Journals of the Information Entrepreneur - Jacqueline stockwell
Welcome to "The Journals of the Information Entrepreneur"! Hosted by Jacqueline Stockwell, CEO and Founder of Leadership Through Data, this podcast is dedicated to empowering and inspiring information leaders across the globe. Jacqueline shares her expertise in revolutionizing information management training and delivering it in a way that captures the audience's attention and ensures their time is well spent. In each episode, Jacqueline engages with industry experts and thought leaders to discuss the latest trends, challenges, and best practices in information management.
Journals of the Information Entrepreneur - Jacqueline stockwell
047 Records Management by Design: Navigating the Digital Shift with Jenny Lynn
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode, Jacqueline Stockwell sits down with Jenny Lynn, a civil servant and Information & Records Management lead at the Department of Finance in Belfast. Jenny shares her transition from a "hands-on" DPO to leading the strategic digital transformation of the Northern Ireland Civil Service (NICS).
In this episode, we discuss:
The Transition: Moving from reactive data protection to proactive information architecture in Microsoft 365.
FOI vs. SAR: Strategies for managing overlapping requests and why keeping teams "separate but linked" is the secret to success.
Records as Evidence: Applying academic principles to cut through the "keep everything" mindset.
The "Human" Element: Why you can’t automate relationships and how humor helps navigate data incidents.
Data Protection by Design: How to position compliance as a cost-saving project enabler rather than a blocker.
Connect with Jenny:Find Jenny Lynn on LinkedIn Jenny Lynn | LinkedInfor more digital workplace programs and records management.
Hello and welcome to today's show. I'm Jacqueline Stockwell, CEO and founder at Leadership Through Data. I inspire and motivate information leaders across the world. I'm here with Jenny Lynn. She is an experienced civil servant with a specialist background in information management. She currently serves as the Digital Workplace Program Information and Records Manager Lead within the Department of Finance in Belfast. With a demonstrated history of working across data protection, records management and information access rights, Jenny is now working at the front of the digital transformation for the Northern Ireland Civil Service. She is an active member of the professional community for the Information and Records Management Society, known as the IRMS. Jenny is developing the information architecture for in-place records management in Microsoft 365 for the NICS, making it easier for staff to work collaboratively and do records management without even knowing. And I'm thrilled to have you, Jenny, because we've been known each other for quite a long time now. So it's exciting to have you on today's show. We're not it's one that changes all the time.
SPEAKER_00I mean, this is a fairly new rule to me. Jackie only started in December. And I've gone from being a sort of a hands-on information manager, data protection officer, very operational, reacting all the time to queries, questions, issues, um, you know, very fast pace to a more kind of proactive and kind of more laid back, not laid back, but certainly more time to sort of think about the way forward. So this program is really to um bring in place records management in 365 and retire or old EDRMS. So it's it's a really exciting place to be. I'm really enjoying what I'm doing, um, but it's just a different way of working. So yeah, just um follow me on the journey as we go, uh is all I say, because we're just very, very new to this. Well, the program director had involved me from the very early stage of the programme setup to kind of just sort of hear me out on um where he thought the the program could go just based on my experience. And as we went through the programme, it became very obvious that there was a dedicated role there. Um, I was very keen to do that role, but civil service being the way, you know, rightfully so, there's processes to follow, and we followed those processes to do it. So, you know, it was it was it was a natural transition for me, but also quite a big change up to I'm just going from, as I say, that really reactive thing into the this providable way. But it's well, the the main thing is with what you don't get with a lot with these kind of programs and projects, the right people are in the right job. So experience, um, understanding, innovation, forward looking is how I would describe the way we're going with this and getting the right people in to do that and recognizing those talents is is is really important for anybody who's looking to involve themselves in these kinds of products. So tell me about your old role. This is something that comes up a lot, especially in the Department of Finance, because not only is it um you know what quite outward facing, um, we do a lot of policy work um and others outward facing around land and property and and statistics and so on. There's also the HR department for the whole of the civil service that's within the Department of Finance. So there's a huge amount of um uh FOI and subject access that goes on in our department. A lot of them overlapping as well. So you would have got requests that took in a lot wide range of of both FOI and SAR. So the main thing we found was to make sure that there were dedicated people for each, that the same people weren't doing the same job, although, of course, there is a shared column of knowledge and a shared experience. Siphoning and siloing what is an FOI and what is SAR is really important because if you if you start to mix the two together, it gets very confusing for people. And I think as well, being quite clear about how we educate our staff on each thing, that we don't have a one size fits all. This is this is information access um course. There's there's specifically awareness around data protection and awareness around freedom of information. So it's important for that. They're linked but they're not the same. Yeah, it it is it is uh I think starting with the staff, it's really important to to define that. The other thing as well is you know, when you're talking about things like where we are mixing personal information in with FOI, that's where you look to your exemptions. You know, you're talking about looking at your section 40 brackets two, looking at your section 40 brackets one in some cases when it comes to HR, and you know, not just telling individuals we're not going to give you this, it's your personal data or it's somebody else's personal data, allowing them to understand that actually if they're looking for an element of their own personal data, we'll flip that for you proactively into a subject access request. And I know that's ICO guidance, but sometimes it's quite difficult to do in reality. So it is about ensuring that the customers serve right from start to finish, and we're explaining very, very clearly to them the difference between the two things. It's difficult, it doesn't always work because sometimes people have bring their own issues into the situation, but you have to do what you can do to try and make sure it's clear because there's if those things do get mixed up and they go, say, for example, the ICO with a compar concern or complaint, it can get very confusing. My main thing is keep them separate, keep the teams separate, but linked in terms of knowledge.
