Baselining our data maturity
“An organisation’s data maturity – its capability, effectiveness and readiness to use data – is fundamental to achieving its strategic, operational and corporate priorities.”
Central Digital and Data Office
A key part of developing the strategy was in establishing a baseline for our current data maturity. The ICO chose to use the Data Maturity Assessment for Government (DMAG), the emerging, comprehensive, standard for data maturity measurement in the public sector.
To conduct this data maturity assessment, evidence was collected using three methods: survey, workshops and interviews. ICO staff across all employment grades and from almost all departments were involved. Using three methods to collect evidence gave a more robust result and allowed us to obtain quantitative and qualitative outputs.
The DMAG evaluates an organisation's adherence to data use best practices. It does not assess compliance with the laws that regulate data use. The ICO prioritises data protection, our highest scoring area. However, in ethical data management, our focus on protection sometimes hinders routine data sharing resulting in a lower score. The challenge is to balance safeguarding data with ethical sharing, a key focus for achieving our vision of exemplar and responsible data use.
Key insights
The Data Maturity Assessment looked at ten capability areas and was assessed against five maturity levels; beginning, emerging, learning, developing and mastering.
The Data Maturity Assessment identified that the ICO had “Emerging” maturity across six of the ten capability areas. In two areas – “Protecting your data” and “Taking responsibility for data” – maturity was higher, at the “Learning” level. In two areas – “Knowing the data you have” and “Managing and using data ethically” – the ICO was at the lower “Beginning” level.
10 | Taking responsibility for data | ||
Topic | Current state | Future state | |
1 | Engaging with others | ||
2 | Having the right data skills and knowledge | ||
3 | Having the right systems | ||
4 | Knowing the data you have | ||
5 | Making decisions with data | ||
6 | Managing and using data ethically | ||
7 | Managing your data | ||
8 | Protecting your data | ||
9 | Setting your data direction |
Alongside this quantitative measure, a rich set of qualitative insights were collected concerning on areas ranging from data quality, governance, skills, culture and technical capabilities. A number of strengths were identified, including a clear cloud adoption path, early use of AI, pockets of data skills and best practice, strong governance and commitment to compliance, leadership support for and investment in data capability, and a passionate Data Analyst Network. Data visualisation has also been expanded across the organisation, as outlined in case study two, below:
Data visualisation
We have been able to translate data into insight using powerful, interactive data visualisation tools. Through using such technology, individuals can review key performance information, and drill-down to answer questions such as 'how are we doing?', and 'are we meeting our KPIs?'. This insight provides individuals with the capability to make data-led decisions, and to determine the next actions to take to realise improved efficiency and effectiveness.
We believe that, through using data visualisation technology, and data storytelling skills, we can use enriched data to spot emerging trends and become more proactive with our decision making. Individuals within the organisation are now using analytics products based upon data visualisation and business intelligence technologies, such as Microsoft Power BI. These help our people to explore and evaluate the priority of new work requests, using this insight to make decisions on where to prioritise our finite resources to ensure maximum value for our customers.
We are on the start of our data visualisation and storytelling journey. In the future, we intend to explore opportunities for increased proactive disclosure, using nuisance call and messages, and cookie banner data as one example. Additionally, by sharing insight around our complaints data, we can help empower external organisations to proactively address potential issues and improve their compliance stance.
The research activity suggested that our strategy should focus on:
- How the strategy can best support data sharing and cross-working across the ICO, on the basis that through data enrichment, we can obtain greater insight.
- Implementing a data literacy initiative within the organisation, so we can ensure that the wider empowerment of data and analytics skills happens for those outside of our data specialist roles.
- Ensuring that we have the right data and analytics tools and services available to those who need them within the ICO, so they are able to conduct effective, consistent and efficient analysis.
- The implementation of data dictionaries and catalogues, so to ensure enterprise-wide understanding of our data, and the way in which it is recorded and categorised.
- How a "data-driven" decision making culture can be supported, where data and evidence serve to inform decision making.
- Implementing further processes and training around practical steps we can take for mitigating bias and ensuring transparency of data processing.
- Designing and then implementing a data governance programme and a data stewardship network to champion data management best practices within the organisation.
- Developing a data culture within the organisation that responsibly adheres to our data protection responsibility and commitment, whilst remaining receptive to being innovative when it comes to data and analytics.
- Developing a technical solution that provides access to core datasets for ICO colleagues - where this access is carefully managed, and the provisioning of this data helps us to make better data-driven decisions.
Future state
Key ambitions for improving organisational data maturity were identified as:
- Collaborating with external communities and regulatory entities, enabled through confidence in data due to culture and literacy interventions, and supported by operating model and governance initiatives.
- Defined data professional framework and career pathways, meaning the ICO is an attractive place to work, and so retains data skills.
- A core data platform in place, with defined glossaries and data dictionaries in place.
- Data-driven decisions are routine, supplemented by some predictive insights from trials of Artificial Intelligence and Machine Learning.
- Transparency and scrutiny of data analysis improved by data governance initiatives. Bias in data collection and analysis reduced due to literacy and data professionals embedded across the ICO.
- Framework in place for data governance, with roles and responsibilities well understood. Data owners assigned at the “atomic” level, driving behaviours and facilitating data sharing.
- Improvements in data culture and literacy, underpinned by the data platform, enable improved access controls, and a more nuanced balance of data protection, innovation and clarity.
- A defined data strategy has been clearly communicated to the business. The delivery model supports the evolution of strategy alongside continuous delivery.
- An operating model for data which aligns with business strategy is in place.
- The framework for data governance, roles and responsibilities is well understood.
If enacted, these improvements would help achieve a target state.