Search Legislation

Advanced Search

Serious Crime Act 2007

Section 73: Data matching and Schedule 7

239.This section gives effect to Schedule 7. Schedule 7 is divided into three Parts dealing with England, Wales and Northern Ireland. Paragraph 2 of Part 1 inserts a new Part 2A into the Audit Commission Act 1998.

240.Subsection (1) of new section 32A (as so inserted) provides for the Audit Commission to carry out data matching exercises or to arrange for another organisation to do this on its behalf. Subsection (2) defines what a data matching exercise is. It involves the comparison of sets of data. For example, taking two local authority payroll databases and matching them. Matches should not occur but if they do, fraudulent activity may be highlighted. Subsection (3) defines the purposes for which the powers in subsection (1) can be exercised. These purposes are assisting in the prevention and detection of fraud. Subsection (4) provides that such assistance may, but need not, form part of an audit. Subsection (5) provides that data matching may not be used to identify patterns and trends in an individual’s characteristics or behaviour which suggest nothing more than his potential to commit fraud in future. This is designed to prevent the Audit Commission from creating individual “profiles” of future fraudsters. Subsection (6) provides that in succeeding provisions of Part 2A, reference to a data matching exercise is to an exercise conducted or arranged to be conducted under section 32A.

241.Subsection (1) of new section 32B enables the Audit Commission to require the provision of information to conduct a data matching exercise. Paragraph (a) provides for any body as mentioned in subsection (2). Paragraph (b) provides for any officer or member of that body. Subsection (2) sets out which bodies may be required to provide data under subsection (1)(a). They are (a) those bodies subject to audit, (b) English best value authorities (not subject to audit). Subsection (3) creates an offence and accompanying penalty for non-compliance with subsection (1)(b). Subsection (4) provides for the Audit Commission to recover any expenses they incur in connection with proceedings for an offence under subsection (3) from the body concerned. Subsection (5) explains which bodies are covered by the term ‘English best value authority’.

242.Subsection (1) of new section 32C provides that where the Audit Commission think it appropriate, they may conduct a data matching exercise using data held by or on behalf of bodies not subject to new section 32B. It also provides that such a body may disclose data to the Audit Commission for those purposes. This could include central government departments and some private sector bodies such as mortgage providers. There is no compulsion on any of these bodies to take part in a data matching exercise. Subsection (2) provides that the disclosure of information does not breach (a) any obligation of confidence owed by a person making the disclosure or (b) any other restriction on the disclosure of information however imposed. Subsection (3) provides that nothing relating to voluntary provision of data authorises any disclosure which (a) contravenes the Data Protection Act 1998 or (b) is prohibited by Part 1 of RIPA 2000. Subsection (4) restricts disclosure under subsection (1) if the data comprise or include patient data. Subsection (5) provides a definition of patient data. Subsection (6) provides that this section does not limit the circumstances in which data may be disclosed apart from this section. Subsection (7) provides that data matching exercises may include data provided by a body or person outside England and Wales.

243.Subsection (1) of new section 32D explains which information this section applies to. That is, information obtained for a data matching exercise and the result of any such exercise. Subsections (2)-(4) provide the circumstances in which information may be disclosed by or on behalf of the Commission. Subsection (5) imposes restrictions on the disclosure of information if it includes patient data (as defined in subsection (6)). Subsection (7) places restrictions on the further disclosure of information disclosed under subsection (2). Subsection (8) creates an offence of disclosing information to which this section applies except as authorised by subsections (2) and (7) and sets out the penalty. Subsection (9) disapplies section 49 from information to which this section applies. Subsection (10) makes it clear that “body” will include office-holders for the purposes of section 32D.

244.Subsection (1) of new section 32E makes clear that the Audit Commission will be able to publish a report on its data matching exercises, notwithstanding the limits on disclosure under section 32D. Subsection (2) provides that a report that is published under section 32E may not include information relating to a particular body or person if (a) the body or person is the subject of any data included in the data matching exercise; and (b) the body or person can be identified from the information; and (c) the information is not otherwise in the public domain. Subsection (3) provides that the Audit Commission may publish a report in such a manner as the Audit Commission considers appropriate for bringing it to the attention of those members of the public who may be interested. Subsection (4) disapplies section 51 of the Audit Commission Act 1998 (which contains general powers for the Audit Commission to publish information). Subsection (5) preserves the existing powers of the appointed auditor to publish information under Part 2.

