You might like to use some of them in contacting your MP or Eric Pickles direct, especially if you have been subjected to a fraud investigation simply because in all good faith you put your oldest child on the electoral register.
Question. Do you have any comments on the new owners of the NFI?
Tthe term 'owner(s)' and 'operational ownership' are alarming. This exercise must not be delegated to somebody who is not fully accountable and transparent, or who is not subject to F of I and other public law procedures.
The responsibility and ownership must remain with the Secretary of State, who must be fully and directly responsible for it and be prepared to take the
hits should anything go wrong.
And perhaps, once the Audit Commission has gone, some councils, who have never liked the NFI, may be more willing than previously to take up the word 'reasonably' from the law and challenge demands for information they do not have and which in some cases they more or less fabricate to appear to comply.
My own council simply invents the data it submits for the SPD processing ie it 'assumes it to exist', which amounts to the same thing, claiming Regulation 14 gives it the discretion to do what it likes and says if I don't like it I shall have to take it to court.
And perhaps, once the Audit Commission has gone, some councils, who have never liked the NFI, may be more willing than previously to take up the word 'reasonably' from the law and challenge demands for information they do not have and which in some cases they more or less fabricate to appear to comply.
My own council simply invents the data it submits for the SPD processing ie it 'assumes it to exist', which amounts to the same thing, claiming Regulation 14 gives it the discretion to do what it likes and says if I don't like it I shall have to take it to court.
Whoever the new
managers are, they must be prepared to invest time and legal research to ensure
they accurately and fully understand all the legal frameworks within which the
personal data and meta data submitted for computerised and verbal analysis are created and shared.
Without such expertise, the chances are that false and prejudicial information may be created and shared, in circumstances of general secrecy and lack of accountability.
Without such expertise, the chances are that false and prejudicial information may be created and shared, in circumstances of general secrecy and lack of accountability.
Specific
concerns arise about the National Fraud Authority in this respect.
The reasons for this are as follows.
The law concerning the use of the full electoral register to ascertain entitlement to a council tax discount is, on the account of some Audit Commission employees, still a legally live issue. They have refused F of I requests on these grounds, so this must be the case.
What is clear from both the statutory provisions, and from the case law on sole or main residence as defined in the Local Government Finance Act, is that one may not use the electoral register - whether 'up to date' or not - to determine where the sole or main residence of an adult is. Therefore, one cannot use it to determine whether entitlement arises under either section of Section 11(1) of the Local Government Finance Act.
Clearly, disregarded adults are entitled to vote and have a right to be on the electoral register even if a 25% discount has been deducted from the tax bill issued to the liable adult.
Even the NFI has never claimed that one can use the register to determine entitlement. It stated in writing on 13/11/2009 'The Commission agrees that the electoral register cannot determine entitlement, and has never argued that it could.'
Yet the National Fraud Authority has published (on its web site) a leaflet by CIPFA by a committee with NFA representation falsely alleging that 'experience shows that' the electoral register 'if up to date' is a reliable guide to a council tax discount, and adds to this an assertion that library membership records can achieve the same purpose.
It is absurd to claim that local library membership records, if up to date, can determine where the sole or main residence of a person is and whether or not they fall to be disregarded.
The NFA claims that CIPFA provided this information. I have spoken to Greg Marks of CIPFA, whose name is on the leaflet and he knows that what the leaflet says is wrong. He knows for example, that disregarded students may register to vote twice, once at their parental home and once at their main, university town residence, and that this legal electoral registration does not effect entitlement to a Section 11 discount.
The law concerning the use of the full electoral register to ascertain entitlement to a council tax discount is, on the account of some Audit Commission employees, still a legally live issue. They have refused F of I requests on these grounds, so this must be the case.
What is clear from both the statutory provisions, and from the case law on sole or main residence as defined in the Local Government Finance Act, is that one may not use the electoral register - whether 'up to date' or not - to determine where the sole or main residence of an adult is. Therefore, one cannot use it to determine whether entitlement arises under either section of Section 11(1) of the Local Government Finance Act.
Clearly, disregarded adults are entitled to vote and have a right to be on the electoral register even if a 25% discount has been deducted from the tax bill issued to the liable adult.
Even the NFI has never claimed that one can use the register to determine entitlement. It stated in writing on 13/11/2009 'The Commission agrees that the electoral register cannot determine entitlement, and has never argued that it could.'
