Explanatory notes for Standard Data Operations - Read

Read is one of the most important data operations and one of the most complex areas of the digital state.

By its nature legislation is write-once, read-many-times. Lawyers are trained to read legislation and keep on top of it - software developers and service designers not so much. The extract from the Scottish Social Security legislation highlights one of the problems of the management of read permissions.

The Social Security Legislation contains the permissions of the social security agency to read information from a range of different state bodies. Lets take one at random - an integration joint board established by order under Section 9 of the Public Bodies (Joint Working) (Scotland) Act 2014.

In order to establish who has read permissions for the data held in a joing working body’s databases it is necessary to scan the entire canon of administrative law.

The extract from the Digital Economy Act 2017 shows a very typical response to issues in the management of complexity. Rather than manage read permissions to hold them as tight as possible, the Act grants general read powers to a massive range of state bodies. This is generally a bad sign and will be addressed in a forthcoming working paper about the state and the management of complexity to be issued by Gordon Guthrie.

Speedbumps

Read permissions should be attached to the body that hold the data - and not to the body that requires read permissions. Its the only architecture that makes sense - getting to that world is a law reform process in its own right.