Good data management processes involve collecting information securely, organising it appropriately and then using it to support productivity, efficiency and, ultimately, decision-making. However, there are some principles and objectives that can be forgotten and require greater focus and respect:
Data management principles:
- The principle of least privilege – if you’ve no need to see that data then you shouldn’t see that data;
- The security of the data should be maintained when at rest and in transit – this is a collective responsibility rather than allocated to one team (as if this somehow transfers the risk).
Social housing objectives:
- Take care of residents;
- Provide good quality homes at affordable rents.
At the moment, there appear to be quality issues with data in the sector, with teams undertaking ‘data cleansing’ exercises to enhance observability and enable a genuine assessment of the health of the housing provider.
However, data-cleansing is only ever as effective as its ability to prevent a recurrence of the original problem, which could be due to people, processes, technology or a combination of all three. In medicine, you’d use the phrase, “treat the cause, not the symptom”; this is equally applicable to social housing.
The plethora of data available to social housing is quite extraordinary and when you combine the sensor-driven world with the data inherent in a decent HMS, it opens the possibility of deep analytics and better decisions as a result.
Is social housing different?
Data management in social housing is no different to data management in any other sector. The comment that normally follows is that housing providers are ‘unique’ because they hold lots of personal data, often pertaining to vulnerable individuals and sensitive issues. This provides a slight nuance to the management of access to the information, but doesn’t change the technological aspect of data management.
The presence or otherwise of personal identifiable information (PII) shouldn’t dictate whether data is held securely or not; all data should be held securely and treated as a core asset of the business and therefore afforded the respect that it deserves.
Mandatory ISO 27001 compliance?
The provisions of the Data Protection Act are a great framework and set of principles for governing data security but we’re rapidly reaching the point where housing providers should demand that all IT suppliers operate ISO 27001-compliant software and services.
Good providers will embrace the challenge of achieving the accreditation, but there will naturally be some IT suppliers found wanting or who will try to persuade customers that their security standards are “equivalent”. The fact is that those that can achieve the standard will achieve it, and those that can’t will claim that they have equivalent standards or guide potentials towards the direct awarding of contracts to avoid the scrutiny of tender processes.
As has been widely reported, security has never been more important than it is right now. Security is likely to be in the top-three business risks for any housing provider and often in first position given the recent spate of attacks in our sector. Investment in this space is truly worth it to mitigate the risk, regardless of whether you’re running legacy, on-premise or cloud software (or, more typically, a mixture of all three).
Good data governance
Good data governance comes from having a firm grasp of the data architecture and data flows in your organisation alongside a comprehensive data strategy to identify what you want to do with it.
This might lead to a data warehouse or some form of analytics, but the key to good governance is about getting the foundations right and building upwards.
Afterall, you wouldn’t build a house without foundations, so why would you build a data approach without the same underlying principles set in concrete to pave the way.
Andrew McLaughlin is the finance director of MIS Active Management Systems.