SPEAKER_01Amazing. Thank you for that. It's a great piece of advice. So in the civil service, information isn't just data, it's the historical record of government decisions. How has the shift to digital first government changed the way we preserve the why behind policy decisions?
SPEAKER_00I think it's made it much easier to capture decisions and because it makes it easier to capture decision making if teams are using the tools properly. You know, email, um, all our collaborative spaces we have now, even you know, the version histories we can create, they all create quite a rich record that isn't then confined to an A4 page, so it comes in different f looks and feels. But however, the the sort of flip side of that is that you know everything's a bit more dispersed now, everything's a bit wider spread. So it's um so it's about making that forming that official record, ensuring it's stored in the right place and making it easy to do the right thing.
SPEAKER_01How do you implement modern records management in an environment where it's deep set in legacy processes? This is the way we've always done it. Like what's your suggestions?
SPEAKER_00Yeah, I think you have to start by meeting people kind of where they are. Legacy processes exist because they solve a problem for people, even if it's inefficiently. So it's first looking at what process they're trying to achieve, what problem they're trying to solve, and then introducing small, manageable changes that will reduce that friction. In the civil service, building alliances or or relationships with operational teams is really crucial. So when people see that better workers' management saves time, reduces risk, they're much more willing to move away from the familiar old ways of working. And having champions and ongoing managed services too is really important. People who can continue to advocate for maintain digital workplace when you're no longer embedded in that part of the project. So having those people built in into those areas, those people that will champion what you're trying to do, even when you've stepped away from that area, is vital for that ongoing there.
SPEAKER_01Yeah, and I think that you 100% it's the relationships that you have with the people and feed into those.
SPEAKER_00So um we can't know the business, we can't understand the processes. So if we go in and say we're gonna do this to you, the back's gonna go up straight away. It's about bringing them on the journey and explaining how it'll help and allowing them to bring their expertise back to you and say, actually, we do this because X, Y, and Z legislation says why? Right, okay. This isn't necessarily gonna work, but something over here will work. It's that two-way engagement for sure.
SPEAKER_01So you hold a PG diploma from the University of Dundee, which is renowned for its archives and records management program. What is one theoretical principle from your studies that you find yourself applying most in the real world of civil service? Jackie, we're going back quite a few years now. I know that I don't know.
SPEAKER_00To be fair, you know, there are things in that theory that I still think about, you know, and use in the day-to-day practice. The main one being that records are evidence. A record is something that is valuable and it's it's it's not just because it exists. So because you created it doesn't mean it has to be kept as a record, despite what you know, your your panic mindset thinks. So it's really about cutting through the noise of we must keep everything just in case, and thinking about well, if it's evidentiary and it gives you know the evidence of a decision, that's when we keep it. That's the record, not all the conversation, not all the conversation around that decision. So, and I think the ICO indeed would agree with that as well. They're not interested in you keeping every single minute shy piece of conversation that comes to decision, they're interested in the decision. So keeping that record as evidence sort of theory works in practice for your entire life cycle.
SPEAKER_01What made you get that pro practitioner's certificate and what was the outcome in your job role because of it?
SPEAKER_00Yeah, I mean, like a post-graduate diploma is great if it's for you because it is academic, it is theoretical, um, it gives you that theoretical practice behind how you apply it. And the the certificate helps you actually apply that in the real world. So it gives you real-world case studies, real world examples to work from. So I think that you know, it shows you how to structure that legislative knowledge into an understandable and meaningful way for people. You can use it to you know learn how to weigh risks and design mitigations that are practical rather than kind of paper theory. Um, and it really helped with understanding like spotting some patterns quickly, um, you know, processing, you know, looking at um so understanding data flows is something that you know you can only really learn in in practical aware, you know, awareness and training. So it's it's kind of the pr the practical sense to the theoretical background.
