Data matching involves comparing sets of personal data, such as the payroll or benefits records of a body, against other personal data held by the same or another public body to see how far they match. Bodies covered by these mandatory data matching arrangements (in Part 2A of the Audit Commission Act 1998) are local authorities, police authorities, probation authorities, fire and rescue authorities, pension authorities, NHS Trusts and strategic health authorities, primary care trusts, passenger transport authorities, national park authorities, and waste authorities.
Schedule 7 of the Serious Crime Act 2007 extended the range of organisations that could chose to be involved in data matching to any government department, housing association or private organisation. Additionally, that Act extended data matching from benefit fraud to include any of the Commission’s audit functions (e.g. efficiency of service delivery) and to debt recovery.
You can see now that these powers can cover most UK organisations and extend well beyond the purpose of benefit fraud - the purpose that gets all the publicity. No wonder the Coalition Government’s favoured partner in anti-benefit fraud, the Credit Reference Agencies, are licking their lips – especially if the purpose of data matching can also include debt recovery!
Who replaces the Audit Commission is important for another reason. The Commission is subject to a statutory data protection code of practice - which is not perfect, but will be abolished with the Commission. The Department for Work and Pensions (DWP) has its own Data Matching Service, but that is limited to benefit fraud so it is unlikely that the DWP will want to get involved in data matching that does not relate to benefits.
The National Audit Office (NAO) could do the job but it does no data matching currently. So to merely transfer the Audit Commission’s data matching functions to the NAO will not save a penny and undermines the justification for the Commission’s abolition.
In other words, the absence of a credible replacement data controller is a concern and such powers should not be transferred for use by another organisation (e.g. a Credit Reference Agency) without proper debate or scrutiny.
Even with benefit fraud, all is not what it appears. David Cameron has been widely reported of stating that there is £5.2 billion of fraud, error and overpayment in the system (fraud being £1.2 billion). Not reported is the fact that these vast sums are inflated by a multiplier which is best explained by the Government’s own official research:
“These savings (from fraud) represent notional rather than actual amounts of money saved since the weekly benefit of someone who is caught committing fraud is multiplied by 32. The multiplier reflects the time that the Benefits Agency assumes that someone would have carried on defrauding them if they had not been caught” (see references)
Even the Audit Commission scales up its fraud-recovery effectiveness. The latest Annual Report of its anti-fraud activities states that the identified "£24 million" of detected benefit fraud is a number that has been “multiplied by 13”. Its pension fraud figure of £28 million saved from Local Authority Pension Schemes uses a multiplier arrived at by a “Cabinet Office formula”. This formula scales up the actual detected fraud by “the number of years the pensioner would have reached 90” (which is surprising given life expectancy in the UK is currently about 80 years).
The use of multipliers could very well be legitimate – I don’t know. But to quote figures in press releases and public statements without any indication that a multiplier has been used (or its value) is in my view, wholly misleading. For instance, it simply beggars belief that the Cabinet Office multiplier is reliable in connection with the true rate of pension fraud.
Also, the National Audit Office in 2008 estimated that benefit fraud represents 0.6% of the cost of the total benefit system (£0.8 billion) and this figure was falling year on year because of anti-fraud data matching activities. By contrast, more than twice the amount lost (about £1.9 billion) related to inaccurate personal data. This 2:5 ratio is also in the Prime Minister's numbers (see above) and suggests that resolving the data inaccuracies in the system is more than twice as important than those headline-catching benefit fraud initiatives.
No one is saying that data matching should not occur to counter fraud in the benefit system. However, there needs to be prior justification for the use wide ranging invasive powers, especially if they are to involve Credit Reference Agencies. There needs to be thorough examination and analysis with the measurement of outcomes to ensure the powers are needed and work effectively. There also needs appropriate checks and balances to ensure that when things go wrong, there is proper redress.
Additionally benefit fraud savings, when announced, have to be credible – I fear the numbers being bandied about at the moment are inflated for political purposes.
Finally, the data matching powers granted to the Audit Commission were enacted by the last Government who raised two fingers to anybody who expressed issues like those mentioned in the paragraphs above. It would be disappointing if the Coalition Government were to traverse the same path.
References: Page 21 of the DWP Benefit Fraud Research: http://research.dwp.gov.uk/asd/asd5/rrep064_first-half.pdf (This is old research but it is the only reference to the current estimated multiplier I could find).
Audit Commission National Fraud Initiative Annual Report: http://www.audit-commission.gov.uk/nfi/reports/pages/default.aspx (this reports the multipliers it uses in an Appendix).
The National Audit Office report on Benefit Fraud: http://www.nao.org.uk/publications/0708/progress_in_tackling_benefit_f.aspx (shows that data inaccuracy outweighs fraud)
Marketing: We have a set of Data Protection courses (Edinburgh commencing in next week and in Manchester late September). Our next FOI course is in London (commencing 20th September) and in Leeds (commencing 19th October). Update sessions (at £95+VAT is a snip). We also have onsite courses on RIPA and CCTV. Details on www.amberhawk.com.