These selected essays by Donald N Michael take on the complex, messy, seemingly intractable issues – notably in the arenas of health, learning, governance and enterprise These are areas where paradox, ambiguity and complexity characterise the landscape. Here rapid change means yesterday’s solutions no longer work, where only genuine innovation has any chance of success.
At least 90 per cent of organisations involved in delivering the Government’s flagship back to work scheme, the Work Programme, risk having their contracts terminated because of unreachable performance targets set by the Department for Work and Pensions. The Social Market Foundation, the think tank originally behind the idea for the Work Programme and responsible for the analysis, said that without an urgent rethink of the performance criteria this could lead to the failure of the entire scheme with potentially dire consequences for the 2.4 million long term unemployed it is designed to help.
This framework for supporting personal assistants working in adult social care is part of the process to make it easier for people with disabilities to employ Personal Assistants.
The provision of personal budgets for all eligible people will mean personal assistants, directly employed by people who use care and support services, working in new, creative and person-centred ways to play an increasingly important role in providing tailored support to meet individual needs. This document provides a framework for supporting the development of the PA workforce and their employers over the next five years and beyond.
Providing the right conditions and appropriate solutions to the issues related to looked after children is an absolute priority. Headlines show that failures happen. Records play a vital part in supporting social workers to do their job effectively. Steve Liddicott discusses a new approach to case recording.
Central and local government are failing to benefit from the growing power of social media. During the recent riots, rioters and the public used social media extensively, but public bodies made little use of it to get their messages across.
Read more on PUBLIC SECTOR FAILING TO EXPLOIT SOCIAL MEDIA POWER…
In this book Harry M Kramer sets out the four principles of value-based leadership.
He argues that today’s organisational environment demands values-based leaders who, in “doing the right thing,” deliver outstanding and lasting results. The journey to becoming a values-based leader starts with self-reflection. He asks, “If you are not self-reflective, how can you know yourself? If you do not know yourself, how can you lead yourself? If you cannot lead yourself, how can you lead others?”
This book by Russell L. Ackoff is an annotated glossary of distinctions important in management . He argues that thinkers very great and very small – from Voltaire to Conservapedia – have underlined the importance of first defining your terms – establishing the exact dimensions of the beast before attempting to argue about it, slay it or revere it.
IBM has launched a system designed to help councils to reduce the unintended negative consequences of decisions on citizens and to uncover hidden beneficial relationships among council decisions. The new analytics software is now providing the service to the City of Portland in the US.
Read more on IBM LAUNCHES DECISION SUPPORT SYSTEM FOR COUNCILS…
The Government’s Champion for Active Safer Communities has set out her top priorities to help people make a difference to their neighbourhoods. In this report, Baroness Newlove pinpoints the availability of easy to access online information, a new drive for public sector volunteering and the tackling of binge and underage drinking, as key to achieving her goals.
Ross Brewer discusses reasons behind the NHS’s unenviable data protection record and looks at the task of turning the situation around.
The Information Commissioner, Christopher Graham’s recent assessment of NHS data security has revealed an urgent need for culture change as health organisations continue to breach the Data Protection Act. More than 250 laptops, many of them unencrypted, have gone missing from the Department of Health in the last ten years. This includes notable incidents such as NHS North Central London losing a laptop containing the medical records of over 8 million people. Furthermore, the NHS appears to be disproportionately responsible for many of the data breaches that have occurred in recent years.
In June 2010 the Information Commissioner’s Office published a list of all the UK data breaches reported since 2007 – the NHS was responsible for 305 out of 1,007, almost one in three. More recently Graham stated that while “the policies and procedures may already be in place…..the fact is that they are not being followed on the ground.”
Stemming the data loss
To rectify this problem the NHS will need to overcome a number of challenges including finding the right technology to ensure data is stored correctly, monitored, and that staff follow best practice guidelines. The NHS is particularly susceptible to data breach for a number of reasons. For one thing it is an enormous organisation with a disparate structure charged with protecting a vast repository of sensitive data. In addition, both staff and patients will often find themselves transferred around different facilities. This means that data needs to be accessible in multiple locations too.
