Out-Law News 4 min. read

Changes in law may be recommended to allow data sharing to combat fraud

A Government-appointed taskforce  is prepared to recommend changing the law if it finds "unnecessary legal barriers" to the sharing of information under just-announced anti-fraud plans.

The Government has announced a new "counter-fraud checking service" to collect and analyse fraud data across the public and private sector, the Cabinet Office Minister Francis Maude has said. Maude said that the Cabinet Office and National Fraud Authority will "set out the design" of the new service in April as part of efforts to retrieve money owed to the state.

Maude said benefit fraudsters, tax cheats and dishonest employees account for public sector losses of £21 billion a year and that nearly £10bn is further lost from payments made in error. He said a more "collaborative" approach was needed to recover the money lost to the public purse. Government departments will share information about fraudsters in order to combat the problem, he said.

"Fraudsters make multiple attacks across government departments and across the public and private sectors – but our defences have always been fragmented," Maude said in a speech on Monday.

A 'taskforce' on fraud, error and debt was set up a year ago, Maude said, and it will seek to change the law to implement its plans if necessary, he said.

"The Taskforce is committed to removing barriers to sharing information and it is prepared to recommend changes to legislation where there are unnecessary legal barriers," he said.

Under the Data Protection Act organisations are generally required to process personal data fairly and lawfully and generally required to inform individuals that their data is being processed.

However, under Section 29 of the Act organisations can legitimately process personal data where it is necessary for the purpose of preventing or detecting crime, apprehending or prosecuting offenders or assessing or collecting tax, duty or “of any imposition of a similar nature” without informing individuals about the processing if to do so “would be likely to prejudice” their ability to achieve those purposes.

Kathryn Wynn, expert in data protection law at Pinsent Masons, the law firm behind Out-Law.com, said that Government departments could legitimately share information about fraud under the DPA but that the data sharing should be limited to what is necessary and proportionate to the purpose.

“The DPA generally is about proportionality and reasonableness," she said. "Law enforcement bodies currently use the Section 29 exemption to ascertain information about individuals without them knowing about it as part of their criminal investigations, but organisations are not required to pass over every detail that they hold about that person in doing so. They only have to hand over the information relevant to the police investigation."

“Government departments and other organisations involved in the proposed data sharing initiatives will be able to justify processing personal data without having to tell those individuals for the purposes of preventing or detecting fraud but will have to ensure they only disclose the data that is absolutely necessary for that purpose. It might be harder for the organisations to justify sharing data on individuals’ debt without having to be transparent about it, unless they can show that it is relevant to the prevention or detection of a crime,” she said.

“There are already well established data sharing initiatives in place in the financial services sector and the credit industry and the Government would be well advised to engage with the industry bodies to find out more about those arrangements and learn from those practices when building their own model. The exchange of data between the financial services sector via Financial Fraud Action UK is used to co-ordinate activities to combat fraud whilst the principles of reciprocity established by credit industry help identify individuals who are a high credit risk. Those principles have been endorsed by the Information Commissioner’s Office (ICO). ICO has already published a statutory Code of Practice on data sharing detailing the importance of limiting the scope of information disclosed to achieve the purposes of doing so,” Wynn said.

The ICO said it was "aware" of the data sharing plans and that it is "in regular contact" with both the Cabinet Office and National Fraud Authority regarding the initiative.

“Any new scheme involving the sharing of personal data must comply with the Data Protection Act. We will continue to work closely with both bodies and associated stakeholders to ensure that individuals’ information rights are protected," the ICO said.

"We need to take off our collective blindfold and share our intelligence on known fraud and fraudsters and make this the basis of a common defence," said Maude. "It’s the same story with debt. Central Government organisations individually hold data about those that owe them money but where that information is incomplete, they can struggle to recoup debts, particularly from those who are determined to avoid payment. We can’t be hindered here by an outmoded view that data-matching is somehow akin to creating a Big Brother database. New technology now gives us the option to share data momentarily allowing us to check for matches".

"Organisations such as DWP and HMRC, who have the largest databases, already operate tracing systems for other public sector organisations to access data on debtors and these services should be used more widely. We will start opening up legal gateways so we can routinely share relevant information between organisations to help track down debtors," the Cabinet Office Minister said.

All public sector workers are to be trained in how to detect and prevent fraud, he said.

"It is extraordinary that there has not been a cross-Government approach to fraud, debt and error in the past. It does affect every Government department and does affect our ability to deliver better public services," Maude said.

"We will no longer stand back and let the public purse be raided. We will minimise the payments in error that mount up into billion pound losses. And we will be fair and consistent towards debtors so we support those in trouble but collect what’s owed and should be paid. But we can only do this if we share our expertise, resources and data to drive improvements right across government. We can only do this if every public sector employee recognises and understands their role in this fight," he said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.