Paul Russell looks at the legal barriers to full CRM (customer relationship management) integration in local government and suggests that cultural barriers may really be the main stumbling block.
Seeking to introduce customer relationship management into the local government sector is causing much grief. Many, who have not previously been involved with this sector, cannot comprehend why a problem exists for local authorities who are required to implement CRM as part of the Office of the Deputy Prime Minister's (ODPM's) eGovernment programme.
Local authorities are totally different from every other type of organisation, which has existed for over 400 years. In that time, the vast majority of the 400 or so functions that local government performs have been created in isolation from each other and with little or no common relationship between them. Hence local authorities have traditionally been organised in silos: planning, education, social services, environmental health, council tax and so on.
The idea that a local authority should have one common database of names, addresses, contact details, etc is anathema to the traditional elements in the local government sector. In particular, it raises the issue what data a local authority is legally entitled to use to pre-populate such a CRM? More particularly still, being a creature of statute, a local authority must be able to demonstrate that it has a lawful power to create such a database and, more importantly, the power to share data obtained for one statutory purpose for the fulfilment of functions based on other, unrelated, statutory purposes.
So, when I was asked to write the Legal Compliance guide for the National CRM Programme, I knew that I had an uphill struggle. There were three main issues to address if CRMs were to be populated with data from, in particular, the electoral register or council tax records:
If the answer to question 1 was 'yes' or to question 2 was 'no' then, because the first data protection principle requires all processing to be 'lawful', such sharing would be contrary to the DPA.
Pre-population with property address data can be done without problem, as the Local Land and Property Gazetteer (LLPG), being non-personal data, cannot fall foul of the DPA. However, it is the residents of the area whose basic data needs to be held, so that duplication of effort (both on the part of the individual and the authority) can be avoided. It is most frustrating to have to tell every different department of a council with which one has dealings that one has changed address!
Some councils having used the LLPG to create an entry with respect to each property but are only adding names etc ad hoc when an individual telephones or visits the council offices. As most people rarely (or never do) contact in this way, a fully populated CRM would never materialise.
So what databases are available, and which could lawfully be used to pre-populate a CRM with person data? The biggest, most comprehensive and most up-to-date databases of people which a local authority keeps are those held for the administration of council tax, non-domestic rate and housing and council tax benefits, and the electoral register.
Use of the electoral register is expressly and severely limited by reg 107 of the Representation of the People (England and Wales) Regulations 2001, which allows its use only where it is necessary for the discharge of a statutory function of the council or any other local authority relating to security, law enforcement and crime prevention, or for statistical purposes where no personal data is used. Thus only the edited version of the register may used to populate a CRM. As about 40% of the population have opted to be taken off the edited version, this means that the edited register contains only 60% of individuals.
So, what about the second big database, council tax? In August 2001, the Information Commissioner published the content of a 'legal opinion' imparting the view that it is unlawful for a local authority to make use of council tax data for other, non-council-tax purposes. That single piece of work has permeated into almost every nook and cranny of references to data sharing and population of CRMs. Some local authority lawyers and others providing advice in these areas have simply 'copied and pasted' the IC's advice without a second thought.
The advice centred on the wording of the Local Government Finance Act 1992, sch 2, which gives a power enabling the Secretary of State to make regulations to allow for the sale or supply of non-personal council tax data to another person than the local authority which has acquired it. The advice of the Information Commissioner states that this provision (which has not been used by the Secretary of State) indicates that it is unlawful for a local authority to make use of council tax data for other, non-council-tax purposes.
Clearly para 17 does not have any relevance to internal uses of council tax data. A local authority does not 'disclose' information to itself (being one data controller under the DPA), but it may make use of (or process) personal data for a range of different purposes, provided that it complies with the other provisions of the DPA, including the data protection principles and the subject's rights under the Act.
In fact there are clear instances where council tax data must be used (or processed) for other purposes internal to a local authority. Where non-domestic rates and council tax are payable with respect to the same property and where a council tax payer is also a claimant for council tax and housing benefit, it must be so used. In both of those examples there is a clear inter-dependence between each separate function, being administered under distinctly separate legislation: they could not operate without a two-way exchange of information between them. Those examples alone show that the advice given to the Information Commissioner was fatally flawed.
A number of legal opinions have been given, subsequent to the advice to the Information Commissioner, contradicting that advice and the current popular view (although untested in the courts) is that para 17 does not create a bar to uses of council tax data for other, non-council-tax purposes.
So, if para 17 does not provide a barrier to using council tax data, is it lawful? A local authority, being a creature of statute, must have a statutory power to do whatever it does. The Local Government Acts 1972 (at s 111) and 2000 (at s 2) give general enabling powers which should provide more than enough lawful power for the necessary sharing. If the 2000 Act powers, often referred to as the 'well-being powers', are to be used, they must link in with the authority's community strategy required under s 4 of the 2000 Act.
The Department for Constitutional Affairs advice 'Public Sector Data Sharing', issued in November 2003, whilst referring to the IC's advice, does say, in para 28, 'It should be noted that the Information Commissioner has not expressed a view as to whether section 2 [to the 2000 Act] can be relied upon to permit the sharing of council tax data for secondary purposes.', this is intended to indicate that s 2 should be used to empower the sharing of council tax data with other service areas.
The problem is that there are many local authority officers who seem to be entrenched in their conviction that council tax data should not be used to populate a CRM. They fail to understand that the vast majority of the population expect that, if they have told council tax staff that they have moved, other areas of the council will automatically know! Local authorities receive many complaints each year directly because services are not 'joined up'.
Changing the culture of local government is an uphill struggle: the silo mentality is still omnipresent.
It is a nonsense that a local authority is unable to use the full electoral register for its own needs. It is also a nonsense that councils feel they can only use the LLPG and ad hoc callers to populate their CRM. On the basis that the vast majority of council service users rarely or never call, there will never be a comprehensive CRM system if they are restricted to that method of population.
We are in an age where there is much heated debate on ID cards and whether personal data can be imparted from one public body to another, or whether all patient data should be freely available to any health professional within the NHS computer system. In that context, it does seem sad that so much energy and resources are consumed vacillating as to whether or not the law permits a local authority to pool all of its basic contact data into one database of contact details for all its residents.
Paul Russell LLB IRRV is a Public Sector Information Law Consultant and the author of 'CRM Legal Compliance Standards' for the ODPM National CRM Programme and the legal guidance for the eAdmissions National Programme: firstname.lastname@example.org.