SPEAKER_01I just want to approbe a ri around life cycles. Yeah, the life cycle of a record. So many people think that records management is just don't delete things, delete things. From your experience, what is the most high risk stage of the information life cycle in a government context?
SPEAKER_00Yeah, I think most stages of the life cycle are risky in a way, but what we are really focusing on in the programme and what has become apparent is you know, creation is really something we need to take a better focus on. I don't think it's about necessarily about fully about risk, but certainly about making better decisions right from the outset, which will cause a lot of less pain down the line. So it's maybe that you know, good foundations build a good house. And I think that you know, creation is something that we just take for granted. It's created there, it's created here, it's in in the civil service. We create right into our EDRMS, which is actually an ERMS, the way we treat it, and it makes everything very structured and very much like a record right from the outset, which isn't necessarily the right thing. And what we're trying to do is flip that narrative on the head to say that not everything you create is a record, you know, and it's going back to that, you know, it's ev what's it what's evidence, what's your decision making? And treating things, and it's a term we're we're starting to use now, is a managed document and talk about things in MS365, those tools that allow you to manage things in a very structured way with good managed metadata, um, but not making it a record, not making it immutable until it really needs to be so. So I think it's that creation stage, we're making those early decisions around, or you know, we're storing things in in various places, but when it comes to capturing it, um, that it becomes, you know, it's it's a managed document and it's managed nicely, but it's still usable for people. And I think that if you have a good start, then when you come to retention disposal, a lot of those issues around we've got so much stuff that we don't even know where to start with retention disposal, or we're scared, it's been so long, we can't we're scared to let go of it. Um, you know, a lot of those decisions have been made early on. So you've you've got your disposal policies in place that will get rid of the rot right before so it doesn't become a problem towards the end. So then yeah, starting out, you know, the creation is is where it all should really begin, ironically. Not ironic.
SPEAKER_01Wait, but then you put AI in there, don't you? And then creation becomes even bigger and more.
SPEAKER_00It's only taking you five minutes to mention the AI word, Jackie.
SPEAKER_01That's I try and keep the dirty word out of here, but it is. Yeah, no. Um, okay, so let's talk about SARS. So they're becoming increasingly more complex and far more frequent. Public sectors and government organizations are getting more and more. What is your strategy for managing vectatious um or massive SARS without sort of paralyzing the daily operations of the department?
SPEAKER_00It's really difficult, Taki as you know, because it's always been, you know, our first finding foundation around SARS is give the people what they need, you know, what they want. We we should we try as hard as possible not to restrict a subject asset request. And it's always been quite um very, very, very rare that would you would step back and say, look, we can we can't service this anymore. Um and not necessarily through volume, but certainly through, you know, um the the the measures of manifest the unreasonable, you know, rather than volume, because I don't think that's a really good way. We we do, you know, in Department of Finance, before I moved on as a DPO, we receive a hundreds and hundreds of subject access requests because there is EHR in there. And I think that, you know, the issues we've had with volumes will change hopefully going forward, because I think the most important thing is to be more proactively transparent with your data around, especially around HR processes. So there's systems being created that allow you more access to your own personal data. And I think as well, a big thing is around trust. So people don't trust processes in HR, they don't trust that people are telling them the truth, they don't trust if it's not transparent enough. So by changing that, um, you know, that transparency around the actual HR process will hopefully look to reduce the night of people putting in subject access requests. Um, I think there are still, you know, issues around, you know, with the new um Data Use and Access Act, you know, we're moving towards that sort of FOI definition of fictitiousness. Um, but I think that genuinely we still need to be quite cautious about doing that when people are genuinely looking for their own personal information for the purposes. So, you know, I think I think what what would cut the volumes and cut the kind of tension in there is to be more transparent from the outside about people, about HR particularly, or about their processes and allow them to access their data easier themselves. They're not getting caught in this entrenchment between their issues and SAR.
SPEAKER_01But I want to talk about sort of um data protection by design and you're working with teams, project management managers, I assume, um, to deliver what you need to deliver. So, how do you get project managers to think about data protection at the start of this project that you're doing rather than treating it right at the end? Well, this is why I was so excited that you got this job, Jenny, because it's kind of where you where you can think about it as well, rather than a checkbox exercise at the end.
