Governance Watch - Issue 33

by Dina Medland in London

Data and Governance

Events in the last week across the public and private sectors in the UK have made it quite clear that major issues with technological transformation and the handling of data are not being dealt with from a governance perspective. 

From the failure of IT systems in the NHS breast screening programme to the declaration of insolvency by data firm Cambridge Analytica following a scandal involving allegations of the harvesting of personal data from Facebook to the TSB computer "fiasco", we are spoilt for choice on the evidence that standards of best practice are not evolving fast enough to keep pace with changing realities.

Sadly, it is the cash-strapped NHS - where IT failure has equated to a question of lives at risk - that takes the brunt of media and public outrage. "Perhaps the gravest IT error in the history of the health service, it raises questions about the NHS's past and future…." writes the BBC. It adds: "It should be said that breast cancer screening is one of the NHS's success stories. Around four in every five women can expect to survive, thanks in part to the early diagnosis provided by the national screening service. But the IT systems implicated in this case are also a legacy of the programme."

Banks, on the other hand, have no excuse for not having dealt with 'legacy' issues - as I explored recently in my blog Board Talk - 'Recurring Customer Data Breaches Make A Nonsense Of Corporate Governance.' 

Earlier this week TSB's chief executive Paul Pester was grilled by MPs on the Treasury Select Committee about when normal service will resume for its customers. "However, he says he cannot be precise about when the bank's IT problems will be fully resolved" wrote the BBC, as it offered a video of the "grilling."  

"Just when you thought the reputational damage wrought by TSB's ongoing IT meltdown couldn't get any worse for the bank, its top bosses put in a car crash performance at a grilling by MPs on the Treasury select committee. The British bank's chief executive Paul Pester, its chairman Richard Meddings, and the chief operating officer of the lender's Spanish parent Sabadell, Miquel Montes, were all quick to apologise for outages to online banking services. But MPs were dismayed at the trio's lack of contrition and exasperated as they pleaded ignorance to a wide range of problems…" wrote The Telegraph

Remember the concept of risk management in banking? It doesn't seem to extend to IT, and by extension, to the management of personal data. Some TSB customers have alleged on social media that they could view accounts that were not their own. And, while we are horrified at IT failure in the NHS, we are merely "exasperated" and "dismayed" at it in the corporate sector.

Where banks are concerned, the language of reward and punishment always ends up being counted in money in a way that reinforces the disconnect between the industry and its consumers. One could forgive the TSB customer who couldn't access her own money on the eve of her wedding if she is not delighted to hear that TSB chief executive Paul Pester is now to give up his "integration bonus of £2m." The Treasury Committee heard that his full pay and bonus package will not be decided until the end of 2018.

Time flies, and memories are short when it comes to IT 'glitches', which have now become part of the corporate landscape as 'known unknowns.' As I wrote on Board Talk: "Under cover of the useful moniker "legacy systems" (implying an inheritance that it is both unfortunate and without blame as it is handed down) banks have repeatedly dismissed their carelessness in ensuring that their technology was fit for purpose. While top management remuneration has come through IT meltdowns unscathed, customers have suffered again and again."

The latest coming together of abject corporate governance failure is the story of Cambridge Analytica, as it is one that certainly looks as if it includes dubious ethics, a questionable business model, an extraordinary amount of bluff and bluster …and then a move to play a 'get out of jail' card with insolvency. 

The Information Commissioner's Office has already said it would be examining closely the details of the announcement that Cambridge Analytica was winding down and the status of its parent company. It could have faced fines of up to £500,000 for breaching UK rules, as the Financial Times reported.The UK-based company lost many of its largest clients after allegations it misused the Facebook data in political campaigns. 

This is from the statement made on the Cambridge Analytica website on Wednesday: "Over the past several months, Cambridge Analytica has been the subject of numerous unfounded accusations and, despite the Company's efforts to correct the record, has been vilified for activities that are not only legal, but also widely accepted as a standard component of online advertising in both the political and commercial arenas." 

It goes on to say: "Despite Cambridge Analytica's unwavering confidence that its employees have acted ethically and lawfully…" - a view which it says is "fully supported" by an independent investigation and report Julian Malins QC - "the siege of media coverage has driven away virtually all of the Company's customers and suppliers."

It's always interesting when a company that is all about reputation blames media coverage for its own. Missing personal data however, makes it about a lot more than spin, which makes this tweet from BBC Business a bit ironic.

Follow us on Twitter @ABExcellence

You can find us at Advanced Boardroom Excellence on LinkedIn