Yet the National Fraud Authority has published (on its web site) a leaflet by CIPFA by a committee with NFA representation falsely alleging that 'experience shows that' the electoral register 'if up to date' is a reliable guide to a council tax discount, and adds to this an assertion that library membership records can achieve the same purpose.
It is absurd to claim that local library membership records, if up to date, can determine where the sole or main residence of a person is and whether or not they fall to be disregarded.
The NFA claims that CIPFA provided this information. I have spoken to Greg Marks of CIPFA, whose name is on the leaflet and he knows that what the leaflet says is wrong. He knows for example, that disregarded students may register to vote twice, once at their parental home and once at their main, university town residence, and that this legal electoral registration does not effect entitlement to a Section 11 discount.
A body which
publishes and disseminates legally inaccurate material of this sort has
demonstrated that it is not an appropriate body to be entrusted with analysis
of and reporting on personal information.
One can go further.
SPD law is quite clear that every year, the council must take reasonable steps to ascertain whether a discount should apply and having done this and found reason to think one does it must in law issue the demand notice on the basis of a compulsory assumption that the same amount and rate will apply on every day of the coming tax year and it must inform the taxpayer of this assumption (which is in the public domain in any case).
The NFA is actively promoting the administrative practices of some councils who routinely act in breach of SPD Regulations and have practices which fly in the face of public law generally, which requires councils to provide fair and accurate guidance to taxpayers.
One such council lists disregard categories as different 'discounts' and informs people they can be fined for not telling the council if the basis of entitlement changes from one disregard category to another or if it changes from being the sole adult (who is not disregarded) to being the only one of several adults (but all but one are disregarded).
This is a legal nonsense as Schedule 2 of the Act, Section 11 and the Schedule to the Act make clear.
SPD law is quite clear that every year, the council must take reasonable steps to ascertain whether a discount should apply and having done this and found reason to think one does it must in law issue the demand notice on the basis of a compulsory assumption that the same amount and rate will apply on every day of the coming tax year and it must inform the taxpayer of this assumption (which is in the public domain in any case).
The NFA is actively promoting the administrative practices of some councils who routinely act in breach of SPD Regulations and have practices which fly in the face of public law generally, which requires councils to provide fair and accurate guidance to taxpayers.
One such council lists disregard categories as different 'discounts' and informs people they can be fined for not telling the council if the basis of entitlement changes from one disregard category to another or if it changes from being the sole adult (who is not disregarded) to being the only one of several adults (but all but one are disregarded).
This is a legal nonsense as Schedule 2 of the Act, Section 11 and the Schedule to the Act make clear.
The point has
been emphasised by Bob Neill in a letter to the NFI, but though the NFI was represented on the
panel which drew up this badly informed leaflet, no action to
remedy the glaring errors has been taken. The attitude of the AC is usually that when its employees have been on panels and committees which publish false information it denies all responsibility even when there is no evidence that its employees have taken any steps to disassociate themselves from the misleading information and permit their names to remain on published documents.
I refer to a letter from Mr Neill to Eric Ollerenshaw MP, reference /BN/02/1632/10.
Unless radical improvements are made in the expertise
and performance of this body, I for one feel it is not to be trusted with
personal information relating to hundreds of thousands of individuals. I refer to a letter from Mr Neill to Eric Ollerenshaw MP, reference /BN/02/1632/10.
3
The changing doctrines of the Audit Commission data analytics team
The explanatory notes to the draft Bill appear to be largely copied
verbatim from the notes for the amendments to the Audit Commission Act
introduced via the Serious Crime Act.
They are misleading and on that basis have caused a great deal of
confusion and possibly some injustice.
The notes refer to 'potential fraud cases' being referred back for
investigation and state that 'matches should not occur'.
Faced with complaints from data subjects, the
NFI has back pedaled on many of its former assertions about the computing
processes it applies to the data it demands. It now hotly denies that cases
identified as what it calls 'hits' are potential fraud cases. Indeed, if you look at its web site, you will
see that it has altered its third layer fair processing notification so that it
no longer complies with the model in the (non compulsory) code of data matching
practice. Whereas it used to say 'where
a match is found it indicates that there is an inconsistency requiring
investigation' it now says 'where a match is found it indicates that there 'may
be an inconsistent'.
