NAO Good Practice Guide - Tackling external fraud - HM Treasury
NAO Good Practice Guide - Tackling external fraud - HM Treasury
NAO Good Practice Guide - Tackling external fraud - HM Treasury
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Good</strong> practice in tackling <strong>external</strong> <strong>fraud</strong> | Detecting and investigating <strong>external</strong> <strong>fraud</strong> and imposing sanctions<br />
3.10 The Serious Crime Act 007 enables a public<br />
authority to disclose information as a member of a<br />
specified anti-<strong>fraud</strong> organisation for the purposes<br />
of preventing <strong>fraud</strong> or a particular kind of <strong>fraud</strong>.<br />
The information may be of any kind and may be<br />
disclosed to the specified anti-<strong>fraud</strong> organisation,<br />
any members of it or any other person to whom<br />
disclosure is permitted. As part of the regulatory<br />
impact assessment for the new provision, four<br />
public sector organisations provided in total ,6 6<br />
records to match against CIFAS’ database. CIFAS<br />
is a Fraud Prevention Service with 70 member<br />
organisations spread across banking, credit cards,<br />
asset finance, retail credit mail order, insurance<br />
and other sectors. Nearly one third of the records<br />
matched demonstrating that many of those who<br />
commit <strong>fraud</strong> against one organisation also commit<br />
<strong>fraud</strong> against others.<br />
3.11 Data matching between different bodies is<br />
facilitated greatly by common data descriptors but<br />
is possible only if there is appropriate authority for<br />
data to be transferred or shared between these<br />
bodies. This authority may derive from a statutory<br />
basis for demanding, or disclosing, the data or<br />
both. Uncertainty regarding powers to share data<br />
may sometimes have hindered the use of data<br />
matching. Data matching has also raised concerns<br />
about the possible infringement of individual rights<br />
to privacy. Concerns about individual privacy are<br />
the subject of the Data Protection Act and the<br />
Human Rights Act 998.<br />
3.12 The Information Commissioner has issued<br />
guidance on his website listing the eight principles<br />
put in place by the Data Protection Act 998 which<br />
ensure that information is handled properly. These<br />
are that data must be:<br />
l fairly and lawfully processed;<br />
l processed for limited purposes;<br />
l adequate, relevant and not excessive;<br />
l accurate;<br />
l not kept for longer than is necessary;<br />
l processed in line with the individual’s rights;<br />
l secure;<br />
l not transferred to countries without<br />
adequate protection. 11<br />
11 Eight principles of the Data Protection Act 1998, Information Commissioner’s Office<br />
http://www.ico.gov.uk/what_we_cover/data_protection/the_basics.aspx<br />
12 Human Rights Act 1998 Chapter 42 – http://www.hmso.gov.uk/acts/acts1998/19980042.htm<br />
The Commissioner has also produced guidance<br />
on implementing these principles in the documents<br />
on Compliance advice: Data sharing between<br />
different local authority departments; Framework<br />
code of practice for sharing personal information;<br />
Sharing personal information in the public sector:<br />
A new approach and Sharing personal information:<br />
Our approach.<br />
3.13 Schedule 8 of the Human Rights Act 998<br />
gives rise to questions about the extent to which<br />
data matching complies with the provisions<br />
regarding personal rights to privacy. There are<br />
exceptions to these provisions where:<br />
“necessary in a democratic society in the interests<br />
of national security, public safety or the economic<br />
well being of the country, for the prevention of<br />
disorder of crime, for the protection of health or<br />
morals, or for the protection of the rights and<br />
freedoms of others” 12