The Data-sharing Imperative: Lessons from the Pandemic

The Covid-19 pandemic led the UK shutting down in March 2020. This paper, by Dr Andrea Simmons, explains how improved data sharing would have enabled better delivery of services to vulnerable customers and those most impacted by changing circumstances, and how the number of perceived data-protection challenges could be reduced. The report for the National Preparedness Commission was supported by Thames Water. 

The full report can be found here.

Too often, the legal framework is presented as preventing data sharing. In fact, it permits data sharing in order to protect individuals and for the wider public good. Existing data-protection legislation provides an adequate roadmap to achieve effective, fair, secure, ethical and lawful data sharing. However, wider knowledge of the legislative landscape is required in order to achieve a joined-up, regulatory approach. Moreover, greater trust is required between agencies, alongside embedded practices, processes and supporting technology, that will facilitate a philosophy of ‘dare to share’ so as to improve customer outcomes.

The report states that whilst the powers to share across public-sector bodies largely already exist, the private sector requires increased data-sharing incentives. Data sharing needs to be both easy and systemic in normal times, not just an activity required in an emergency. Therefore, through legal mandate across all sectors, data sharing needs to be a foundational part of all resilience activities at local, regional and national levels.

The report makes several recommendations, grouped under eight themes – Accountability and Transparency, Consent, Managing Vulnerability, Prevention is better than Cure, Increased Inter-sector Collaboration, Addressing Data Sharing, the Role of Technology, and Horizon Scanning.

Under the theme of Managing Vulnerability, the report makes clear that the utility companies and associated regulators should ensure that customers or residents are aware that their health, safety and wellbeing are why their data may be shared. Consent is not required. Rather than allowing the fear of breaking the law to impede any ability to protect a vulnerable customer, it is important to consider what is the worst that could happen, and to ensure the actions are outcome focused: that focus should be on the threat rather than the harm.

Identifying and addressing the needs of vulnerable customers have been key aspects for many industries for some time and largely achieved through the use of Priority Service Registers (PSRs).  In the energy sector, having a PSR is a licence requirement and this has improved the sector size and accuracy of the data. Smaller energy companies have been slow to adopt this approach. The gas industry currently does not have one. Over 90% of customers are dual fuel so it could be that up to 10% of customers may not have any gas and thus may not have a related vulnerability requirement. There are fewer water companies than in other energy sectors and there is thus far less competition in that sector. Nonetheless, there are multiple PSRs linked in the utilities sector with an easy opt in for customers. This should result in greater information sharing because of a common interest in achieving the required regulator-led improvement percentages. Whilst being institutionally similar, there is still a lack of data sharing. Induced competition requires collaboration.

As the Chair of the NPC, Lord Toby Harris, writes in the report’s Foreword: ‘I hope that this report will make all the relevant agencies much more confident of the legal basis that allows them to ‘dare to share’ and encourage them to plan ahead so as to maximise the opportunity to respond rapidly to meet the needs of the most vulnerable before a crisis hits.’