PROCEDURE Data Quality. Number: W 2020 Date Published: 19 March 2015

Transcription

1 1.0 Summary of Changes This is a new procedure, which should be read by all staff, especially those that: Develop, review or amend Force policy and procedures; Enter data into Essex Police IT applications; Share Essex Police data. 2.0 What this Procedure is about This procedure sets out the measures which Essex Police adopts to ensure that all recorded information (digital and non-digital) is of the necessary quality to enable the Force to conduct its business. This is in accord with Essex Police s Information Management Policy and Strategy which aims to achieve the following: To ensure that Essex Police creates, obtains and uses information of the necessary quality and completeness to best enable us to achieve our business needs, and that we handle that information appropriately. This Data Quality procedure focuses on the collection and reporting of data using both computerised information systems and manual data collection processes. The procedure sets out: The overall corporate approach to maintaining data quality and securing compliance; How staff must capture data in order to improve and maintain the overall quality of Force data; Data quality monitoring and quality assurance processes; The governance framework. Essex Police recognises that: Quality data matters for decision-making, efficiency, public reassurance and officer safety; Everyone in the organisation is responsible for data quality but that accountability resides with middle and senior managers; Information is one of the Force s most expensive and valuable business assets; The improvement and maintenance of quality data is a key objective for the Force; Data quality is fundamental to the Performance Assessment Framework; All employees have a responsibility to manage data appropriately; Information needs to be appropriately secure, made available only to appropriately authorised people and handled in a cost effective way; Information needs to be accurate, reliable, current, clear, comprehensive, relevant, precise and timely. NB terms that have been capitalised in this document have the meaning set out in the definitions. Page 1 of 11

2 Compliance with this procedure and any governing policy is mandatory. 3.0 Detail the Procedure 3.1 Definitions For the purposes of this procedure the following definitions are used: Accuracy Attribute Cardinal field Cleansing Complete (Completeness) Data set De-duplication Dimension DQC Information Asset Owner SIRO Does the data within a field accurately reflect the data entered on a form or presented by the individual. The degree to which the data correctly describes the object or event being described. A specific field within an IT application. One of the most important fields/attributes for the operational business and decision-making. The word that is used to describe the process of detecting and correcting inaccurate data within an IT application. If a record is complete it lacks nothing. All necessary data sets and attributes (fields) have been completed. The proportion of stored data against the potential is 100% complete. A collection of data. The word that is used to describe the process of identifying and eliminating duplicate records i.e. person or location. Describes the measure of the quality of data. The six key data quality dimensions are: completeness; uniqueness; timeliness; validity; accuracy; consistency. Data Quality and Compliance team. A senior individual who is involved in the running of a relevant business area and who has clear responsibility for the data and its risk management (see W 1005 Procedure Information Asset Owners). Senior Information Risk Owner (the Deputy Chief Constable). Page 2 of 11

3 Unique (Uniqueness) Valid (Validity) The single view of the data set. No one thing is recorded more than once based on its unique identifier. An attribute is said to be valid if the data within it matches the data quality rules. Data is valid if it conforms to the syntax (format, type, range) of its definition. 3.2 Introduction The Force has a Data Quality and Compliance team ( DQC ) that is led by the Senior Data Quality and Compliance Officer. This post holder is the professional lead and advisor to the Force on how to improve the quality of data. It is the responsibility of the Senior Data Quality and Compliance Officer to develop data quality strategies and processes that will result in an improvement in the quality of data used by the Force and partner agencies. The work of DQC is kept in line with the requirements of Chief Officers and as such the annual programme of work is visible to Chief Officers through the Information Management Board which is chaired by the Senior Information Risk Owner ( SIRO ). Every Officer, member of police staff or partner agency employee who creates or inputs information (collectively referred to as members of staff in this procedure) has a personal responsibility to ensure that it is of the necessary quality i.e. that it meets the Force data quality standards. It is the responsibility of DQC to monitor and report on individual and business area performance. 3.3 DQC Function The Force currently uses three of the six recognised data quality DIMENSIONS (see 3.1 Definitions) for the purposes of data quality assessment. Against these three dimensions, DQC build and run queries that are based on the Force s DQ rules and that therefore validate whole data sets against the rules that have been agreed with the business. This process identifies the scale of the data quality issues arising. Thereafter, DQ Officers and business representative s work together to investigate and ascertain the cause of the particular poor quality data issue. Once understood, recommendations are documented by DQC that advise the appropriate Information Asset Owner as to what activity is required in respect of historic data cleansing and prevention of future errors. A course of action is agreed between the Information Asset Owner and the Senior Data Quality and Compliance Officer and the recommendations are implemented. All recommendations include activity to ensure that data monitoring reports are included within the data quality plan. Page 3 of 11