This is in line
with a new doctrine developed after the passing of the Serious Crime Act which
asserts that because the Act permits any data matching whose purpose is to
assist in the prevention and detection of fraud, any sort of computer
processing which assists in those purposes is legal under the Act and may be
carried out even if the algorithms are not designed to identify actual
inconsistencies and discrepancies.
The explanatory notes appear to
reflect the information which was put to Parliament at the time the Serious
Crime Act was passed. Parliament was
repeatedly told that 'data matching' used by the NFI was of a sort that
highlighted inconsistencies when in law the situations apparently existing
would be unlawful and that this was enough to give rise to a suspicion of
fraud. In response to members' concerns
that innocent people could be identified as 'matches' when it was simply that
the data was wrong eg two identical NI numbers, mistaken addresses, or two
people with the same or similar names being confused, provision was made for a
code of data matching practice to be laid before Parliament. That Code contains a statement that where a
match is found it indicates that there may be an inconsistency, and that
provision has been used by the NFI to argue that there is no requirement at all
that matches must indicate that 'something which should not occur has occurred . I refer you to a letter from NFI junior
solicitor Nagina Akram dated 13/11/2009:
"You have stated that in a data
matching exercise, ‘each match should indicate that something that should not
occur has occurred’. You have also stated that every individual match must
demonstrate fraud for the match to be a lawful use of personal data (NB I did
not state this: I stated that each match should provide some reason to suspect
fraud, a position which was explicitly put to Parliament in support of the
original legislation and which the present code entirely upholds as it states
that participants should investigate using usual procedures for the
investigation of fraud and error and that no assumption should be made about
whether the match arises from fraud or error unless there has been an
investigation). We disagree with both these propositions, for the following
reasons ..... Instead an individual match indicates that
there is a potential inconsistency that may require investigation by
participating bodies.'
The NFI has also said, same reference:
“There is no requirement for each
individual match identified during a matching exercise to indicate potential
fraud. Instead, the overall matching exercise should, and does, assist in the
prevention and detection of fraud.”
I emphasize that this is the view of a
junior solicitor at the NFI: to the best
of my knowledge this line has not been run past any counsel at any time,
and it may even have been repudiated by others within the NFI: they are running
down now and it is not always easy to get any sense out of them, if ever it
was. But there is clearly a
contradiction between the view of the government as evidence by the explanatory
notes to the draft Bill and the practices of the NFI as evidenced by its
response here.
Nobody at the Audit Commission has
chosen to explain why a 'potential inconsistency' should be, in the words of
the code, investigated by participants using their usual processes for the
investigation of fraud and error. For a
'potential inconsistency' provides no evidence of fraud or error.
To give one clear example, one set of
'hits' produced for participant investigation is a list of people in receipt of
a 25% discount on the assumption that the same rate will apply on every day of
the coming year and where the electoral register includes a 17 year old. I hope I do not need to point out that a 17
year old voter cannot possibly affect entitlement to a 25% discount, as only
adults count as residents (and not all eligible voters are 'residents' as per
Section 6 of the Local Government Finance Act.
Why should a council or anybody else investigate these families using
their usual procedures for the investigation of fraud or error? The idea is completely inappropriate.
What the NFI actually does is use computer
analytics (not 'data matching' as this was explained to Parliament) to draw up
sets of people which it believes on a priori grounds will include some frauds
and expects councils to work through these until they find some actual frauds,
even though at the outset nothing irregular or improper has been found. In respect of its rationale, Bob Neill took
the step of writing to it to state that in his opinion every time the 'primary'
so-called SDP match is mentioned it should be made clear that it does not show
lack of entitlement, it does not show failure to declare changes required by
law to be notified to the CT department, it does not show maladministration by
the participant council. Nor does it
show that the electoral register is incorrect.
In my own case, I am a widow with one daughter. While she was an
undergraduate at XXXX she asked several times if I would allow her to
register to vote here as well as at her university, or main, residence. Having been warned about the NFI, I had to
refuse to let her, which caused some personal bad feeling and distress, and
interfered with my uses of my home and my personal life as well as with her
right to register to vote. .... I was not prepared to be believed, on the basis of
unlawful 'guidance' produced by the Audit Commission in its Audit Guide
relating to this exercise of making two contradictory claims at the same time
and to be subjected to a fraud investigation on that basis.
