What if there was a Regulatory Data Standard?

For any modern organisation, data should be your core asset, a foundation that drives and informs strategic decisions and efficiencies. Utilising data to shape and enhance operational and customer performance through digital transformation may be where the housing sector is moving, but organisations need firstly to ensure that there is a minimum standard in place that provides the firm foundation and framework before you can move along the data utilisation spectrum.

As Registered Providers (RPs) become increasingly data intensive and their reliance on data grows, we ask the question, should your organisation be approaching the management and governance of data as if it were a Standard?

The consequences of getting data governance wrong…

  • Regulatory returns downgraded –Recent regulatory interventions have highlighted that incorrect regulatory returns can directly impact your governance grading and is an area which the regulator now has (and quite rightly) very little tolerance for, with inaccuracies seeming indicative of a poor organisation wide internal control framework.  
  • Incorrect rent calculations –Rent setting is a technical exercise reliant on many years of accumulated data; just because you’ve rolled on from year to year doesn’t mean that there wasn’t a flaw right at the beginning!
  • Breeching GDPR –With GDPR in place for over a year its principles should be knitted into your organisation’s data protection procedures. While we have yet to see any high-profile penalties within the sector, data breaches are on the rise, with the Information Commissioner’s Office reporting a 15% increase in data breaches involving Housing Associations in recent months. As well as the financial penalties, breaching data protection will significantly worsen your landlord – tenant relationships.
  • Incomplete data on your assets – With the Grenfell tragedy shaking up building regulation, it is your responsibility as a landlord to know about all components of your properties to protect the welfare of your tenants and keep them safe. At the heart of this is having complete, accurate and up to date data on all your assets.

So, if there were to be a standard, what might it look like?

Management of data is first and foremost a governance issue. By ensuring you have the suitable arrangements in place, you can then embed them throughout your organisation while providing assurance to your board all areas are covered. The key elements of a good data governance framework should start with:

  • Internal Data Governance Policy – A document that sets out the data principles and arrangements in place to achieve effective data management. This document should act as an overarching reference where other strategies and policies cite their own data procedures and ensures consistency at all areas and all levels.
  • Data hierarchy and framework – Who is ultimately responsible for holding data within your organisation? Who is the Chief Data Officer and delegated data stewards, and do you have clear lines of accountability? In addition, each process should have a bespoke procedure outlining timelines, accountability, processes and check points – flow diagrams are a great way to visualise this.
  • Independent view – Processes either need to be scrutinised by an external independent view or an internal view who should be separate from that specific data process.
  • Embed throughout – Data governance needs to be embedded into your organisation’s culture, with staff members kept up to date with data legislation and frequent data handling training.

In a world where decisions are heavily reliant on having the correct data, organisations should be fully aware of the risks and consequences of poor data; this is no different from any other risk and should be treated the same way.

You already have a robust risk management framework – just apply it to your data. 

In the next article, Colin Sales MD at 3C Consultants, explains why all organisations should approach the management and utilisation of data as business critical – not solely a compliancy requirement.