FIFE COUNCIL
Standards & Audit Committee
26 August 2008
Agenda Item No
National Fraud Initiative 2008/09
1.0
Background
1.1
The National Fraud Initiative (NFI) is a data matching exercise that
Audit Scotland, in conjunction with the Audit Commission, runs every
two years and all Councils are required to take part under Section 100
of the Local Government (Scotland) Act 1973.
1.2
The purpose of this report is to set out the roles of those involved in the
2008/09 exercise and advise the committee of the timetable for NFI
and for the issue of fair processing notices.
1.3
Copies of the NFI documentation for 2008/09 have been provided to all
participants in the exercise and copies have been made available to
Committee members. Copies are also available on Fifedirect, the
Council’s website or on FISH, the Council’s Intranet.
2.0
Requirements and Roles
2.1
The Executive Director Finance and Resources has the responsibility
for ensuring that the statutory requirements for bodies participating in
NFI are met namely:a) Nominating a key contact for the NFI exercise
b) Providing the key contact with access to the matches when they
become available on 28 January 2009
c) Ensuring the key contact fulfils all data protection requirements
For the purposes of the 2008/09 NFI exercise, Geoff McDonald, Audit
and Risk Management Services Manager, has been nominated as the
key contact.
2.2
The key contact will be responsible for:
a) nominating appropriate data download contacts. This should be
the person with the most knowledge of the system in question
b) nominating appropriate dataset contacts.
c) ensuring that the data formats guidance and data specifications
are adhered to
d) fulfilling data protection requirements. The key contact should be
in direct communication with their organisation’s data protection
officer or person with equivalent responsibility
e) coordinating and monitoring the overall exercise
f) providing feedback on the outcomes of the exercise.
The names of the download contacts and dataset contact for each
dataset is contained in Appendix 1
2.3
The data download contact will be responsible for submission of the
data for the appropriate data set:
a) in accordance with the data specifications
b) in the correct form
c) using the Data File Upload (DFU) facility in the NFI software
by the required time.
2.4
The dataset contact is responsible for investigating or coordinating the
investigation of the data matches allocated to them by the key contact.
In addition the dataset contact will be responsible for responding to
enquiries from other matched bodies. This responsibility included
ensuring the appropriate filters are used on the data provided by Audit
Scotland and that resources are made available to ensure the data is
reviewed in a reasonable timescale.
3.0
Fair Processing Notices
3.1
The processing of data by Audit Scotland for NFI purposes is carried
out as part of statutory audits. It does not require the consent of the
individuals concerned under the Data Protection Act 1998.
3.2
The Data Protection Act 1998 normally requires participating bodies to
inform individuals that their data will be processed. Unless an
exemption applies for the data processing to be fair, the first data
protection principle requires the data controllers to inform individuals
whose data is to be processed of;



the identity of the data controller
the purpose or purposes for which the data may be
processed
any further information which is necessary to enable the
processing to be fair.
The provision of this information is known as a fair processing notice.
3.3
Audit Scotland has issued a Code of Data Matching practice which sets
out the forms of fair processing notices that participating authorities
should use to inform individuals whose personal information is to be
provided for the purpose of the National Fraud Initiative in Scotland.
3.4
Processing bodies are required, as far as is practicable to ensure that
fair processing notices are actively provided, or at least made readily
available to individuals about whom they are sharing information.
3.5
To comply with these requirements the following steps will be taken:
a) The Council’s website, FifeDirect will have a page outlining
the Council’s approach to data matching in general and the
NFI exercise specifically. Links will be provided to the Audit
Scotland Data Matching website.
b) Each of the pages that relate to data that will be matched will
mention NFI and contain links to the Council’s webpage.
c) The dataset contact will ensure as far as possible that all
application forms will contain a summary notice.
d) For payroll and pensions a summary notice will be provided,
once a year, on payslips as well as on the new start form.
e) An article will be placed in the Council’s newsletter provided
to each household prior to the commencement of the NFI
exercise.
4.0
Reporting
4.1
Data is available to the Council from 28 January 2009 when checking
will be carried out. In the absence of a reporting timetable from Audit
Scotland it is proposed and interim report be brought to this committee
in April 2009 with an update of progress made and a timetable for
future reporting.
