Using third-party apps for citizen engagement: information management considerations February 18, 2014

Apps

Many government organisations are investigating the use of third-party apps.

Specialised apps are growing in popularity because they can bring substantial efficiencies, including consolidating communications, streamlining processes and centralising data.

However there are information issues and risks that need careful consideration.

Privacy and security

To effectively utilise many apps, personal details of users and communities may need to be uploaded. This data will need careful protection and management and you need to be assured that the app can deliver on this if client data is involved. You need to be confident that any personal information is secure and cannot be accessed inappropriately by the app owners/developers.

You might also want the capacity to apply different permissions or views within the app because you may not want all staff to be able to view or interact with all data it contains.  Depending on your business needs, the lack of this type of functionality in a particular app may lead you to limit the scope of the app’s adoption or to choose not to use it at all.

Depending on your privacy and risk requirements, you might also deem it important to ensure the app’s data is only stored within Australia.

Data deletion

For app-based government information that is only needed for short periods of time, organisations need to ensure that the app gives you the capacity to purge time-expired data once the appropriate authorised time period has passed.

Under privacy legislation too, it is important not to keep personal information for longer than is required for business purposes, so authorised, regular data purges are important from both data and privacy management perspectives.

Business continuity

Apps that manage important government information should be owned/developed by commercially engaged providers with contractual commitments to manage information.

For example some social media tools make it very clear that they have no responsibility for the management of your information and explicitly state that, if you have ongoing or business needs for this information, you need to manage it yourself. This could be the same with certain apps.

In these instances, the developers may accept no liability or responsibility for deleted, lost or corrupted data, so proactive management of information and scheduled export may be sensible strategies for important or long term value business information in app environments.

Data export

Information export is really important functionality to consider in app environments.

You could have immediate business needs for export:  for example, you need to produce a report of all the clients who reported maintenance issues today so that they can be provided to the maintenance manager for follow up. Or, you may receive a GIPA request and you need to export all transactions in the last three months that relate to a specific issue.

Alternatively, you may have longer term information needs that necessitate export. When deploying apps it is very important to consider whether long-term value information that your organisation needs is transitioning to these environments.

For example, is a lot of case management in your organisation moving to app-based delivery? If so, for high risk areas of business, will it still be possible to access a consolidated record of a specific case and how it was handled over time? Ensuring data can be exported in useable and reliable forms is an absolute necessity for these types of information. It may also be necessary to establish regular data export procedures, say on a monthly basis, to ensure key high risk information can continue to be part of organisational decision making and accountabilities.

Depending on who has access to them, apps could lead to the creation of new data and information silos in organisations, so it is important to ensure that app governance and management mitigates against this.

With export, it is also important to ensure that information can be exported in a format or formats that you can easily reference and reuse and that integrate well with your other business processes.

Conclusion

The decision of whether to use an app is a decision organisations need to make based on an assessment of their  information and security management needs. Organisations are expected to make this decision by weighing these needs up against anticipated efficiency dividends.

It can be easy to overlook the longer term ramifications of what can be seen as a fairly short term tool.

If longer term accountability and business information is shifting to apps to improve service delivery and the quality and comprehensiveness of business information, then this is a good thing. However, appropriate safeguards do need to be in place to ensure information is protected and available for as long as you and your community needs it.

(Thanks to my colleague Peter Bisley for excellent feedback on an earlier draft of this post.)

Leave a Reply

You must be logged in to post a comment.