SPEAKER_00See, it's the eternal question, Jackie, isn't it? It's always about when do we do data protection during a project? And there's a lot of projects in the civil service, a lot of big, you know, outward-facing ones, a lot of internal ones, changing systems and IT, for example. And I think it all starts with data protection by design and default. You know, it is from that very, very outset of the program. And I think the main thing I've done is put the DPO out there as a put them in your boardroom, put them in your project board, put them in your project team as a consultation. Um, it's it's it's talking about that right from the outset because what we're talking about here is cost saving. You know, that's what you're selling is cost saving. You design an IT system and you talk to me at the end, I'll point out the things that you cannot build in, retention disposal, for example, that's gonna cost you down the line. So, you know, I've focused on those kind of more um project incentives around I'm gonna save you time and money if you talk to me from the outset. And they respond well to anything that talks about reducing risk later on, improving stakeholder competence, um, you know, preventing the need for the last-minute redesigns, as they say. So it's talking about data protection as a project enabler rather than a blocker is really important. So we're gonna enable you for your project to be successful, for your system to be successful, for your outcome to be successful. And I think as well, you know, we have worked very closely, or I had worked very closely with our procurement um teams, our finance teams, our IT colleagues as well to say if you have are approached by somebody who's looking to do a new tender or a new system, mention my name, bring me into the room, um, and put those DPIA checkpoints into the governance paperwork as you go along with your project managers. And that just becomes part of that, just that part of the process. It just becomes natural that way.
SPEAKER_01How do you build the culture of compliance where you see staff as enablers rather than barriers?
SPEAKER_00Um I think it's about positioning data protection and indeed information management as something that helps people do their jobs. I think we go back to the last question there, you know, it's about improving how you're doing things, how improving how your project goes, improving how your piece of work goes, and making make your jobs easier and more safe. So my priorities were always simple practical guidance, quick wins, being really approachable to people and quite collaborative and explaining why things exist, not just what the you know, why it, you know, so for example, the legislation, explaining why a rule in legislation exists, not just what that rule is. It's not just computer says no, it's because, you know, why, you know, well, it depends. You know, let's look at this this way. This is why we're doing it this way. So I think that, you know, that's really important to have that sort of balanced engagement with and collaborative with people. And whenever they feel supported that way rather than judged, they're far more likely to go along with you on the journey and adopt that good practice. So, you know, it's it's just about being, you know, I'm not, you know, here nobody wants to be scared of the person with the you know, the big gavel who's going to cut down on them. It's collaborative. You have to be personable and bring people along on the journey. And I think a bit of humor also helps too. The first thing, you know, if there was a data incident and somebody came to me and said, I have a staff member who's made an who's made an error, um, they've lost a night's sleep over this. I am straight on the phone. Do just don't. Do not ever do that to yourself. It is not worth it. Please do not feel bad. Mistakes happen. You know, I've never encountered a malicious person, thankfully, but mistakes happen. We'll we'll work through this together. I'm not in the culture of blame here. We'll just work to make fix the issue and change our cultures to make it better.
SPEAKER_01And I think that's so important because that's your that's your influence, that's your approach, that's how you deal with the people, and that's how you build those relationships. And I think that is a huge part of an information leader's job role to have those relationships so they will be included in things without being shut out of them. So I think that's uh an amazing piece of advice there. Thank you. So last question from me. If you could automate one part of the FOI SARS process tomorrow, what would it be? Automate it?
SPEAKER_00Maybe dealing with the ICO, who knows? I don't I do know what I'm gonna say. I wouldn't automate anything, anything that involves the staff, the FOI staff, because the involvement they have in terms of knowing the legislation, knowing the systems, knowing the people, it's really, really important. I mean, you can throw AI on the data and it'll bring you back an answer. Having that, the same as what I'm doing in terms of information leadership, is that converse that that conversation, that collaboration with staff who have to do a lot of work to you know to put information in the FOY. Having the team there with that skill and knowledge to support them on that journey, you can't automate that. You know, you just can't, because that is just human interaction between you know, civil servants and colleagues to bring people on the journey. And as well as that, whenever you know a conflict does come up, you're able to, you know, you've built those relationships to get you through that without being scared or you know, people falling out. So it it is really, really vital that we don't automate the human interactions to get the results that we need. Yeah, 100%.
SPEAKER_01So there's still a human behind the job at the end of the day going forward. So it's been absolutely sensational to have you on the show today. Uh Jenny, how can listeners reach out to you if they want to know more about your old job or your new job?
SPEAKER_00Um, as you know, Jackie, I'm not great on LinkedIn, but I am on there, so please um follow me on LinkedIn. Um, and if you DM me, I'll I'll eventually get back to you.
SPEAKER_01Thank you for listening to the journals of the Information Entrepreneur with me, Jacqueline Stockwell. I hope you found this episode inspiring and helpful and have some takeaway tips that can be useful to you. If you liked this episode, please like, review, and share it with your friends. Your support helps us reach more information leaders to stay inspired and listen to great content. Want to test out your strengths and weaknesses and measure it against our Empower framework? Please complete the scorecard. It's a great way to improve and evaluate your skills. You can find the scorecard at the end of the description of this podcast. Stay tuned for a new podcast every Thursday and remember to be bold, be brave, and be beautiful.