Protecting the public purse

Fair processing notice – Full text

Please note: The Commission has made a very minor amendment to one sentence of the full text as it is produced on this page, but not as it appears in the Code. The amendment is to the second paragraph (below) and is shown below in tracked changes.

“Where a match is found it may indicate that there is an inconsistency that requires further investigation.”

This amendment was made to more fully align the full text with the relevant text in the Code, which states at paragraph 2.2.2. that “where a match is found, it indicates that there may be an inconsistency that requires further investigation”.


Level 3: Full text

The Audit Commission conducts data matching exercises to assist in the prevention and detection of fraud. This is one of the ways in which the Audit Commission meets its responsibility of promoting economy, efficiency and effectiveness in the use of public money.

Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The processing of data by the Commission in a data matching exercise is carried out with statutory authority under its powers in Part IIA of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

All bodies participating in the Audit Commission’s data matching exercises receive a report of matches that they should investigate, so as to detect instances of fraud, over- or under-payments and other errors, to take remedial action and update their records accordingly.


Legal basis

From 2008 the Commission will conduct data matching exercises under its statutory power in Part 2A of the Audit Commission Act 1998. Previous exercises were conducted as part of the statutory audit prescribed by the Audit Commission Act 1998.

Under the powers:

  1. The Commission may carry out data matching exercises for the purpose of assisting in the prevention and detection of fraud, as part of an audit or otherwise;
  2. The Commission may require certain bodies to provide data for data matching exercises. Currently these are all the bodies to which it appoints auditors or which it inspects, other than registered social landlords;
  3. Other bodies and persons may participate in its data matching exercises on a voluntary basis where the Commission considers it appropriate. Where they do so, the statute states that there is no breach of confidentiality and generally removes any other restrictions in providing the data to the Commission;
  4. The requirements of the Data Protection Act 1998 continue to apply;
  5. The Commission may disclose the results of data matching exercises where this assists in the prevention and detection of fraud, including disclosure to bodies that have provided the data and to auditors that it appoints;
  6. The Commission may disclose both data provided for data matching and the results of data matching to the Auditor General for Wales, the Comptroller and Auditor General for Northern Ireland, the Auditor General for Scotland, the Accounts Commission for Scotland and Audit Scotland, for the purposes of preventing and detecting fraud;
  7. Wrongful disclosure of data obtained for the purposes of data matching by any person is a criminal offence;
  8. The Commission may charge a fee to any body participating in a data matching exercise and must set a scale of fees for bodies required to participate;
  9. The Commission must prepare and publish a Code of Practice. All bodies conducting or participating in its data matching exercises, including the Commission itself, must have regard to the Code; and
  10. The Commission may report publicly on its data matching activities.

Bodies required to provide or which volunteer data for matching

Currently, the Commission requires the following bodies to provide data:

  • District and county councils
  • London and metropolitan boroughs
  • Unitary authorities
  • Police authorities, crime commissioners and police chief constables
  • Fire and rescue authorities
  • Pension authorities
  • NHS Trusts and strategic health authorities
  • Primary care trusts
  • Passenger transport authorities
  • Passenger transport executives
  • Waste authorities
  • Greater London Authority and its functional bodies

In addition, the following bodies provide data to the Commission for matching on a voluntary basis:

  • Private sector pension schemes (various)
  • Home Office
  • Metropolitan Police – Operation Amberhill
  • Special health authorities
  • Foundation trusts
  • Housing Associations
  • Probation authorities
  • Central government pensions schemes
  • Central government departments
  • Other private organisations/companies

The data that is matched and the reasons for matching it

For information describing which datasets are matched by the Commission please refer to the Commission’s guidance available on this website. The document available below summarises the various match types for each particular type of participating organisation.

Code of data matching practice

Data matching by the Audit Commission is subject to a code of practice.

Further information

More details on the Audit Commission’s data matching exercises, including national reports, other publications and guidance, may be found using the links in the navigation pane on the left.

Alternatively please contact the Head of NFI, Audit Commission, 1st Floor, Fry Building, 2 Marsham Street, London, SW1P 4DF; tel 0303 444 8322 (local call rate); email


NFI match types per participating body