4 3.4 The Procedure Process Members of staff must enter COMPLETE and VALID and UNIQUE data into all Essex Police IT applications in accordance with the Force s Data Quality Rules. There are five key principles that must be understood by all staff: Accuracy is as important as speed; Information must not be duplicated avoid duplicating; Data entry must be right first time; Instances of inaccurate data must be reported to DQC; Data quality issues must be addressed when entering data. Whole datasets will be the subject of assessment (validation) by DQC. If the quality of data falls below the expected standard the individual member of staff responsible will be tasked with correcting the error. Details of the error made will be notified by DQC to the individual s supervisor. All members of staff are obliged to work with DQC to establish the root cause of a data quality issue so that steps can be taken to prevent a reoccurrence in the future. Members of staff will, on occasions, be tasked by DQC in collaboration with the INFORMATION ASSET OWNER to resolve issues with historic DATA SETS. Members of staff that generate reports for data sharing must consult with DQC regarding the quality of the data to be shared so that remedial actions and strategies can be created to ensure that the data shared is of the necessary quality for partners. The expectation is that errors reported to the business will be addressed immediately and certainly before the next automated report is due. 3.5 Corporate Data Quality Plan The Senior Data Quality and Compliance Officer will create a Data Quality plan identifying select data sets for analysis by DQC following discussion with Information Asset Owners and the force s ACPO lead for data quality. The plan will at all times be careful to address the operational needs and challenges of the Force as well as those of partner agencies and national IT applications. Investigations will target key applications and the most important attributes within a dataset, but at a minimum will audit and address errors within the name, date of birth and multiple location attribute fields. Duplicate nominal and location records will be continuously addressed. Page 4 of 11

5 Decisions in relation to CLEANSING and DE-DUPLICATION activities will seek to balance the risk, time and cost of such activity. The use of technology by DQC ensures that analysis takes place on whole data sets so that all instances of an error type are identified. The Force s Senior Information Risk Owner ( SIRO ) will approve a threshold for each target ATTRIBUTE above which errors will be rectified by resources identified by the Information Asset Owner. Force performance against the data quality plan will be reported at each Information Management Board and to the SIRO. Data quality issues considered to be high risk will be discussed with the Head of Corporates Services and if appropriate a risk will be added to the departmental risk register and if necessary the force risk register 3.6 Data Quality Assurance Monitoring Heads of Department are responsible for agreeing the quality assurance processes to ensure compliance with business processes and Force policy and procedure. These local quality assurance processes should be complementary to the data quality assessment activities that are undertaken by DQC in respect of whole data sets. The purpose of DQC is to capture instances of poor data quality or poor business practice in areas of high organisational importance where inputting practice and local quality assurance processes have failed. 3.7 Data Correction Procedures Data correction should ideally be done from the front end i.e. by users but on occasions this may not be possible and back-end data correction i.e. by IT Services will be required. However, it is imperative that any requests for data to be changed are formal. Data correction within IT applications should be recorded in detail for the purposes of internal control, audit and regulation. The mass correction of data should be the exception and Form IM5 is designed to document the business case for such an exercise. The second purpose of this template is to maintain an audit trail of the correction activity Back-end Data Correction The request can be generated by any stakeholder but it must be signed off by the Information Asset Owner. The request must be presented using the Data Correction Form IM5. It must include details of the data to be fixed, who will undertake the fix, why the fix cannot be done from the front end, the level of urgency, the risks associated with allowing the error to remain and the risks associated with error correction compared to the risks of taking no action. Page 5 of 11

