The heinous case of data mismanagement in local authorities

Overcoming legacy issues, LGR readiness and lessons from an ethical hacker

With Ross McKelvie, head of ICT and Digital Transformation, Flyde Council

“I’m all about novel ideation,” says Ross McKelvie, Flyde Council’s digital transformation lead. “Not everything is going to work, but I love working towards minimum viable products. I want to design very quickly and very iteratively.”

This mindset, more commonly associated with private sector software firms than district councils, underpins Fylde’s approach to digital transformation. Short development sprints of two or three days, rapid prototyping and a willingness to discard ideas that do not land are core to how the team operates.

“Maybe 80% of ideas never fully materialise, but overall, we actually end up building quite a lot in this way. It derives benefits without too much investment.” The aim is not perfection here, but momentum.

For councils facing intense financial pressure, and those entering the most rapid period of change through local government reorganisation (LGR) programmes, this is an important reframing. Successful digital transformation sometimes just requires permission to try.

In this conversation, Ross sets out why it all needs to start with data, whether that’s confronting legacy issues, preparing for LGR or, as a former ethical hacker, being smart with your data estate when building cyber resilience.

Data as the foundation

The role of data discipline in modern digital leadership is ubiquitous. “It underpins everything that we do now”, he says.

“Even if you’ve got budget to throw at a new system, if the data part of the project is not engaged with, you will struggle to make it work.”

Yet despite this awareness, data management remains one of the sector’s most persistent weaknesses. Poor quality data, inconsistent governance and unclear ownership continue to undermine transformation efforts in local authorities. Ross is frank about the scale of the challenge.

“There are quite heinous cases of data mismanagement in local authorities on a daily basis,” he says.

What often holds organisations back is not a lack of understanding, but a sense of overwhelm. Large, legacy data estates can feel too big to fix. Ross rejects that fatalism.

“Just like any huge challenge, it can become manageable if you break it down and approach it in a logical and methodical way with a plan and a clear outcome in mind.”

At Fylde, this has meant being explicit about priorities. Not all systems are treated equally, and not all data is tackled at once.

Data, cloud and local government reorganisation

The pressure to get data in order is only intensifying as LGR moves from abstract possibility to practical reality in many parts of the country. For Ross, data decisions will be among the most consequential aspects of any future mergers.

“In my view, local government reorganisation is something that is much required and long overdue.”

Fylde has developed a priority matrix for line of business systems that will be impacted by LGR. It’s already being used to guide data cleansing and migration efforts before any unification programmes are even approved. The matrix considers factors such as contract renewal cycles, system end-of-life and the appetite for change within each service. This is closely aligned with a cloud-first strategy, moving remaining hosted applications towards platform-as-a-service or software-as-a-service models.

Taken together, these efforts are about LGR readiness – not just technical, but organisational. And the benefits of this data-led approach are beginning to show.

“For the first time, we’ve started to unlock some of the power of shared data across different service areas,” Ross says. “People are beginning to see tangible benefits to getting the data in order, even if the process feels awkward at times.”

Yet Ross also poses a more provocative question, one that many digital leaders will quietly recognise.

Is local government carrying too much historical baggage?

“We’ve had some systems for upwards of 25 years and the data has incrementally grown to massive proportions,” he says. “As a sector, we are very bad at retention.”

Even with improved tooling and the promise of AI-assisted classification, the task of cleaning decades of legacy data may be disproportionate to its value. Ross wonders whether LGR could present an opportunity to draw a line under the past.

“Do we want to carry a lot of bad data into a new organisation, or do we just create a new point in time and start afresh?”

There is no easy answer, but it is a question digital leaders will increasingly be forced to confront.

Lessons from an ethical hacker

Before joining Flyde in 2016, Ross worked as an ethical hacker, providing penetration testing and cyber security consultancy. Infiltrating network infrastructures created a hunger to understand the full technology stack, so he signed up for every Windows Server course he could find.

Now, he is not only responsible for modernising the council’s ways of working through its digital strategy, he is also studying for a masters in artificial intelligence, as he puts it, ‘to understand what goes on behind the scenes with AI so that I can work out how to adopt it in local government.’

It’s a time when these two worlds of AI and cyber security are increasingly colliding.

“Cyber security is probably still our single biggest concern,” he says. “It’s a very high-level strategic risk.”

The emergence of AI has only sharpened that risk. Malicious actors are using it to manipulate malware signatures, probe source code and automate attacks at scale. Meanwhile, councils remain underfunded and under-resourced in cyber capability.

“We simply can’t afford to pay for really good cyber people in local government,” Ross says. “You’re weighing the cost of building a team against the cost if you get ransomed. It pushes acceptable risk beyond what is comfortable.”

Given these constraints, Fylde has focused on reducing exposure wherever possible. Again, for Ross this all comes back to data, in this case with minimising its footprint.

“The more data you hold, the more exposure you have,” Ross explains.

Architecturally, this has led to a deliberately unconventional approach. Fylde no longer operates traditional file servers. Instead, data has been obfuscated to make the estate appear smaller and easier to monitor. The goal is not just prevention, but rapid detection and understanding when incidents occur.

“If something does happen, we can see and understand it very quickly,” Ross says.

Redefining what good looks like

Across experimentation, data and cyber, Ross is challenging assumptions about what good digital leadership looks like in local government.

Progress does not always come from waiting until everything is perfect. Sometimes it comes from moving early and learning fast.

How is your data strategy set up to support your transformation journey?