BrochuresCartoon

Amberhawk
COURSES (BCS/ISEB)
follow link for detail

Data Protection/GDPR Training

London: Foundation
Oct 13-15 (3 days)

London: Practitioner
Starts Sept 22 (6 days)

Edinburgh: Practitioner
Starts Nov 23 (5 days)

Training/Update/Events
Conference: April 12 2021
PIA: tbc
DP Audit: tbc

Amberhawk

« Guilt by innuendo: recent press reporting of Google’s StreetView affair demonstrates need for enhanced protection for individuals | Main | Surveillance Commissioner warns about significant RIPA failings, unregulated private sector surveillance, and surveillance using the Internet. »

18/07/2012

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Hello

When you get close up to the figures they are even more misleading.

In respect of the council tax - electoral register comparison the Audit Commission counts large numbers of cases where after investigations there was still entitlement as 'error'.

To give an example, in 2010 the NFI sent to Arun Council a list of 1058 people it wanted them to investigate in search of actual inconsistencies that might indicate fraud. At least another 1058 people were linked by name with these cases, the names being taken from the electoral register complied part way through the tax year. The aim appears to be to discover cases where the new voter does not fall to be disregarded and where the taxpayer has dishonestly failed to notify the council tax department that the single person discount no longer applies. If the person is disregarded there is no obligation to inform the council and the discount still applies.

Of these cases, Arun found that over 700 were still entitled.

However, because the NFI argues, in the face of legal advice from Bob Neill, Undersecretary of State that in these 700 cases there was some 'error', they get counted in the figures.

The argument for there being an 'error' appears to go as follows: you can use the electoral register in any way so long as in some sense this 'prevents fraud'. By compiling statistically based hit lists for investigation you are preventing fraud. The fact that the council had not carried out investigations the minute these electors appeared on the register shows that they have failed to apply a fraud prevention measure which we thing the courts would find to be legal (because we asked a barrister about it) and on that basis we may report the councils as not taking proper care of public money and being 'at risk' of fraud.

One cannot assume that NFI figure for fraud and error refer to cases of under or over payment, though my view is that they would be only too delighted if they were taken this way because they do not feel obliged to provide objective information in an impartial way.

Of course, one can assess the measures used by a council to prevent fraud, including, if this were found legal by a court, the use of the electoral register, without providing hit lists of people who might, statistically, turn out to be thieves and insisting that these are investigated. It is not, therefore, necessary to issue hit lists to achieve this purpose. I think this affects the legality of the hit lists theoretically.


Proposals to alter the present English Code of Data Matching Practice are already on the table, having been drafted in response to a complaint about the data matching reports provided after the full electoral register is compared with lists of residents held by the council tax departments of local councils.

The history of this is in itself a story of misunderstanding and of the taking of provisions out of their contexts.

The present code states both that where a match is found it indicates that there is an inconsistency requiring investigation and that where a match is found it indicates that there may be an inconsistency requiring investigation.

The Audit Commission's independent complaints reviewer decided that this meant that the code was 'ambiguous'. I do not agree: the code states at one point that 'coincidental' matches should be eliminated, which appears to relate to the case discussed by Parliament where for example two people with similar names are confused within the computing processes so that a 'false' or 'coincidental' match is produced.

However, the Audit Commission simply accepted what its Independent Complaints Reviewer said, and brought forward proposals to resolve the alleged ambiguity by removing the provision that data matching indicated that a match should not occur. It claims that the criterion by which the processing becomes judged legal is not based on the nature of the processing or reasoning underpinning the uses of data but on the outcomes. If what it calls 'the exercise as a whole' including the investigations into the case highlighted do detect some fraud then that exercise is legal because it meets the purposive statements in the law.

This proposal was put foward in a somewhat tentative way, without explicitly admitting that there was any problem with the code. However, the Commission did modify its third layer fair processing notice to comply with its new view on what made the obtaining and processing of data legal. It also asked participants to modify their own. Some refused on the basis that the code was 'statutory' and that model FPN's appeared in the Code and that they could not lawfully change the wording and content of these. Underpinning this appeared to be a view that data matching was in fact only legal when used to identify anomalies and discrepancies. The same logic underpins insistence that if the NFI obtains and matches data then 'by definition' the people on NFI hit lists must be investigated as there was an inconsistency in their case

The Audit Commission now talks of 'potential inconsistencies', and it is quite open about using data matching to prevent fraud before it happens, as when it requires families with seventeen year old children at the time data is uploaded to be 'investigated' on the basis that some families receiving discounts fail to tell the CT department when a child who is not disregarded turns 18.

Once again the Act contains no definition of data matching, though it purports to do so. Only the explanatory notes, which have no legal force, hint that the idea is that 'matches should not occur'.

The Audit Commission has poo pooed any idea that there is a requirement that all matches should indicate that something improper has occurred. It now speaks of 'potential' and 'actual inconsistencies' and argues, along the lines of what I have said, that it is legal to produce hit list of 'potential inconsistencies' because some of the people will turn out to be fraud.

To give one numerical example.

In 2010 the NFI sent out three quarters of a million 'hits' relating to council tax discounts.

The comments to this entry are closed.

All materials on this website are the copyright of Amberhawk Training Limited, except where otherwise stated. If you want to use the information on the blog, all we ask is that you do so in an attributable manner.