6 Before back-end data correction processes begin the IT department will document the correction process and it will have been tested on a test environment prior to application on a production environment. The IT department will ensure that the production environment has been backed-up prior to the period of correction. This is particularly important when the corrections required are critical as well as complex Front-end Data Correction Before front-end data correction processes begin DQC will issue a set of data correction instructions. 3.8 Responsibilities Every employee is responsible for data quality but the accountability for ensuring quality data resides with middle and senior managers. The data quality organisation within the Force includes the SIRO, Information Asset Owners, operational business champions, data stewards etc Chief Officers and ACPO Data Quality Lead Are accountable for promoting the benefits of good quality data. They have overall responsibility for ensuring that all members of staff are able to adhere to best practice in relation to information gathering, submission and inputting through the provision of appropriate training and good quality business process design Heads of Department and Information Asset Owners Are accountable for the quality of data in the business or command area assigned to them; Must promote the benefits of good quality data and be proactive in their support of data quality principles and the requirements of the Data Protection Act; Must work with DQC to ensure that the Force data quality rules are aligned with the published business processes that result in the capture and input of data; Must approve data monitoring requests - Form IM6; Must work with the Information Asset Assistants to ensure that business area data meets the desired standards; Must be responsible for the data shared in all forms and with all stakeholders i.e. from within an IT application; hard copy reports; Must ensure that resources are made available to receive and correct errors and merge records as directed by DQC. Page 6 of 11

7 3.8.3 Information Asset Assistants Information Asset Owners typically assign the role of Information Asset Assistant to one or more senior operational managers. These Information Asset Assistants are collectively the key contact between the business area and the Data Quality and Compliance Officers. They are responsible for ensuring that the items under are managed and delivered and that Force policy and procedures in relation to Information Asset Ownership and Data Quality are adhered to within the business area. They are accountable for the quality of data in their business or command area Head of Corporate Services Acts on behalf of Chief Officers to enhance the quality of Force data. This involves the coordination of data security, data quality, data availability, data storage and archiving, business intelligence, performance management and adherence to procedures Head of Information Management Manages the delivery of the Force s three year Information Management Strategy on behalf of the Deputy Chief Constable. The Strategy is written in conjunction with Managers within Information Management ensuring that it is consistent with the Force strategic plans. The Strategy ensures that the Force handles information appropriately and that information used by the Force has the necessary data quality Head of IT Services DQC will set controls in respect of data entry standards and thresholds for Force data that will lead to quality assurance at an IT application level when applied by the IT Services department. The IT Services Department must ensure that system design takes account of the five key data quality principles in order to prevent the entry of bad data and must work with DQC to ensure that system changes do not compound existing or create new data quality errors. The Head of IT Services and the Head of Business and Change Development must ensure that project management handbooks prescribe activities that complement the work of DQC. Page 7 of 11

8 3.8.7 First Line Supervisors Have a responsibility to ensure that the quality of data recorded on both IT applications and in paper format is in accordance with Force Data Quality Rules. Must ensure that staff are supported and trained in the use of IT applications and business processes so that they have the necessary skills to maintain an acceptable standard of data quality. Must ensure that local quality assurance processes are robust and reliable and enable feedback to members of staff on a regular basis. Must ensure that locally designed data entry input forms support quality assurance at source. Must monitor work completed by staff and provide appropriate feedback and take necessary action where performance standards are not achieved Operational Officers/Members of Staff All staff have a responsibility to ensure that the quality of data recorded on both IT applications and in paper format is in accordance with Force Data Quality Rules. They must be aware of the Data Protection Act Staff must ensure that: Sufficient and accurate information is obtained when gathering, submitting and recording information; They respond professionally to requests for clarification in relation to information submitted; They act to resolve all anomalies identified by DQC; They report anomalies to their line manager. They understand the implications and potential harm that can be caused by incorrect data capture and entry Data Quality Steering Group This is a Force wide group chaired by the Senior Data Quality and Compliance Officers, with members being all designated data stewards Senior Data Quality and Compliance Officer The role of the senior Data Quality and Compliance Officer is to direct the Force s activities to maintain the quality of data within existing Essex Police systems and to ensure the integrity of data when migrating to new Essex IT systems Data Quality and Compliance Officers Work on a daily basis with Information Asset Owners and Business Champions to deliver the improvement in the quality of Force data. Page 8 of 11

