Modern security and policing requires agencies to share sensitive and secure data across organisational boundaries. The dream is coordinated action that enables each organisation to bring the right resources to bear, moving swiftly and efficiently. The reality isn’t always that neat.
The Criminal Justice Joint Inspection (CJJI) interim report into joint case building highlights just how complex it is to coordinate data sharing. It describes how ‘high aspirations’ have been beset by ‘shortcomings and frustrations’.
This has left the police and CPS struggling with extra work and communication problems. Fixing this has become a national priority, as pointed out by the Parliamentary Home Affairs Committee.
Everyone acknowledges the challenges and already there are many initiatives in place.
However, many of the problems noted by the CJJI’s interim report sound familiar. They echo problems that arise whenever multiple organisations set out to exchange complex, sensitive, critical data.
No system is perfect. Getting it right in when you’re working across complex organisational divides is particularly difficult.
Yet it should be possible to do it better. Here are some lessons that can be applied to data sharing initiatives in security and policing.
It takes more than a shared vision
A well-framed shared vision accelerates a project because it provides a North Star for decision making at every level.
However, we believe that a shared vision is not sufficient for projects which cross organisational boundaries.
From the outset, you also need to understand the differing priorities that each organisation has; the resources that each is able to bring to bear; what success looks like; and the roles that each organisation will take.
A vision isn’t enough. What’s needed is shared context.
Within a single organisation, context is often implicitly understood; if not, it’s easily found out.
But across two or more organisations it’s easy to assume ‘the other folk will handle that bit’. The result can be that one of the parties faces a large, unexpected burden for which it is unprepared.
Once processes have been embedded in technology their impact is magnified and it is harder to change them.
Sure enough, the CJJI report calls out the ‘differing priorities, overly bureaucratic systems (especially information technology) and lack of shared performance metrics’.
The downside of developing a shared context at the outset of a project is that it takes time and investment - more than a usual discovery. But the value is a genuine awareness of the risks and opportunities ahead - and an increased chance of success and overall savings.
Technology is a people problem
IT systems and data are not separate from the people who use them. People and technology together form the system.
People are the most flexible part of the system and often are made to adapt their ways of working to fit the fragile technology. But like any component, people have limits.
They have distractions, other responsibilities, and patterns of behaviour they prefer or need to follow.
Working across organisational boundaries, this complexity is increased. Each organisation brings a cast of different people operating in a variety of different situations, with different bureaucratic pressure.
From evaluating risk, to data gathering, to decision making, to governance: people shape how effectively data is shared. That’s why we believe that good systems arise when users and stakeholders are participants in the end-to-end process.
Systems work best when they’re designed with and around the people who use them.
Create a common data model
Once you understand the context and the human factor you can start to figure out what data transfer might look like.
Each organisation will have its own systems which don’t naturally join. There will be many different points where data needs to be shared.
Rather than build those links as the need arises, you need to design a space in which they can reliably exchange data. Failure to do that leads to systems that are haphazard, unreliable, or simply abandoned.
For joint case building, the CJJI report calls out the way in which one police force has needed to use Microsoft Teams chat to warn the CPS not to open urgent file transfers too soon, as this would cancel the transfer. The IT systems involved have no way of saying when a transfer is ready to be opened.
We believe a common data model is the technical foundation for a solution to advance and reduce risk for these kinds of complex data sharing problems. This covers everything from formats, to processes, to permissions and policies for data processing. A common data model provides a rich description of the data sharing problem and thus gives organisations the tools to manage it and design it.
What sets this approach apart is that the common data model provides a framework that de-risks the process of designing the exchange of data. That provides leaders with the reassurance that every aspect of data exchange has been thought through.
Just enough planning
Complex initiatives like data sharing across organisations are rarely as simple as a single project. They require multiple projects set out in a roadmap that can span years.
Roadmaps fall into three categories.
First, there are the ones where the end goal is so distant and ambitious, and the challenges so complex, that the programme never seems to end. Cost overruns. Deadlines are missed. What’s delivered falls short of expectations.
Second, and just as bad, are the ones that lack any ambition - where there’s nothing but low-hanging fruit and the big problems never get solved.
However, a good roadmap identifies how to move from the ‘no regrets’ quick wins that set direction, through more complex activities that build capability, and finally take that experience and deliver at scale.
Getting the sequencing right is not trivial. It requires a deeper understanding of the problems to be solved than any one specialism can cover; it requires coordination with the plans of all the organisations involved: and as each problem is solved, a little more of the complexity comes into view.
Rather than set out a detailed plan at the outset, it requires governance to acknowledge the difference between short term tactics and long-term strategy and create a roadmap that bridges the two.
And because that’s a constantly changing picture, experts and stakeholders need to come together regularly to plot a route that’s feasible, and valuable.
Conclusion: Joined up services require joined up data
The problems of exchanging sensitive data across organisational boundaries are complex and subtle. Technology can accelerate exchange or add another layer of challenges.
It’s no surprise that these problems will sound familiar to anyone working in this space. There’s no silver bullet or new technology that will make them go away.
Instead, we believe a systematic, thorough, and end to end human centred approach is the best way to minimise the risks and bring the goal of a coordinated, efficient, joined-up approach within reach.