To conclude, if what the explanatory
notes say is what the government means, it should be in the statute law: if the
government intends to legalise and give itself powers to indicate on the basis
of statistical reasoning that people are 'potential frauds' even though there
is no evidence of any inconsistency then it should take the precaution of
putting that clearly into the statute law as at present there is much
confusion. Indeed, some people believe that NFI data matching is legal only to
the extent that each match does produce prima facie evidence of fraud ie
evidence that could reasonably be put in front of a criminal court as evidence
of a false or misleading statement or
failure to provide information required by law.
The NFI SPD matches produce no evidence of any irregularity whatsoever,
which is why some people persist in pretending - however much Mr Bob Neill
explains the situation to them - that they do.
I do not know who produced the
figures, but they are grossly inflated.
The NFI always quotes figures for SDPs
incorrectly claimed or awarded which include a very large numbers where there
was always full entitlement and the 'incorrectness' is alleged by the NFI and
hotly denied by councils and data subjects.
They do this by using special 'codes' and recording changes in these
'codes' as indicating that there was an error, a procedure with no basis
whatsoever in council tax discount law.
In
all honesty the NFI has no idea how much revenue is lost to SPD fraud, or how
many households are getting SPD when second adult rebate would be the
appropriate thing for them and so on.
And it doesn't care about this one jot. Nor does it have any idea about
the numbers of abortive investigations, which are so high that some councils
have decided and minuted the decision that the exercise is not cost effective
and efficient.
The explanatory notes state that the
draft Bill contains a definition of data matching. It does not: it includes a vague statement
about what data matching exercises 'involve'.
The NFI uses the term data matching exercises to include applying data
analytics to highlight some people as potentially inconsistent cases,
collecting comments and remarks made about those people via its web site,
recording changes in codes decided upon by the the NFI and subjected to legally
dubious interpretations in an Audit Guide it has told Bob Neill is not meant to
be a comprehensive guide to the law, and so on.
The code does include something more like a definition, and this ought
to be in the law to avoid further confusion.
At the very least, Mr Pickes needs to
do some homework on this.
Suggested Amendments
84
(1)
delete ‘exercises’. Reason: the word adds nothing but potential
ambiguity, especially as the NFI has used the phrase ‘data matching exercise’
broadly to include the follow up investigations in search of actual
inconsistencies and so on. Change
‘them’ to ‘data matching’.
85
(2)
The explanatory notes state that this provides a definition of data
matching. In fact it merely makes a
vague statement about what a ‘data matching exercise’ (see comment above)
involves. The part about identifying
trends and patterns could be taken as an invitation to engage in precisely the
sort of data analytics or data mining which Parliament was previously assured
would not take place. In the spirit of
localism, and on the grounds that Mr Pickles’ department receives a great many
statistical reports from councils (unlike the Audit Commission) I suggest that
this is removed. For clarity the
definitions from the statutory code of data matching should be included
here. Regarding the code’s provision
that ‘coincidental matches’ should be eliminated, reflecting Parliamentary
concern that a person might end up subjected to a fraud investigation because
he was mixed up with somebody with a similar name or NI number, given that the
NFI has asserted that ‘coincidental’ means ‘innocent’, once again the statute
law needs to embody the intended protection for the innocent. Clear terminology to describe ‘false matches’
arising from bad typing when entering data, or duplicate NI numbers and so on
needs to be introduced and used.
Suggested wording:
For the purposes of this Part, data
matching is the comparison of sets of data to identify discrepancies; where a
match is found it indicates that there is an inconsistency requiring
investigation. False matches arising
because in an individual case incorrect or flawed data has been uploaded for
processing, including, for example, cases where two different addresses or two
different individuals have been confused, must be eliminated at the earliest
possible opportunity to avoid distress and injustice to data subjects.
(4) Suggested addition: ‘Data matching may not be used to categorise
individuals in whose case no actual inconsistency has been found as “high risk”
cases or as “potential inconsistencies”, or to produce any similar report or
output which may cause unjustified detriment, damage or distress to those
individuals. The algorithms to be used
should be limited to those designed to show, on a case by case basis, that a
situation which is irregular or inconsistent in terms of the relevant statutory
frameworks exists.
