The College is required by law to protect the public funds it administers and therefore participates in the National Fraud Initiative in Scotland: a data matching exercise to assist in the prevention and detection of fraud. As such, we are required to provide particular sets of data to Audit Scotland for matching for each exercise, as detailed here http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative
Data matching involves comparing computer records held by one body, usually personal information, against other computer records held by the same or another body to see how far they match, and assists in the identification of potentially fraudulent claims and payments. Where a match is found it may indicate that there is an inconsistency which requires further investigation, however, no assumption can be made whether there is fraud, error or other explanation until an investigation is carried out.
The use of data by Audit Scotland in a data matching exercise is carried out with statutory authority, normally under its powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by Audit Scotland is subject to a Code of Practice, as detailed here http://www.audit-scotland.gov.uk/docs/central/2010/nr_101112_nfi_data_matching_practice.pdf
View further information on Audit Scotland’s legal powers and the reasons why it matches particular information at http://www.audit-scotland.gov.uk/uploads/docs/um/nfi_privacy_notice_2016.pdf or contact email@example.com should you have any queries.
NFI BACKGROUND AND APPROACH
Audit Scotland conducts data matching exercises to assist in the prevention and detection of fraud. This is one of the ways in which Audit Scotland meets its responsibility of promoting economy, efficiency and effectiveness in the use of public money.
Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified but the inclusion of personal data within a data matching exercise does not mean that any specific individual is under suspicion. Where a match is found it indicates that there may be an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The exercise can also help bodies to ensure that their records are up to date.
The processing of data by Audit Scotland in a data matching exercise is normally carried out under the powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
All bodies participating in Audit Scotland’s data matching exercises receive a report of matches that they should investigate, so as to detect instances of fraud, over or under-payments and other errors, to take remedial action and update their records accordingly.
From 2010 Audit Scotland will normally conduct data matching exercises under its new statutory powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. Previous exercises were conducted as part of the statutory audits and in accordance with duties placed on auditors by the Code of audit practice approved by the Accounts Commission and the Auditor General for Scotland (AGS).
Under the new powers:
a) Audit Scotland may carry out data matching exercises for the purpose of assisting in the prevention and detection of fraud or other crime and in the apprehension and prosecution of offenders (the ‘permitted purposes’)
b) Audit Scotland may require certain persons to provide data for data matching exercises. These persons include all the bodies to which the AGS or the Accounts Commission appoints auditors, licensing boards, and officers, office holders and members of these bodies or boards
c) Other persons or bodies may participate in Audit Scotland’s data matching exercises on a voluntary basis. Where they do so, the statute states that there is no breach of confidentiality and generally removes other restrictions in providing the data to Audit Scotland
d) The requirements of the Data Protection Act 1998 continue to apply
e) Audit Scotland may disclose the results of data matching exercises where this assists the purpose of the matching (see (a) above), including disclosure to bodies that have provided the data and to the auditors appointed by the AGS and the Accounts Commission
f) Audit Scotland may disclose both data provided for data matching and the results of data matching to the AGS, the Accounts Commission, the Cabinet Office, or any of the other UK audit agencies specified in Section 26D of the Public Finance and Accountability (Scotland) Act 2000, for the purposes described at (a) above
g) Wrongful disclosure of data obtained for the purposes of data matching by any person is a criminal offence
h) Audit Scotland may impose reasonable charges on any body participating in a data matching exercise
i) Audit Scotland must prepare and publish a Code of Practice with respect to data matching exercises. All bodies conducting or participating in its data matching exercises, including Audit Scotland itself, must have regard to the Code
j) Audit Scotland may report publicly on its data matching activities.
In addition, Audit Scotland also accepts data provided by bodies on a voluntary basis.
For information describing which datasets are matched by Audit Scotland, and the purpose of each match, please refer to Audit Scotland’s instructions available at http://www.audit-scotland.gov.uk/uploads/docs/um/nfi_instructions_for_participants_1617.pdf
Data matching by Audit Scotland is subject to a Code of data matching practice available at http://www.audit-scotland.gov.uk/report/code-of-data-matching-practice-for-scotland
NFI participants must tell individuals that their data will be processed. Guidance and examples of fair processing notices are available at https://www.gov.uk/government/publications/fair-processing-national-fraud-initiative
View more information about Audit Scotland’s data matching exercises, including national reports, other publications and guidance, at http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative
Alternatively you can write to the senior manager (Audit Strategy and NFI) at the following address:
102 West Port
Tel: 0131 625 1500.
Email enquiries should be addressed to: firstname.lastname@example.org quoting ‘National Fraud Initiative’ in the subject line.
More information about the UK National Fraud Initiative is available on the Cabinet Office’s website at: https://www.gov.uk/government/collections/national-fraud-initiative#about-the-national-fraud-initiative