5.0
Conclusion
5.1
The National Fraud Initiative is an important national exercise which
complements Fife Council’s fraud strategy and widens Fife’s data
matching by allowing access to external records. The exercise gives
assurance to Fife that it its own data matching strategy is working as
well as giving assurances to the External Auditors.
5.2
Fife Council is committed to taking part in the current round of NFI and
this report sets out the programme for the Council’s involvement in the
exercise.
6.0
Recommendation
6.1
Members are asked to note the content of this report and approve the
actions set out in it to carry out the exercise.
Brian Lawrie
Executive Director Finance and Resources
Finance and Procurement Service
(Contact:- Geoff McDonald – Ext 446079)
Fife House
Glenrothes
Fife
14 August 2008
Appendix 1
Data requirements – NFI 2008-09 - Scotland
Dataset/Bodies
Mandatory/
risk based
Mandatory
Fair Processing
notice require
Yes
Payroll(NHS Bodies)
Payroll (Councils,
Police and Fire and
Rescue Boards,
Strathclyde
Partnership for
Transport)
Pensions (Councils,
Police and Fire and
Rescue boards)
Pensions (SPPA)
Pensions (Other LA
Joint Boards or
Committees)
Students (SAAS)
Mandatory
Mandatory
Yes
Yes
Mandatory
Yes
Includes deferred pensions and pension gratuities.
Three separate files required.
Audrey Quinn
Mandatory
Risk based
Yes
Yes
Data provided by SPPA
N/A
N/A
Mandatory
Data provided by SAAS
N/A
Current tenants
(Councils)
Tenants (Right to
Buy) ( Councils)
Tenants (former
tenants arrears
>£1,000) (Councils)
Trade creditors
payments history and
standing data (LA’s
and NHS bodies)
Trade creditors
standing data
Mandatory
On application
form
Yes
For 2008/09 bodies are requested to provide three
separate files for tenancy data
Jim Lumsden
Mandatory
Yes
Jim Lumsden
Mandatory
N/A (Gone
away)
Jim Lumsden
Risk based
N/A – not
personal data
Risk based
N/A – not
personal data
HB/CTB
Notes
Dataset Contact
NB: Data is obtained via DWP. No upload
required by councils
Damian Bray
N/A
Audrey Quinn
Bodies are encouraged to take up the
opportunity of these matches. Matches will
identify, for example, duplicate payments and
relative numbers of creditor standing records. Also
the number of small value payments made. Data is
also matched to Companies House directors and
matches will be provided to auditors to consider
declarations of interests etc.
Tom Rose
Tom Rose
Data Download Contact
TBC
Appendix 1
Data requirements – NFI 2008-09 - Scotland
Dataset/Bodies
Mandatory/
risk based
Disabled parking
(blue badges)
(Councils)
Residents parking
(Councils)
Private supported
care home residents
(Councils)
Personal injury etc
insurance claimants
(Councils)
Mandatory
Fair
Processing
notice require
Yes
Risk Based
Yes
Mandatory
No
Risk Based
Yes
Taxi license holders
(Councils)
Market trader
licenses (Councils)
Personal licenses for
the supply of alcohol
(Councils)
Dead persons (DWP)
Failed asylum
seekers and expired
Visas
Company directors
Risk Based
Yes
Notes
Dataset Contact
Match is to dead persons. These should
be provided in two separate files.
Frank Jensen
Match is to dead persons only. Notices
may cause alarm or confusion for
residents and are not recommended.
Match is to other claims and to HB/CTB
(declaration 0f capital). It is an industry
standard to data match in this area,
claim forms may already have suitable
FPN wording.
Match is to HB/CTB. Three separate
files are required.
Data Download
Contact
Frank Jensen ? or is this
Housing
Joanna Tait
Avril Sweeney
Frank Jensen
Frank Jensen
If applicable
Frank Jensen
If applicable
N/A
N/A
N/A
N/A
Provided by DWP
Provided by Home Office
N/A
Gordon Walker
N/A
N/A
Provided by DTI Companies House.
Matched to creditor payments and
public sector employees (declaration of
interests etc.)
Tom Rose / Frank
Jensen
* Where a data set is described as risk based bodies should discuss the provision of the data with their external auditors and agree whether or not these represent areas where
the council is at risk or where there could be benefits from the data being included in the exercise. If so, the data will be required NFI purposes in the same way as for the
mandatory datasets.
Appendix 1
Data requirements – NFI 2008-09 - Scotland