National Fraud Initiative (NFI) privacy notice
1.0 Council contact details
1.1 North Northamptonshire Council
Registered Office:
Sheerness House
41 Meadow Street
Kettering
NN16 8TL
Telephone number: 0300 126 3000
1.2 North Northamptonshire Council (NNC) is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
NNC participate in the Cabinet Office’s National Fraud Initiative (NFI), a data matching exercise to assist in the prevention and detection of fraud. We are required to provide sets of data to the Minister for the Cabinet Office for data matching.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Cabinet Offices requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise, and these are set out in the Cabinet Office guidance.
For further information on the Cabinet Office’s legal powers and the reasons why it matches particular information, see the National Fraud Initiative privacy notice.
Contact details:
The data controller for your matched personal data is the Cabinet Office. The contact details for the data controller are:
Head of the NFI
1 Horse Guards Road
London
SW1A 2HQ
Email: [email protected]
2.0 Information that we hold
2.1 NNC is required to take part in the NFI and to provide sets of data to the Minister for the Cabinet Office for data matching National Fraud Initiative Privacy Notice.
The NFI use information that you provide the council when making a claim or applying for:
- a taxi driver licence
- a market trader license
- a personal alcohol licence
- social housing (current tenants and individuals on a housing waiting list)
- right to buy (completed and in progress)
- a transport pass and permit (including residents’ parking, blue badges and concessionary travel)
- a council tax reduction scheme
- council tax
- universal credit
- housing benefits
- other state benefits
- COVID-19 financial support
- help with NHS health costs
- the electoral register
- social care
- a personal budget
The NFI also uses:
- information that you provide when seeking payment of an invoice from an organisation that takes part in the NFI (trade creditors)
- information that you provide when seeking payment for employment (payroll) from an organisation that takes part in the NFI
- information that you provide relating to pension related to employment for organisation that takes part in the NFI
- information that you provide in relation to your council tax and in relation to your business rates
- information that you provide in relation to residents in a private care home supported by an organisation that takes part in the NFI
2.2 We collect and process personal data that you provide to us, which may include:
- name
- contact details (such as address, telephone number, email address)
- date of birth
- National Insurance Number
- NHS number
- payroll information (for staff)
2.3 The following data sets may be shared:
- Payroll
- Pensions
- Trade creditors’ payment history and trade creditors’ standing data
- Housing (current tenants and individuals on a housing waiting list) and right to buy (completed and in progress)
- Housing benefits (provided by the DWP)
- Council Tax reduction scheme
- Council Tax
- Electoral register
- Students eligible for a loan (provided by the Students Loan Company)
- Private supported care home residents
- Transport passes and permits (including residents’ parking, blue badges and concessionary travel)
- Insurance claimants
- Licences - market trader or operator, taxi driver and personal licences to supply alcohol
- Personal budget (direct payments) and social care
2.4 The data specifications setting out exactly what data we process in the above areas can be found on the National Fraud Initiative: public sector data specifications page.
3.0 How the information is obtained
3.1 Most of the personal information the council process is provided to us directly by you or your representative for one of the following reasons:
- as part of an application for a service, discount or benefit
- supplier or contract for a service or product
- employee payroll
We also receive personal information indirectly, from the following sources in the following scenarios:
- Information that you provide when seeking payment of an invoice from an organisation that takes part in the NFI - this is referred to as trade creditor standing and payment history data
- Information that you provide when seeking payment for employment from an organisation that takes part in the NFI - this is referred to as payroll data
- Information that you provide when registering to vote - this is referred to as Electoral Register data.
- Information that you provide in relation to your council tax and in relation to your business rates
- Information that you provide in relation to residents in a private care home supported by an organisation that takes part in the NFI
- The data specifications setting out exactly what data we process in the above areas can be found on the National Fraud Initiative: public sector data specifications page
3.2 The NFI is conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (the Act). It does not require the consent of the individuals concerned under current data protection legislation. There are certain public sector bodies that are required to provide data for the NFI on a mandatory basis, including local authorities, such as NNC. In addition, other bodies or organisations, such as Housing Associations, can provide data to the Cabinet Office for matching on a voluntary basis under schedule 9, 3 of the Act.
