The Audit Commission appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Audit Commission currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Audit Commission for matching for each exercise, and these are set out in the Audit Commission's guidance, which can be found at www.audit-commission.gov.uk/nfi.
The use of data by the Audit Commission in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
The data that is supplied as part of the NFI process is uploaded via the NFI website. The website that is utilised for both the data submissions and the release of the results uses an encrypted connection between the user's browser and our servers. This is shown by the "https" part of the address and the browser will show a locked padlock when on the site. The encryption used is standard 128-bit SSL (Secure Sockets Layer). This is the standard encryption available on the internet and is used for all secure sites including banking and online shopping. It gives the highest level of protection possible whenever using credit cards or undertake other financial or confidential transactions over the Internet.
This technology architecture has been used at Synectics for data submissions from major national companies for years and it has recently been given a clean bill of health by the Information Commissioners Office (the national body responsible for the upkeep of Data Protection principles). Their review, the results of which are to be released shortly, not only covered the technical aspects but also the controls relating to areas such as physical/ logical access, backup arrangements and staff vetting. They are satisfied with the levels of security by concluding that the controls in place are proportionate to the sensitivity of the data being handled and stored.
Data matching by the Audit Commission is subject to a Code of Practice. This may be found at http://www.audit-commission.gov.uk/audit-regime/codes-of-audit-practice/
For further information on the Audit Commission's legal powers and the reasons why it matches particular information, see http://www.audit-commission.gov.uk/national-fraud-initiative/nfi-instructions/fair-processing/
For further information on data matching at this authority contact Neil Shovell, Audit Manager on 01865 323876 or at firstname.lastname@example.org.