Portable devices are often used to solve this problem but countless cases of lost laptops have demonstrated the risk they present. There have been reports of additional issues being caused by staff members using personal devices to store sensitive information. This last point highlights one of the biggest threats to security – employees.
For any organisation that employs as many people as the NHS it is essential to find an effective way to limit the insider threat. Recent research from OnePoll* revealed that 37 percent of people have shared privileged company information with their friends and family, while 21 percent of laptop/desktop-owning respondents stated that they have transferred company data to their personal computer, even though more than half of these devices – 58 percent – were shared with, or could at least be accessed by, other people.
Data theft
While human error is one of the more likely causes of data breach there are more sinister threats online that need to be taken into consideration. As an integral part of the UK national infrastructure, the NHS is also a viable target for sophisticated attacks launched by foreign governments. Recent breaches of targets like the IMF and the Pentagon are both suspected to have been perpetrated by nation states as was the Stuxnet worm attack in 2010. While capable of causing immense disruption these attacks are equally adept at simply monitoring in the background and collecting data.
Getting at the cause of data loss
There have been numerous voices in the media claiming that cloud based solutions are the answer to the data security problems facing the NHS. For example, Clive Longbottom, founder of analyst firm Quocirca, suggests that the cloud could be used to centralise data into a single facility that could only be accessed via “relatively dumb devices”. However, many of the problems experienced by the NHS seem to stem from a lack of visibility when it comes to internal systems. This problem would appear to be common within organisations in the UK. Baroness Neville Jones, special representative to business on cyber security, noted earlier this year that many threats are missed because organisations are unaware of what the normal functioning of their networks looks like “because they don’t actually know enough about their own systems”.
Unfortunately, like many organisations, the NHS is wasting the very resource that can help develop a better understanding of its networks. IT systems produce millions of logs each day, which, when collected and analysed, can provide all the information required to develop a forensic insight into every level of activity. However, even more modestly sized organisations can struggle with the volume of logs that are created and increasingly disparate nature of IT systems.
As a result monitoring and reviewing this information to see what’s been going on can take days or even weeks – long after any security policies have been broken, and sensitive data lost. To simplify and speed up this process, the NHS needs to embrace solutions that automatically monitor and secure all activity logs while also reporting and alerting on activity that warrants attention in real-time. Unwanted activity can clarified by IT staff during the implementation process and could include numerous breaches of data protection policy including incidents of unencrypted data being transferred to a portable device or data not being deleted in accordance with regulatory obligations.
By enhancing visibility of how data is being used, the NHS will have significantly improved ability to ensure that policy and procedure is followed by its staff. In addition, monitoring data logs in this way makes it much harder for sophisticated attacks like the Stuxnet worm to take root. In order for them to do so hackers would need to breach both their target and the logging system simultaneously, a significant challenge. This kind of monitoring is increasingly required by the industry guidelines and regulations observed across both the public and private sector. CESG, the UK Government’s National Technical Authority for Information Assurance, introduced the Good Practice Guide 13 Protective Monitoring framework that stipulates that public sector organisations must continually monitor their IT systems in order to spot unwanted or unusual activity and prescribes how this can be done in the most efficient and effective manner.
Included in the recommendations is the need to monitor all computer-related activity in real-time and the generation of alerts should unwanted activity occur. Continued criticism from ICO would seem to suggest that CESG’s guide is not being adhered to with sufficient diligence at present.
Using Protective Monitoring technology to develop a better understanding of systems, and thus more effective data protection procedures, is essential if the NHS wants to clear up its reputation as one of the UK’s least reliable guardians of sensitive data. Learning more about systems in this way provides a host of additional benefits too, including the ability to identify inefficiencies within the IT estate. The NHS is responsible for holding data on some of the UK’s most vulnerable citizens, while improving IT systems is obviously not as vital as providing first rate medical services it should be a priority nonetheless.
Ross Brewer is vice president and managing director, international markets, LogRhythm.
Read more on NO HOPE SECURITY IN NHS?…