Skip to main content

National Fraud Initiative (NFI) - data matching

Waverley Borough Council is required by law to protect the public funds it administers.  We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

About data matching

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match.  This is usually personal information.  Computerised data matching allows potentially fraudulent claims and payments to be identified.  Where a match is found it may indicate that there is an inconsistency that requires further investigation.  No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The NFI currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. 

We (Waverley Borough Council) may also share information with other Councils, government agencies and associated partners, in order to prevent and detect fraud. In particular, we will share data with Surrey County Council, other Councils and partner organisations as part of the Surrey Counter Fraud Partnership (SCFP) Data Hub project. The use of data for this project is carried out under our legal obligations, outlined below.

Section 151 of Local Government Act 1972 requires every authority to make arrangements for the proper administration of their financial affairs.

The Accounts and Audit Regulations 2015 - Part 2 Internal Control:

  • 'The  financial control systems ... must include ... measures ...to enable the prevention and the detection of inaccuracies and fraud...'.

Further, the project relates to data processing that is exempt from legislative privacy provisions. 'a) Section 29 of the Data Protection Act 1998 - Crime and Taxation' states that personal data processed for any of the following purposes:

  • The prevention or detection of crime
  • The assessment or collection of any tax or duty or of any imposition of a similar nature,

are generally exempt from the first data protection principle.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Cabinet Office is subject to a Code of Practice

To view further information on the Cabinet Office's legal powers and the reasons why it matches particular information please refer to the 'Level 3 Notice' on the Cabinet Office website

More information

Find out more about the National Fraud Initiative on gov.uk

For further information on data matching at this authority contact Internal Audit Manager internal.audit@waverley.gov.uk.

Data required for the National Fraud Initiative (NFI)

We are required to provide particular sets of data to the NFI for matching. 

For information describing which datasets are matched by the Cabinet Office, please refer to the Cabinet Office's guidance on the Code of data matching practice for the National Fraud Initiative

Individual's consent not required

The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority. It does not require the consent of the individuals concerned under the General Data Protection Regulation (GDPR) as the processing is necessary in order for us to comply with the law (legal obligation basis under GDPR).

The National Fraud Initiative uses the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (LAAA). Previous exercises were conducted by the Audit Commission under Part IIA of the Audit Commission Act 1998.

Code of practice

Data matching by the Cabinet Office is subject to a Code of Practice