Merthyr Food Poverty Project – Closure Blog

Merthyr Food Poverty Project – Closure Blog

Merthyr Tydfil council’s work on tackling poverty spans all policy areas including Education, Community Regeneration and Social Services. Its approach is to focus on early intervention and prevention.

Its aim is to identify reliable ways to identify and track citizens at risk of falling into food poverty well before their situation becomes acute. Gaining a better understanding of existing data (information) was deemed as one potential way to solve this aim.

Following a period of discovery, our findings showed that information relating to individual citizens was located across council systems with access to information often siloed within specific teams.

The aim of the subsequent alpha phase was to widen the use of siloed information to solve the issue of officers not being aware of a recent change in circumstance that places a citizen under their care at increased risk, even though the change is available somewhere on a council system.

By having access to this timely supplementary information, the idea was that officers would have a fuller picture of what is happening, putting them in a stronger position to make targeted early interventions.

We set the following alpha objectives:

  • Find a reliable way to identify and track citizens at risk of falling into poverty well before their situation became acute.
  • Test our ability to securely bring together data from several council systems into a single combined visualisation.
  • Use the combined information to create a Red, Amber, Green (RAG) status report of individual citizens at risk of slipping into food poverty.
  • Be able to say with confidence that we have a viable and cost-effective solution to the problem question that is worth taking forward to beta.

The alpha focused on three areas: connecting to data sources, identifying key poverty indicators, and ensuring proper use of data.

Challenges encountered


Due to conflicting priorities, securing time with stakeholders often took longer than the needs of an iteration, resulting in stalled progress.

Ensuring proper use of data

This focus area proved to be the most challenging and caused progress and team velocity to stall with the team concentrating all activities on addressing compliance issues related to the UK General Data Protection Regulation (UK GDPR).

Working with the council leadership, its Data Privacy Office, and subject matter experts from Welsh Government, we sought a lawful basis for collecting and using personal data based on the processing being necessary for officers to perform a task in the public interest.

The Data Privacy Office sought to identify a specific law that would allow the council to undertake the processing. It considered the ‘Digital Economy Act 2017’ and the ‘United Nations convention on the rights of the child and child poverty act’ but both were judged unsuitable.

One potential solution was to seek consent from a small pilot sample of citizens. However, the project deemed this unreliable as it would lack the rigour necessary to demonstrate the council was identifying ‘below the radar’ citizens and providing more early interventions.

Vendor engagement

Three application vendors were engaged during the alpha: Capita One, Civica, and Northgate. Identifying and having meaningful conversations with the right people in functions such as commercial, technical, and contracting, took much more time than expected.

Application licensing

The alpha focused on four systems: Capita One Single View (a new addition, the purpose of which being to generate the single combined data visualisation), and three incumbent data platforms: Capita One Education, Civica Housing, and Northgate Revenues and Benefits.

Single View had an annual licence fee (waived for the alpha) and each of the incumbent systems required varying fees to access the product application programming interface (API). For the alpha, work arounds were developed to gather data via each product’s reporting features, which is fine, but ideally establishing an API connection is better.

Lessons learned

  • Understand that when proposing an innovative solution, it is more than ever necessary to ensure all interested parties are aligned, and each support the aims of the project and are clear on its scope and objectives.
  • Adopt a data protection by design and by default approach when developing the solution to help ensure compliance with the UK GDPR’s fundamental principles and a focus on accountability.
  • Engage the Information Commissioner’s Office (ICO) to seek guidance on the idea and solution approach.
  • Engage the organisation’s Data Privacy Officer (DPO) to conduct a Data Protection Impact Assessment (DPIA) as a kick-off priority.
  • Engage channel managers responsible for council information systems as a kick-off priority.
  • Engage vendors of the to-be-connected council information systems to understand any blockers or service or license costs.
  • Seek sustainable ways to help stakeholders plan for, and find time to engage with, the project in a way that works both for them and the project velocity needs.


Activities related to connecting to data sources and identifying indicators were deemed successful. However, the innovative nature of the work meant we hit a catch-22 situation in having to show a legitimate purpose for combining the data (required to satisfy the obligations of Article 5(1)(b) of the UK GDPR) without first combining it to allow us to test the hypothesis that doing so would benefit local citizens by reducing the number falling into food poverty.

As a result, the project team lost confidence in being able to do what was necessary within the budget, timeline, and people available to continue testing, so the alpha was stopped.


Find out how to use data properly

Although for this project the DPO had issue completing a DPIA, based on our experiences and lessons learned, there is a belief that it is still viable to build a sector-leading understanding and use of data across Welsh local government. Our recommendation is therefore, to form a new project with the aim of:

  • Demonstrating that for a valid purpose the sharing of data from different data sources within a council is viable and justifiable.
  • Signposting the significant professional expertise and support available to help DPOs to do a data sharing DPIA.
  • Showing the need to discover ways to improve DPO knowledge and boost their confidence in monitoring the ongoing risks associated with data sharing.

Have another go

If it proves viable to help council DPOs to gain a valid justification and support the sharing of information from different data sources within their council, then our recommendation is to keep at it and form a new project as the potential beneficial outcomes are well worth the investment.

Leave a Reply

Your email address will not be published. Required fields are marked *