Privacy Notice for Fraud Prevention and Detection (a joint service with Sevenoaks District Council)
We administer a fraud prevention and detection service so as to ensure the prevention of fraud and corrupt acts within and external to our organisation and to ensure that any instances of these are investigated and dealt with effectively. As part of our Anti-fraud and Corruption Strategy, we conduct a programme of pro-active counter fraud reviews into transactions and records held across our different business areas. These reviews are designed specifically to identify unusual, erroneous or potentially fraudulent transactions.
We are required by law to protect the public funds we administer. We participate in the National Fraud Initiative administered by the Cabinet Office.
Processing activity - we use personal information across all our services to help to prevent and detect crime and fraud and to protect the public funds that we manage. It is necessary for us to collect and hold personal information about you. In general terms, we process personal information relating to:
- counter fraud reviews into transactions and records
- data matching
- whistleblowing investigations
- general correspondence between you and us on matters related to any investigations
- investigating and if applicable, prosecuting for fraudulent activity
Information requirements - our processing activities may include:
- full name
- address including postcode
- date of birth
- telephone number
- email address
- forwarding address(es)
- local authority(s) details (where you have been identified as living)
- health information
- employer details
- income details
- expenditure details
- financial details
- Power of Attorney details
- additional occupants’ details
- liability order(s)
Lawful bases1- our lawful bases for processing your personal information are:
- our legal obligation(s) under the Fraud Act 2006
- our legal obligation(s) under Part 6 of the Local Audit and Accountability Act 2014
- the Local Government Finance Act 1992 (as amended)
- our legal obligation(s) under the Social Security Administration Act 1992
- our legal obligation(s) for the administration of council tax under the Local Government Finance Act 2012
- where needed for the performance of a task carried out in the public interest (under the above legislation)
- the exercise of official authority vested in us under the Serious Crime Act 2007 (where needed to disclose information to prevent fraud)
Reasons for processing - some of the information that is collected and shared is classified as
- special category personal data;
- criminal convictions and offences (including alleged offences)
This is processed for reasons of substantial public interest under the laws that apply to us (see above) where this helps to meet our broader social obligations such as where it is necessary for us to fulfil our legal obligations and regulatory requirements. We have a Data Protection Policy that sets out how this information will be handled.
Joint Data Controller - the administration, billing and collection of council tax is undertaken by us jointly with Sevenoaks District Council under a collaborative partnership arrangement. We decide together all the purposes for using the personal information that we share and we decide together the broad ways in which that personal information will be used.On occasion, in accordance with section 6(2) of the Data Protection Act 2018, we may be prevented from sharing and/or delegating the exercise of our functions, thereby requiring us to exercise our functions as a sole data controller.
Data sharing - we may share and receive information from:
- our department(s) including Electoral Registration
- local authorities
- other local authorities
- Department for Work and Pensions
- Kent Intelligence Network
- Government agencies
- Cabinet Office (as part of the National Fraud Initiative)
- National Audit Office
- National Anti-Fraud Network (Tameside MBC)
- credit reference agencies
- health and social care organisations
We may also rely on a number of exemptions, which allow us to share information without needing to comply with all the rights and obligations under the Data Protection Act 2018. Please refer to the Kent and Medway Information Agreement for further details on our sharing arrangements.
Retention period - we keep your personal information for the minimum period necessary. The information outlined in this Privacy Notice will be kept as follows, unless exceptional circumstances require longer retention
- a pending court case:
- prosecution files - 7 years from date of closure;
- sanction files (formal cautions/penalties) - 5 years from date of closure;
- non fraud cases - 6 months from date of closure
All information will be held securely and disposed of confidentially.
Anonymisation - your personal information may be converted ('anonymised') into statistical or aggregated data in such a way that ensures that you cannot be identified from it. Aggregated data cannot, by definition, be linked back to you as an individual and may be used to conduct research and analysis, including the preparation of statistics for use in our reports.
Right to object - where processing your personal information is required for the performance of a public interest task (see our lawful bases above), you have the right to object on ‘grounds relating to your particular situation’. We will have to demonstrate why it is appropriate for us to continue to use your personal data.
Changes to this Privacy Notice - we review this Privacy Notice regularly and will place updates on our website.
Please refer to our Corporate Privacy Notice for further details of how we process your personal information and for details on your additional rights.
1 Note that we may process your personal information on more than one lawful basis depending on the specific purpose for which we are using your information
GDPR Fraud Prevention and Detection (Joint Service with SDC) Privacy Notice