If some of the headlines from the past year are to be believed, companies cannot be trusted with sensitive data. The real situation is not that dire, but things would be improved if more firms appreciated that data is an incredibly valuable asset. They would be able to offer better guarantees of protection and get more value from data if they treated it the same way as they do financial assets.

In both the public sector and in business, money is closely monitored through the dual stewardship of sophisticated technology and mature business practice. This system provides a firm’s financial assets with a security net and ensures that the money works hard for the business.

At the moment we are not seeing this level of sophistication in the way business and the public sector interact with data. While the money within a company is protected with multiple business processes from the endorsement of expenses claims to the audit of treasury functions, with corresponding numbers of dedicated staff, the same is not true of data handling. Moreover,
when things go wrong in the management of financial assets there are well-practised routines and procedures to address problems and rectify the situation. By contrast, the response to things going wrong in the data domain is vastly under-resourced and, frankly, only taken seriously if a media storm is threatened.

In the light of HM Revenue & Customs’ data loss, there is certainly a greater awareness of the responsibility to look after data. But the focus is still overwhelmingly on what can go wrong when we should be focusing on the solutions and possibilities for the future.

The Information Commissioner’s Office has been stepping up its investigations, increasing pressure on business and the public sector to provide adequate protection for their data, and for us to seriously engage with this process we must change the culture of information management and how we view data.

Intellect’s identity management group has been working for some months on a survey of the identity management and assurance issues highlighted by the current National Identity Scheme procurement. It has also sought to explore more widely the issues of identity surrounding not only people but also things, for example the provenance of containers entering major ports, and events, such as transactions where records must be kept inviolate for commercial and legal reasons. One of its conclusions is that identity management is now ­ – and actually always has been ­ – a core process of all societies and economies. Current debates are merely concerned with the potential of IT to perform the function faster and more reliably than has been possible before.

Money makes the world go round but increasingly that money, and credit, has no other existence than as data in financial management and accounting systems ­ – the US Treasury will not print notes to buy the sub-prime loans, still less provide gold in return for mortgages ­ – and therefore in a sense money is already just data. It has become increasingly clear, however, that all other data used by business must be treated as seriously, consistently and responsibly as money is treated.

This will call for data stewardship to be handled as seriously as the care of money and for firms to invest in people and procedures that will do this effectively. The world at large has not yet appreciated this, nor has the IT industry quite grasped it yet, but this will be a critical insight for the way in which the role of IT evolves over the next decade.

John Higgins is director general of Intellect, the trade association for the UK technology industry.
Read the Intellect blog at: http://intellect.computing.co.uk