NPH participates in the Cabinet Office’s National Fraud Initiative (NFI), a data matching exercise to assist in the prevention and detection of fraud, as we are required by law to protect the public funds it administers. We are required to provide sets of data to the Minister for the Cabinet Office for data matching.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. We may therefore share information with other bodies responsible for auditing and administering public funds. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Cabinet Offices requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise, and these are set out in the
Cabinet Office Guidance.
For further information on the Cabinet Office’s legal powers and the reasons why it matches particular information, see the
National Fraud Initiative privacy notice.
The data controller for your matched personal data is the Cabinet Office. The contact details for the data controller are:
Head of the NFI
1 Horse Guards Road
London
SW1A 2HQEmail:
nfiqueries@cabinetoffice.gov.uk
Most of the personal information NPH processes is provided to us directly by you or your representative including:
• as part of an application for a service, discount or benefit.
• supplier or contract for a service or product.
• employee payroll.
• social housing applications (current tenants and individuals on a housing waiting list).
• Right to Buy applications (completed and in progress).
The data specifications setting out exactly what data we process in the above areas can be found on the National Fraud Initiative:
public sector data specifications page.
The NFI is conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (the Act). It does not require the consent of the individuals concerned under current data protection legislation. There are certain public sector bodies that are required to provide data for the NFI on a mandatory basis, including local authorities, such as West Northamptonshire Council. In addition, other bodies or organisations, such as Housing Associations, can provide data to the Cabinet Office for matching on a voluntary basis under schedule 9, 3 of the Act.
Data matching by the Cabinet Office is subject to a Code Of Data Matching.
We use the information that you have given us in order to enable NPH to fulfil its financial responsibility and regulatory requirements in preventing and detecting fraud or error.
The information will only be used for these purposes. Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law.
Information may be shared in the following circumstances:
• Shared internally with other NPH services in order to identify fraud or error, ensure our records are accurate and up-to-date, and to improve the standard of the services we deliver.
• Shared with other local authorities including West Northamptonshire Council, and/or government departments including law enforcement in order to identify fraud or error, to ensure our records are accurate and up-to-date, and to improve the standard of the services we deliver.
Information sharing is undertaken in accordance with UK GDPR and the Data Protection Act 2018.
We keep your personal information for as long as regulatory bodies require us to and in line with NPH’s Retention and Destruction Policy.
Where a possible fraud has been highlighted but no fraud identified, information will be securely destroyed and not retained for these purposes. All data matched records are retained until the end of the initiative program of two years. If a match leads to a fraud, the investigation records are held for two years from the conclusion date, unless convicted by a criminal court, where the record is held for five years from date of conviction.