245.Subsection (1) of new section 32F sets out the duty on the Audit Commission to prescribe a scale (or scales) of fees in respect of the data matching exercises it conducts. Subsection (2) provides that bodies referred to in new section 32B(1) must pay the Audit Commission according to the scales in subsection (1). Subsection (3) provides for circumstances where the work involved in a data matching exercise is substantially more or less than the Audit Commission originally envisaged. The Audit Commission can charge the body a fee which can be larger or smaller than that referred to in subsection (2). Subsection (4) sets out requirements on the Audit Commission before they prescribe a scale of fees. This includes the Audit Commission consulting bodies mentioned in new section 32B(2). It also includes the Audit Commission consulting other bodies or persons as they think appropriate. Subsections (5) and (6) set out powers of the Secretary of State in relation to fee scales. Subsection (7) provides that the Audit Commission may charge a fee to other bodies providing information or receiving results for data matching (in addition to the power under subsection (2)) and the terms under which such a fee are payable. The Audit Commission will collect these fees to recover the costs of carrying out data matching exercises.

246.Subsection (1) of new section 32G provides that the Audit Commission must prepare and keep under review a code of data matching practice. Subsection (2) sets out that all those bodies and other persons involved in this process must have regard to the code of data matching practice. Subsection (3) requires the Audit Commission to consult all bodies identified in new section 32B(2), the Information Commissioner, and such other bodies as the Audit Commission thinks appropriate before preparing or altering the code of data matching. Subsection (4) places a duty on the Audit Commission: (a) to send a copy of the code (and any alterations made to it) to the Secretary of State, who must lay it before Parliament; and (b) to publish the code from time to time.

247.Subsection (1) of new section 32H provides for the Secretary of State to extend by order the purposes of data matching exercises (as set out in new section 32A(3)) beyond fraud and to modify the application of this Part accordingly. Subsection (2) defines those purposes. Subsection (3) provides for the Secretary of State to add public bodies to those listed in new section 32B(2) by order. The Secretary of State may also modify the application of Part 2A to any body so added, and may remove bodies from section 32B(2). Subsection (4) provides that any order made under section 32H can include any incidental, consequential, supplemental or transitional provision the Secretary of State may see fit. Subsection (5) defines the meaning of public body.

248.Paragraph 3 of Schedule 7 inserts new subsection (1A) into section 52 of the Audit Commission Act 1998. This provides that any orders made under section 32H must be approved by affirmative resolution of both Houses of Parliament.

249.Paragraph 4 of Schedule 7 inserts a new Part 3A into the Public Audit (Wales) Act 2004. This gives the Auditor General for Wales data matching functions corresponding to the functions given to the Audit Commission under new Part 2A of the Audit Commission Act 1998. The data matching functions of the Auditor General for Wales will apply in or with respect to Wales. The Secretary of State will have similar order-making powers to extend the purposes for which data matching may be carried out in Wales, and to add to the list of bodies which may be required to participate in data matching in Wales, subject to prior consultation with the Auditor General for Wales.

250.Paragraph 5 of Schedule 7 amends paragraph 9 of Schedule 8 to the Government of Wales Act 2006 to allow the Auditor General for Wales to retain income from data matching fees, rather than paying it into the Welsh Consolidated Fund. The income covered by the amendment is confined to fees charged to local government bodies in Wales.

251.Paragraph 6 of Schedule 7 inserts new articles into the Audit and Accountability (Northern Ireland) Order 2003. The new articles give the Comptroller and Auditor General for Northern Ireland data matching functions corresponding to the data matching functions of the Audit Commission and the Auditor General for Wales. The functions may be used, among other things, to assist the Comptroller and Auditor General for Northern Ireland and local government auditors in the exercise of their respective audit functions. The power to extend the purposes for which data matching may be carried out in Northern Ireland, and to add to the list of bodies which may be required to participate, will rest with the Department of Finance and Personnel in Northern Ireland.

252.Paragraph 7 of Schedule 7 inserts a reference to data matching in Article 6(5) of the Audit (Northern Ireland) Order 1987. This will ensure that any liability incurred by the Comptroller and Auditor General for Northern Ireland in relation to his data matching functions is charged on the Consolidated Fund of Northern Ireland.

Back to top

Options/Help

Print Options

Close

Explanatory Notes

Text created by the government department responsible for the subject matter of the Act to explain what the Act sets out to achieve and to make the Act accessible to readers who are not legally qualified. Explanatory Notes were introduced in 1999 and accompany all Public Acts except Appropriation, Consolidated Fund, Finance and Consolidation Acts.

Close

More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources