In a message dated 29/05/2002 11:48:26 GMT Daylight Time,
[log in to unmask] writes:

<< A legal colleague has recently stated that an exercise by an adjacent local
 authority only identified fraud in 1% of cases despite a significant outlay
 in staff time and resources! >>
-------
And I know of a county council where 1170 so-called "matches" had to be
investigated, requiring six extra staff over a nine month period. Only ONE
potential fraud was uncovered but even then the cheque had not been cashed.

The NFI has not enjoyed a continuation of its early successes in London where
(because town halls are so close to each other and because they were so lax
in checking claimants and staff) huge savings were made.

If a public body is subject to official audit by the Audit Commission then
they can be subject to the Audit Commission Act 1998. They will indicate on
the demand which law requires the disclosure. They will put an asterisk at
the side of the essential data fields - these are needed to effectively data
match. All the other fields listed are voluntary and the data controller
will have to satisfy itself of the legal power to disclose (you probably need
consent).

The process includes "soundex" matching where similar syllables are
identified so Kennedy could be matched with Kenneth, Bendy and Cannock.
Yuill could be matched with Buell, Kewell and Ulle.

Although the disclosure of the asterisked items is required by law, you are
still required to inform all data subjects of the fact their data will be
used in these anti-fraud exercises. Staff are usually informed by way of
payslip enclosures and new starter forms, other data subjects get to know in
letters and on application forms.

You should ensure: that you are registered for crime detection and
prevention, that the data are accurate and up to date before disclosing, that
data subjects have been informed and given a reasonable time to raise
legitimate concerns, that trade unions and other representative bodies as
appropriate have been consulted and that the data are encrypted if sending
them by post or by electronic transfer. If you are merely "invited" to take
part you will probably need every person's consent.

When the "matches" list comes back is when the fun really starts.

Good luck.


Ian Buckland
Managing Director
Keep IT Legal Ltd

Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:

55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^