still focusing on that central team. There needs to be a democratisation of the registers, so people aren’t dependent on GDS. If you’re doing data in government, you need to have registers are part of that. Then it does become devolved.
Somebody needs to have the stick to make sure registers are updated. The stick might already be there legislatively – but people are unaware of it, or unwilling to use it.
What is the best way to maintain a register?
Could it be the ICO? No – because the policing and maintaining department should not be the same. The authoritative source of the data should be responsible for it. The places where the register is used in their services are the best at updating the registers. So, it can’t be a sidecar – the register needs to be the data, not a copy off to the side. Then you have to update it, because you’re using it all the time.
There’s a big appetite for them – but there are issue around governance and tech.
Do we need a greater consistency of approach to data as a core part of infrastructure? Yes. Too often the domain expert ends up retreating to their spreadsheets, because the infrastructual elements aren’t under their control enough.
DCMS is now responsible for data, not GDS. But the infrastructure ownership hasn’t been fully sorted out since that change. This is the sort of thing that needs to be going into the national data strategy. All the ethics and sociological work is great, but you also need the technical underpinning.
— ODI Cornwall (@ODICornwall) November 3, 2019
Is there some issue with the technology? Can one structure work for countries – which are only very occasionally created – and companies – where thousands are created every day? Registers, as currently defined, certainly work better for things that don’t change every day. That might change in the future.
There’s plenty of enthusiasm still amongst many of the data owners – but the lack of knowledge of who uses the data is a problem. Some data sources are in use every day without the owners being aware of it. We need more evidence of use. There are different kinds of users – it’s not just people out in the community, it’s people within government, too. There’s a lot of invisible use inside and outside government.
Northern Ireland is taking registers very seriously – with plans to create and use more of them.
We’re in the long, deep dark teatime of the registers. But people are still maintaining (some of) them. We need to make more noise about the users, the uses and the values. But perhaps the open data movement needs to make more of a campaigning effort to celebrate and promote them.