Data matching by the Cabinet Office is subject to a Code of Data Matching.
NNC has a zero tolerance for fraud and undertake data matching activities for certain services on a more frequent basis for the same purposes. More regular matching and bespoke data matching is completed using the NFI Fraud Hub which is an extension to the standard program of national matching, allowing NFI participant bodies to screen their data regularly and effectively in order to prevent errors in processing payments and to reduce fraud. NNC may rerun the same data matches securely within the NFI portal more often to support certain services within the council.
It is estimated that losses to government through fraud are in the region of £31bn to £49bn per annum. It is in all our interests to prevent fraud, and public bodies have a particular responsibility to ensure that taxpayers’ money is spent appropriately and is not taken out of the system fraudulently.
3.3 There are a number of reasons why we need to collect and use your personal information. Generally, we collect and use personal information where:
- it is necessary to meet our legal obligations
- it is required for the defence of legal cases
- it is necessary for law enforcement reasons and to prevent and detect fraud or crime
The UK GDPR Lawful basis for processing personal data is Article 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The legislation which supports the NFI and Fraud Hub for data matching purposes are:
- Local Audit and Accountability Act 2014
- The fraud power in section 56 of the Digital Economy Act 2017 creates a permissive gateway that enables information to be shared between specified persons in order to share information and take action in connection with fraud against a public authority. Information sharing between public authorities will help to improve the ability to identify and reduce the risk of fraud against NNC and recover public sector funds.
Fraud against a public authority for the purposes of the Digital Economy Act 2017 means a fraud offence which involves (a) loss to a public authority, or (b) the exposure of a public authority to a risk of loss. Taking action in the context of this power includes: preventing, detecting, investigating and prosecuting fraud, bringing civil proceedings, and taking administrative action as a result of fraud.
4.0 What we do with the information
4.1 We use the information that you have given us in order to enable the council to fulfil its financial responsibility and regulatory requirements in preventing and detecting fraud or error.
The information will only be used for these purposes. Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law.
4.2 We may share this information:
- internally with other NNC services in order to identify fraud or error, ensure our records are accurate and up-to-date, and to improve the standard of the services we deliver
- externally with other local authorities, and government departments including law enforcement in order to identify fraud or error, to ensure our records are accurate and up-to-date, and to improve the standard of the services we deliver
Information sharing is undertaken in accordance with UK GDPR and the Data Protection Act 2018.
4.3 We do not use automated decision making for equalities processing. Automated decision-making is where decisions are made about you without any human influence on the outcome. These may affect your legal rights or have an impact on your circumstances, behaviour or choices.
4.4 There is no profiling undertaken in relation to equalities processing. Profiling is where you analyse parts of an individual’s personality, behaviour, interests and habits to identify their preferences, make predictions or decisions about them.
5.0 How long we keep your information for and how we securely dispose of it after use
5.1 We keep your personal information processed for this purpose in line with the council’s retention schedules. A copy of the retention schedule can be requested.
5.2 We will securely dispose of your information in line with retention periods.
6.0 How we store your information
6.1 Your information is securely stored on the council’s systems, in which the servers are UK based. The extracted matched information is held securely within the National Fraud Initiative portal. Access to this information is secure and restricted to council appointed staff only.
6.2 Information used for data matching is already held within separate service secure systems within the council. The data from one service is matched to another service or other councils or government organisations. Data matching allows potentially fraudulent claims and payments to be identified.
7.0 Your data protection rights
7.1 The law gives you a number of rights to control what personal information is used by us and how we can use it. For further information, please see section 15 of the council’s Corporate Privacy Notice.
7.2 Please be aware that your rights may differ depending on the lawful basis for processing your personal data.
8.0 Who to contact
8.1 If you would like further information about how we use your personal information, or you wish to exercise one of your data rights or you wish to complain about the use of your personal information please contact the Data Protection Officer.
8.2 If you are still dissatisfied once you have contacted the Data Protection Officer, you have the right to complain to the ICO. The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
9.0 Changes to this privacy notice
9.1 Privacy notices are live documents, which will be updated or revised in line with legislation.
9.2 This privacy notice was last updated on 3 September 2024.
Last updated 13 September 2024