9 Essex Police College and IT Department The training and IT departments are responsible for ensuring that: All staff are appropriately trained for their role within the Force in the use of IT systems; All staff have access to the latest guides and appropriate training materials in relation to IT systems; Staff are notified of any amendments to IT systems that may affect their working practices. 3.9 Current Legislative Framework The legislative framework within which the Force is required to operate is continually changing as existing laws are amended and new legislation is introduced. Most amendments build on the individuals existing rights and place responsibility on the Force to demonstrate compliance. The Data Protection Act (1998) ( DPA ) is based on eight principles the fourth of which states that personal data shall be accurate and, where necessary, kept up to date. This applies to computerised as well as manual records. The Human Rights Act (1998) ensures that the rights of an individual are respected and upheld. The Force must ensure compliance with the DPA as access to or disclosure of personal data can be challenged under article 8. The Freedom of Information Act (2000) directs organisations to routinely publish all information about the Force that is in the public interest. This will include documents that record decisions taken based on information available from IT systems including . It is therefore essential that the Force can demonstrate the quality of information that is used for decision making. This requires us to have in place effective internal quality audit processes based upon techniques used for monitoring quality standards. 4.0 Equality Impact Assessment This procedure has been assessed with regard to an Equality Impact Assessment. As a result of this assessment it has been graded as having a low potential impact as the proposals in this procedure would have no potential or actual differential impact on grounds of race, ethnicity, nationality, gender, transgender, disability, age, religion or belief or sexual orientation. Page 9 of 11

10 5.0 Risk Assessment Risks surrounding inadequate and inappropriate information sharing are acknowledged to be significant and are recorded on the Force risk register. They are also recorded separately on significant projects such as Athena. The work of DQC is part of the means to mitigate those risks. The business impacts of those risks include: Performance - possible harm to investigations/prosecutions; Inability to share information; Financial - cost of remedial activity; Reputation - loss of public confidence, adverse media scrutiny; Legal - possible harm to investigations/prosecutions; Health & Safety - possible harm to 3rd parties be they members of the public or other agencies who make decisions based on inaccurate or missing information. Possible harm to officers and staff who make operational decisions based on inaccurate or incomplete information. 6.0 Consultation The following consultees have been included during the development of this procedure: DCC Benson ACC Wortley Head of Corporate Services Head of Information Management Head of Performance, Programme and Planning Head of Essex Police College Head of IT Head of Contact Management Head of Crime and Public Protection Head of Intelligence Unison Federation Equality and Diversity Co-ordinator Health & Safety Evolve Equality of Services Manager Head of Professional Standards Department 7.0 Monitoring and Review DQC will review this procedure every 3 years to ensure that it continues to reflect best practice and current practices within the Police Sector. Page 10 of 11

11 The procedure will be updated and communicated to Force employees via the Force intranet site. 8.0 Governing Force policy. Related Force policies or related procedures W 1000 Policy Information Management and Assurance W 1001 Procedure/SOP ICT Acceptable Use W 1002 Procedure/SOP User Account Management W 1003 Procedure/SOP Information Classification and Handling W 1004 Procedure/SOP Incident Reporting and Management W 1005 Procedure/SOP Information Asset Owners W 1007 Procedure/SOP Accreditation of Information Assets W 1008 Procedure/SOP Physical Security W 1017 Procedure/SOP Sanitation and Disposal W 2006 Procedure - Cryptographic Security W 2011 Procedure Transaction Monitoring and Audit W 2013 Procedure Appropriate Access and Use of Police Information W 2024 Procedure Information Sharing W 2033 Procedure Records Retention and Disposal W 2040 Procedure Records and Evidence Centre 9.0 Other source documents, e.g. legislation, Authorised Professional Practice (APP), Force forms, partnership agreements (if applicable) Form IM5 Back-end Data Correction Form IM6 Data Monitoring Requests Page 11 of 11