BETA This playbook is in BETA, we think it’s good enough to be useful right now, but there are gaps that need filling – your feedback will help us to improve it.

Description

Encourage take up and adoption of Digital by building trust with stakeholders.

inset-text

Work together to establish the trust frameworks we need to safely analyse and share personal data. This will allow us to better serve our shared customers and reduce the need to ask citizens for the same information multiple times.

DLUCH Local Digital Declaration

Rationale

The public, and local businesses, trust us to handle their data, which is often sensitive. Trust in digital services could be undermined if sensitive data were to leak, or was used for unauthorised purposes.

Despite all of the advantages of digital, there is also a threat of malicious attacks on organisations and direct to the public.  We have a duty to demonstrate that privacy and security is assured when dealing with the council and its trusted partners.

As we collect and share more and more data, we need to continually demonstrate that we are compliant, secure, and acting ethically and transparently.

As more services are delivered using automation and AI we must reassure users that key decisions – particularly those affecting quality of life – are still made by humans. Technology is used to free humans up from rules-based task so they are free to make judgements using emotional intelligence and empathy.  Technology does not take over the decision making.

Sharing data, and digital services, will require that we establish a ‘trust framework’ for Somerset, which assures the identity and behaviours of customers, employees and partners, so that we can provide access to private information and act on information received.

The digital agenda has brought a recognition that data about a person and their circumstances is owned by the citizen, not the council;  they should be able to see that data, and manage their consent about who it is shared with, and for what purpose.

Implications

Trust can be applied to

  • Digital Customer
    • Consent, Digital Identity, owner of data
  • Digital Council
    • Data Protection, Cyber Security, Transparency, Ethics
  • Digital Place
    • Trusted Partners, Digital Ecosystem, Role Based Access

Tools / Methods / Resources

  • Data Protection Impact Assessments
  • Register of Processing Activities
  • Consent Management
  • Identity Assurance
  • Employee Authentication
  • Cyber Security

Maturity / Check List

  • Has a Data Protection Impact Assessment been carried out?
  • Is the service secure?
  • How do we assure the identity of people and organisations taking part?

Last reviewed: July 14, 2023 by James

Next review due: January 14, 2024

Back to top