Data Usage Agreement: National Fraud Initiative HMRC and local authority counter-fraud pilot
Published 19 October 2023
This Data Usage Agreement for the National Fraud Initiative (NFI), HMRC and local authority counter-fraud pilot was agreed and put in place in 2018.
1. Conditions of disclosure of information by HMRC and Cabinet Office for the National Fraud Initiative (NFI) Digital Economy Act (DEA) pilot
The NFI is conducted using the data matching powers bestowed on the Minister for the Cabinet Office by part 6 of the Local Audit and Accountability Act (LAAA) 2014. data will be provided to HMRC using these powers. Section 56 of the DEA - disclosure of information to combat fraud against the public sector, and schedule 8 of the DEA allows disclosure from HMRC to the Minister for the Cabinet Office (where the NFI legally resides). All parties involved in the proof of concept are listed in schedule 8.
The NFI is the Cabinet Office’s UK-wide data matching exercise in respect of fraud, overpayments and errors.
NFI is seeking to improve its effectiveness by:
-
better targeting existing and new fraud risks
-
increasing both the volume and frequency of data that is used in, or accessed through, the NFI
-
embracing new technologies and techniques to improve existing and develop new products
NFI has identified that adding HMRC data would better protect the public services from fraud and error by identifying more fraud risks.
1.1 Pilot proposal
The pilot aims to improve the effectiveness of the NFI by appending HMRC data, focused on household composition, household earnings and indicators or property ownership, to a subset of the NFI records from English local authorities (11 datasets) and returning to the Cabinet Office NFI.
1.2 Purpose
The Cabinet Office NFI will share records containing personal data which will be matched against HMRC records (prescribed rule set) and additional HMRC information appended and fed back to the Cabinet Office NFI. The HMRC matching will seek to identify persons at the address provided and relevant income and indicators of property ownership related information.
1.3 Data specification
The Cabinet Office provides 35 million records as per Annex A.
HMRC returns the data-matched records as per Annex B.
1.4 Data security
- move, process and destroy data securely, ie in line with the principles set out in HM Government security policy framework, issued by the Cabinet Office, when handling, transferring, storing, accessing or destroying information.
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
-
only keep it for the time it is needed, and then destroy it securely once the business need is exhausted. (The Cabinet Office will then destroy the HMRC data in compliance with the NFI code of data matching practice data deletion schedule
-
comply with the requirements in the security policy framework, and in particular section 2.10, to be prepared for and respond to security incidents and to report any data losses, wrongful disclosures or breaches of security relating to information.
-
apply the appropriate baseline set of personnel, physical and information security controls that offer an appropriate level of protection against a typical threat profile as set out in Government Security Classifications, and in particular as set out in the annex – security controls framework to the GSC.
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
HMRC is acting as data processor and both HMRC/Cabinet Office will act as joint data controller.
1.5 Data disclosure
HMRC data will be combined with and enrich the data matching results of the National Fraud Initiative to create a combined fraud risks assessment and therefore it is necessary for HMRC to pass back the 35 million records and not just a subset of those where fraud may be indicated just from the HMRC data in isolation.
Only confirmed matches will be returned by HMRC, data mismatches will not be returned.
HMRC data will then be onwardly disclosed to the respective local authority who provided the source data to the NFI that are relevant and proportionate to the counter fraud investigation via the accredited and access controlled NFI web application (under the LAAA 2014). This will happen only in circumstances where the application of fraud risk analytics identifies there is a fraud issue for investigation.
An initial match release will be issued a small subset of local authorities (approximately 10) in a consultation period whilst the NFI confirm there is counter fraud value in the HMRC data and the salient information is proportionately disclosed and relevant to a counter fraud investigation. After this consultation period and review, the finalised HMRC data fields will be disclosed to all other English local authorities for investigation.
Those records where no fraud risk is identified will not be disclosed to the local authority and destroyed in the accordance with the Code of Data Matching Practice as approved by Parliament.
1.6 Freedom of Information
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
1.7 Costs
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
1.8 Disputes
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
1.9 Signed by
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
2. Annex A
2.1 NFI data specification
NFI data specification | Field structure | Source | Field comments |
---|---|---|---|
dataset type | XX | NFI | housing tenancy (HR), Council Tax Reduction Scheme, Council Tax (CT), Housing Benefits (HC), Right to Buy (RB), residential care homes (RH), Personal Budgets (PB), payroll (PY) |
unique reference | numerical | NFI | unique identifier - needs to match each housing benefits application, or housing tenancy claim, etc. |
individual reference | numerical | NFI | a unique number per individual linked to the unique reference, for example, 1 = applicant/recipient, 2 = joint applicant/named tenant, 3 = second named tenant, etc |
forename(s) | character | NFI | |
surname | character | NFI | |
date of birth | date (dd/mm/yyyy) | NFI | |
National Insurance number | AA123456 | NFI | the National Insurance number suffix is removed |
address line 1 | character | NFI | |
address line 2 | character | NFI | |
address line 3 | character | NFI | |
address line 4 | character | NFI | |
postcode | postcode | NFI |
3. Annex B
3.1 HMRC data specification
HMRC household composition | HMRC coding field references | Source | Field format | Comments |
---|---|---|---|---|
NFI dataset type | NFI | |||
NFI unique identifier | NFI | |||
HMRC address status | HMRC RIS | latest address, previous address 1, previous address 2 | ||
individual matched to NFI source data address? | HMRC RIS | y/n | a flag to indicate if the individual was declared or undeclared in the NFI source data | |
latest base address | latest base address | HMRC RIS | ||
latest base address postcode | latest base address postcode | HMRC RIS | ||
house of multiple occupancy flag | HMRC RIS | y/n | to indicate if address is known house of multiple occupancy |