Welcome to my second blog.

My first eight weeks as National Data Guardian (NDG) have been my ‘honeymoon period’ and what I somewhat grandly titled my ‘listening exercise’. I’ve been meeting many people and organisations for the first time in role and getting to know the excellent Office of the National Data Guardian team. I’ve been excited and inspired, taken aback (sometimes at the same time) and curious hearing the range of sometimes very polarised views on data sharing, use, and risk / benefit balance. Many thanks to those I’ve met for their time.

I’ve also found it striking the degree to which questions of data use appear often to be approached through the prism of broader questions such as those relating to individual and / or professional identity, or trust in institutions. Arguably distinct issues sometimes quickly become conflated, perhaps reflecting more fundamental tensions over our underlying shared values as citizens.

As the honeymoon ends, as all must, I’ve perceived that there’s expectation in some quarters for the NDG to be able to exercise some form of omnipotent authority over health and care data. In situations of conflict, my own style of leadership aspires to be more honest-broker than a ‘Boudica’ brandishing a sword. More importantly, it is not the NDG role. In several conversations I’ve invoked the framework of the legislation that established the role to maintain the NDG is not a regulator that enforces, but rather an individual vested with the authority to produce guidance that organisations must have regard to – and to give advice and information about, and assistance in relation to, the processing of health and adult social care data in England. The Act is silent on to what extent that advice should be public.

As you’d expect, I’ve also experienced an implied (or sometimes explicit) comparison with my predecessor as NDG, the late Dame Fiona Caldicott. I too find myself asking “what would Dame Fiona have done?”, and I find that a helpful question. I consider myself fortunate to have had the opportunity to meet with her over the last year in the run-up to my appointment and to benefit from some full and frank advice about approaching the challenges of the role. The NDG team and panel members have since been incredibly supportive in discussing the background to current issues, including the more ‘ancient’ history that shapes our current data landscape.

All of which for me has brought the question of my own values sharply into focus. What will matter most in this role? Turning to the principles and values of the NHS Constitution is a good starting point, alongside the Seven Principles of Public Life. My experience thus far has led me to distil a further two personal values that feel particularly important now, namely to:

  1. Work with complexity and resist binary thinking – oversimplification of complex issues or polarisation of organisations or individuals into ‘good or bad’, whether for ideological or other purposes, is rarely helpful. I stand with Oscar Wilde here – ‘The truth is rarely pure and never simple’.

  2. Work with humility – recognising no expert is infallible, no solution or system is ever perfect. Health and care must be a learning system that seeks to continuously improve from both positive and negative experience. When things go wrong and / or mistakes are made, scapegoating and attributing incompetence or malign intent is usually unhelpful and inaccurate. What matters is how we learn together from what’s happened and what we do about it now, and that is my focus.

No doubt, as my experience as NDG evolves, I’ll develop and refine those further. I suspect I’ll also be adding in something related to healthcare being an emotional business.

As you may guess, the most pressing issue landing on my desk in these first few weeks has been the question of public trust, and my role in that, in relation to the General Practice Data for Planning and Research programme (GPDPR). The Office of the NDG has been actively involved in discussion of the initiative since 2018, alongside stakeholders including the Royal College of GPs and the British Medical Association. One of the key points of discussion has been the imperative to build on learning from previous data initiatives, including care.data and the National Data Opt-out, not least ensuring the right safeguards are in place and that this is clearly communicated to the public.

From what I have seen since coming into post, learning from experience has resulted in the development of a programme which represents a step forward in terms of privacy safeguards, with data releases subject to a strong system of independent oversight. However, since its launch the benefits of the new GPDPR system have not come through in much of the media discourse. It appears that, in the absence of an alternative, a narrative has developed that this new initiative is essentially historically blind and a ‘data grab’ for possibly nefarious purposes. Such accounts often make no reference to the multiple different data collections from primary care that already exist, their range of purposes, or the aging technical system that GPDPR replaces. Concerns about commercial companies accessing data have also clearly been very significant for many people.

Communicating about this data collection clearly was also going to be of paramount importance – as important as making sure the technical details, security arrangements and safeguards were well designed. The importance of building a clear communications campaign so that the public could see what would and would not be done with data has been at the heart of the advice given by the NDG office and panel to this programme over the past years. This advice was in keeping with the new Caldicott Principle 8 that there should be ‘no surprises’ for patients and the public in terms of how health and care data is used. I have been intensely involved in discussions over this last week about the need to allow more time for communications. I’m very pleased by the decision to delay the launch for these questions to be addressed.

It’s essential we all now work together as a system, with humility and honesty, to actively engage with public concerns to ensure there are ‘no surprises’, and I look forward to playing my role in that. One of the ways we achieve this is by providing citizens with the information they need, presented in a way that is sufficiently clear. This will allow them to make their own informed view on the purpose and trustworthiness of the system and its processes, including security, privacy protection and how decisions are made, with clear information about opting out, and what that means in practice if they do.

We all ultimately approach questions of health and care data as individuals, both in what we choose to share with health and care professionals, and then how we exercise our rights regarding how that information is used. Our individual approaches depend on a range of factors, including on how we balance risks and benefits in the light of our personal experience, priorities and wider concerns.

Personally, I have chosen not to opt out. I’ve shared that private information mindful that Dame Fiona Caldicott decided to take the step of publicly disclosing the same. I am satisfied with the purpose, safeguards and oversight of the GPDPR. And I am concerned that if large numbers of people do opt out because our systems are not shown to be trustworthy, then that will result in poorer quality, unrepresentative data sets for health research and system planning, which ultimately will be seriously to the detriment of improving health and care for us all.

Now as my listening exercise of the past two months concludes, I will be laying out my priorities for the coming year in more detail in the NDG annual report, to be published this summer. In the meantime, I welcome your feedback and thoughts via ndgoffice@nhs.net.

    Contributed By

    Revision History:

    By Editor

    Leave a Reply

    Honeymoons and wake-up calls

    by Editor time to read: 5 min