From ensuring regulatory compliance to understanding tenants better, the need for accurate, well-controlled data has never been more critical. Yet many housing providers still rely heavily on off-system working, spreadsheets and manual interventions, downloading data from one system, combining it with data from other sources and then uploading it again to another for, say, performance reporting, creating both data governance and security risks.
The housing regulator expects landlords to have effective control frameworks, and the requirement to comply with ‘all relevant law’ means GDPR considerations need to be front and centre regarding personal data, so how do you go about improving how data is managed and used to make a positive impact?
Compliance and good governance
It’s not just about the IT. You only need to look at the reasons behind some of the Regulator of Social Housing’s ‘gradings under review’ or the housing providers that have been downgraded over the past couple of years to see that data quality is fundamental to compliance and to overall good governance.
Across our sector, data is too often thought of as an IT issue. An effective data-control framework requires people, processes and technologies to work properly together to minimise strategic and operational risk and to maximise the value of data to the business.
There have been several recent examples of downgrades as a direct result of data issues. Some, such as Peaks & Plains Housing, have invested heavily in building back their data quality from source. This involved mapping every asset and ensuring that there was a root and branch review of the data held against each asset, linking certifications and then systemising their end-to-end processes to reduce future risks, as well as ensuring a more robust approach to action tracking. Peaks & Plains Housing is now back at G2 and has openly shared its learnings across the sector to raise awareness among other providers.
Belt and braces
Emma Richman, executive director of operations, Peaks & Plains Housing, said, “Over the past two years, we’ve taken a belt and braces approach to all aspects of the business, including implementing a more robust and active data management framework. By getting the basics right and by ensuring that our asset data is systemised as far as possible and our tenant data is really accurate and regularly refreshed, we’re better placed to ensure compliance and to assess tenants’ needs.
“In the past, our executive board was seeing reports showing asset compliance as green based on dates in the system, when under the bonnet those dates weren’t always easily traceable back to a valid certificate at source, so a lot of work has been done to improve things and to ensure that ‘data lineage’ is provable from end to end and automated wherever possible.
“Having been through a Voluntary Undertaking and come out the other side, I can’t stress enough the importance of getting your data and processes right.”
Manual interventions and spreadsheets
Like many housing providers, Peaks & Plains Housing was managing data across multiple systems, via both online and offline processes, combined with manual interventions and numerous spreadsheets to plug the gaps between different solutions – a far from ideal scenario, but one that’s not uncommon.
Data quality isn’t the only risk providers carry, and the sector risk profile clearly identifies cyber risk as another growing area of concern, with the need to keep on top of an evolving threat landscape and to ensure threats are actively monitored and mitigated.
In just the past year, there have been several well-publicised cyber attacks in our sector – from the one at Plentific that saw a housing provider’s tenants hit by phishing emails, through to cyber incidents at South Yorkshire Housing and ransomware attacks at ForHousing and Liberty. Hackney Council was attacked in 2020 and is still working to recover its data.
So with considerations ranging from data management, quality and accuracy through to the complexities of cyber security, how do you get to grips with a messy and complicated data risk landscape?
Data maturity
For many housing providers, the starting point for understanding and prioritising data activity is to undertake a data maturity assessment to understand their overall data position.
Data is so fundamental to everything that housing providers do, it’s no longer good enough to look at cyber risks or data quality risks in isolation. It’s vital to look holistically at how data is valued, managed and controlled across the organisation. It’s only by doing this and by triangulating your overall data position that you’ll fully understand your data culture and the real extent of the risks and opportunities you are carrying.
Levels of data maturity vary considerably across the sector and it’s quite typical to see a high level of manual intervention in the management of data and areas for improvement in relation to personally identifiable information. Asset and finance data has been better controlled than other types of data because of the areas of focus from the housing regulator, but it’s critical that providers address their data risks in the round. This includes everything from reviewing ICT contracts to ensure software providers are robust in their management of data that’s held in systems, through to upskilling executive boards so they know the right questions to ask.
We need to help the sector to move away from always looking at performance in the rear-view mirror to an approach that’s more real time, and ultimately predictive and pre-emptive, so that better decisions can be made.
Kate Lindley is the service lead for digital and data at Socitm Advisory.