I have Googled (other search engines are available) the terms “governance”, “information governance”, “data governance”, “governance framework”, “data protection principles”, “GDPR section 6/9” so many times in the last five years, and that was before I even officially worked in Information Governance (IG).

My take on IG is “write it down”. What do you want to do, why, and how? This is for everything: Data Protection Impact Assessments, application forms, protocols, Standard Operating Procedures, working processes, data-sharing agreements, and so on.

That’s all it is: write it down.

Is it really that simple?

The exciting bit (stay with me) is how we get to the point of writing it down, that’s the problem solving. Warning: I’ve only been in the data-linkage/research part of IG, so my experience is researchers wanting to do new things with data.

There’s so much going on in this sphere right now, and it all needs writing down. For example, eDRIS and the National Safe Haven are pioneering some work on de-identifying image data to be used for research. The HDR UK programme is bringing about federated health data access, and investigating how research data can safely be shared with new organisations. The DARE UK programme is expanding how digital environments can be prepared for the future. The ADR UK programme wants to get data (other than health) to be utilised more efficiently for the public good, which involves engaging data controllers who have never even thought about the research potential of their data.

All of these things need someone to ask the key questions and write down the answers. Once it is written down, we can refer to it and makes things clearer. You can still amend it – governance can be flexible – but if you have nothing written down in the first place, how can you know you are all trying to do the same thing?

My early steps – realising the value of data

I started my career in a bank, HR actually. After a bit of travel and studying, I ended up in a few analytical roles in a policing organisation. Governance is pretty different there - a mix between analysis on the fly for short-term problems, and some longer projects to help through those first few years of austerity. I was lucky enough to observe some front-line shifts: response officers dealing with young gangs; custody staff experiences of arrestees drinking the hand sanitiser (I often thought about that during COVID); traffic night shifts in super-fast cars; community safety officers knocking on the same door for the 100th time to support a family when all the other services could not; and so on.

I would not be a police officer for all the riches in the world, but these experiences helped me understand how data can drive real-world events. But only if it is used right.

A taste of Information Governance

Fast forward to Scotland and getting my head round the world of academia. This new world doesn’t have all the answers though. GDPR came in and BOSH – all the plans to get new data to researchers slowed right down, EVERYTHING had to be rewritten, and no one had time to do it. That was my first taste of helping with IG: I was in eDRIS, almost the definition of a middle man. Our job was to have enough knowledge to poke the right people to try and get things moving and slowly, painfully slowly, hope some data could be used. I also supported the ADRN conference #ADRN2017 (an attendees summary here): the biggest and most complicated at that time for the network. That was brilliant.

A secondment to Scottish Government was another new environment. The idea that everything can be sorted out if we take ownership and oversee it properly. Great people, a lot of goodwill and enthusiasm, but fundamentally not the right fit for me. In getting the first datasets into the ADR Scotland holding, and publishing the Researcher Handbook, I cemented the view of writing things down for the win. The documents were not perfect – the next iterations found problems – but they lay the foundations to be built on.

Bringing my knowledge to DataLoch

A quick stint in SCADR and now a new venture: an official IG role in a newly expanding team combined with a remote-working start. DataLoch has brought together talented people from diverse backgrounds to get things done, an environment that I love.

But it does bring governance challenges. eDRIS all worked for the NHS, with national, standardised datasets and known risks around using health data. ADR academics knew data science and how to fill out 1400 forms for one project.

Within DataLoch, we now have to write down new guidance and new governance for both staff and researchers – not to mention processes, data-sharing agreements, feedback, websites, reviews, and so on.

Whatever it is, it is written down on my To Do list and I will get there!

[Image credit: Eti Ammos / Getty Images]