by David T. Deveau

Unified Boss Theory

Aug 15, 20056 mins

In 2000, a major database system intended to track individuals through the provincial justice system was developed for the Nova Scotia Department of Justice. Although considered a best-in-class application, the system was built without adequate mechanisms to audit user access and without adequate agreements in place to hold users legally accountable for misuse.

How did this happen? The answer is as old as IT: The right hand didn’t know what the left was doing.

There had to be a better way to align privacy and other perspectives with information technology. There was.

The Nova Scotia Department of Justice is responsible for the administration of provincial courts and correctional institutions. It also provides legal services to the provincial government and administers many justice-related programs. In 2002, Deputy Minister of Justice Douglas J. Keefe consolidated all of the department’s key information functions—information technology, privacy and access, policy planning and research, records management, and library services—under one person: the executive director of information management (EDIM). This organizational change signaled a new and progressive approach to leadership.

As the current EDIM, I am accountable for addressing the business needs of this diverse and decentralized organization through IT, and for guiding how the Justice Department deals with nontechnology aspects of information. The EDIM concept can be thought of as the natural evolution of the CIO role in that it champions a holistic approach to information management, including but not limited to IT. The new structure was created because the deputy minister recognized that information management functions are interdependent and need to be managed as a unit to better support one another. He felt that this required a single executive who could create one vision and apply it consistently across these functions.

I joined the Justice Department about a year after this umbrella position was formed. The outgoing EDIM had begun building awareness of the new structure, but the task of implementing change remained for the “new guy” to tackle. The journey hasn’t been easy and is far from complete. Functions such as IT or records management have worked hard over many years to build a professional identity, and understandably, those groups resist anything that risks a loss of that hard-won identity. No one wants to see their place in the organization watered down, even if in perception only.

At Justice, we’ve addressed this by emphasizing that information management is an umbrella concept, not a replacement identity. I’ve invested a lot of time in meeting one-on-one with senior information management leaders to explain that the mandate of the EDIM is broad strategy, not operations management. The Justice Department is fortunate to have experienced and competent leaders running our branches, and I’ve made it clear to the rest of the organization that information management directors are still responsible for “running the show.” At times, this has meant that people making end runs to the EDIM had to be clearly referred to appropriate directors. Otherwise, the relevance of IT staff would be eroded. Besides, considering my focus on more strategic duties, I could not possibly do the IT project process “justice.” (I had to get that pun in at least once.) I reserve most of my time for strategic planning, championing new approaches to business and improving alignment of information management and the business. I also market information management across the enterprise and build relationships with my executive colleagues.

In our new structure, information management leaders are expected to consider issues outside their traditional purview. Initially, it was awkward working together on things such as business plans because information management executives did not see the value of doing the exercise together. So we created opportunities for face time—such as senior staff meetings, an all-division retreat and cross-functional committees. The result: Staff within information management branches engage in activities that take them into the world of their division colleagues. It is now far more common in staff meetings to observe these leaders making suggestions about one another’s activities.

Even this early in our organizational change, there have been obvious benefits to consolidation. They include increased cooperation between information management functions, better IT-business alignment and a move to common IT solutions. Before this consolidation, determining which projects went ahead often depended more on who managed to set aside enough budget than what was actually most important for the justice system. A departmentwide IT steering committee has now been put in place, chaired by the EDIM, with a mandate to collaborate on projects and to discuss whether IT projects being proposed really reflect the priorities of the entire organization. The EDIM considers committee feedback and makes recommendations to the executive committee. Recently, this approach spurred the repositioning of a training management program, originally envisioned for correctional workers only, into something that will be rolled out as a departmentwide solution to tracking staff training. It is cheaper and easier to invest in one system rather than several.

With this new structure, we can also better implement our philosophy of transparency and accountability. For example, Nova Scotia’s Justice Department recently welcomed interest from the legal profession to directly access our integrated information system (to avoid manual requests of physical court files). This kind of collaboration would not have been embraced in the past.

Part of the department’s increased focus is on privacy issues. In Nova Scotia, we are bound by disclosure rules that require 30-day responses to public requests for government-held information, much like the Freedom of Information Act in the United States. We have developed strategies (online information and electronic information tools, for example) that enable us to more efficiently handle such requests for information.

As far as the database described in the opening paragraph, we now have an onscreen user agreement in place, an expanded privacy policy, and our IT branch is investigating how it can use existing database tools to provide us with an access audit capability. And we are in the final stages of developing a new privacy impact assessment tool that will be required when developing future information systems.

In sum, we have found that rethinking the role and scope of the “CIO” allows us to address the ever-increasing challenges associated with IT-business solutions, while at the same time dealing with heightened privacy and security concerns. CIOs have already successfully moved beyond technology infrastructure to become champions of business solutions. Now, this critical role needs to evolve so that it can embrace the wider world of information management.

David T. Deveau has been EDIM at the Nova Scotia Department of Justice since 2003. He can be reached at