Suggested new (5)
“a) For each individual exercise or
report, the Secretary of State shall publish comprehensive guidance showing i)
how the data specification, including any codes required to be attached to the
data and any meta data included within the specification, is based upon, or
derives from, the law governing the data set in question ii) the nature of the
discrepancy, irregularity or inconsistency which the algorithms are designed to
identify.
b) nothing in this part shall be read
as imposing on any individual a duty to provide to a participant any information
which the relevant legal frameworks do not require to be provided or as
imposing upon any relevant authority or best value authority to administer its
affairs in particular ways when the law provides for that authority to have
discretion to act reasonably as it sees fit.”
Note:
if the NFI has done its job properly such guidance should be available:
the present code of practices states that the NFI will publish such
guidance. This provision would allow for
checks and balances in case of administrative error or oversight in the design
of algorithms. Some countries which use
data matching make a point of publishing such accounts, arguing that it
increases accountability and public trust as well as serving to discourage
attempts at fraud. This was one argument
for providing fair processing notification, which has turned out to be
notification in advance that one is to be falsely suspected of fraud by an
unaccountable commission which did not do its research properly in the first
place. Part b makes it clear that Mr
Pickles is not attempting via a back door to undermine the localism agenda by
imposing particular ways of carrying out ‘discretionary’ duties in a particular
manner. The provision as a whole will
also assist Mr Pickles in ensuring that he is not led by the nose by data
merchants with an eye on a quick buck and hang the consequences in terms of
good governance and the principles of public law and administration, or whose
own legal researches have lacked appropriate depth and rigour.
Re-number (5) as (6)
Voluntary Provision of Data
Add 2(c)
“a disclosure which is a disclosure of
inaccurate or misleading information such that the data subject is likely to
suffer unwarranted detriment, distress or damage. “
Disclosure of results
Comments: regarding disclosing the ‘results’ of data
matching to auditors: the duties of auditors are to ensure that councils have
carried out their financial duties in accordance with the law. I quote the legal advice given to the NFI by
a barrister it consulted:
He must see whether, on the financial
side, the councillors and
their officers have discharged their
duties according to law.
Therefore, unless the results of the
data processing show that this is not the case, they are not relevant to the
auditor. And, as we have seen, in at
least one of the major data analytic exercises run by the Audit Commission, the
Under Secretary of State agrees that the output does not show failure to
declare changes in circumstances required to be disclosed under CT law, lack of
entitlement, or even any maladministration by the council. One can only hope that Mr Pickles takes the
advice of his well informed and qualified Under Secretary of State and reads
the relevant sections of the Act, the Administrative Schedule, the Regulations,
and the Case law on sole or main residence.
To give an example, the NFI analyses
data derived from CT records together with the electoral register compiled mid
way through the tax year to produce lists of ‘hits’ which it hopes councils
will investigate, yet an NFI junior solicitor involved in advising about data
matching has asserted that the NFI does not believe that the electoral register
can be used to decide entitlement to a discount and has never stated that it
can be. Evidence of revenue foregone
because a person was claiming a discount to which they appeared not to be
entitled would not and could not be decided by referring to the electoral
register at any point in time, since in case law the criteria for deciding sole
or main reference under the Act for CT purposes cannot be limited to any single
test. What use, therefore, can an
auditor legitimately make of the output of the data analytics?
The ‘results’ of the data processing
should only be disclosed therefore when they provide evidence that the council
has acted in unlawful ways: has failed
to get in revenue due to it or has made an illegal payment. It is not appropriate to tell an auditor that
large numbers of identifiable people have been identified as ‘potential fraud
cases’ using statistically based computer algorithms even though no evidence
has been provided of any case where any actual inconsistency, illegality or
irregularity has been shown to exist.
And even in this case, it is not necessary to disclose personal
information if the auditors could carry out this function in other ways, by,
for example, looking at evidence of internal procedures and so on. To be lawful the use of data needs to be
‘necessary’ ie there is no other way of skinning the cat. This needs to be made clear here. Thus, if the Secretary of State decided that
a particular data analytic procedure, even though in itself it did not show any
actual inconsistency would be a lawful, proportionate and necessary secondary use
of personal data as a fraud control tool such that the consent of the
individual was not needed, it would not
be necessary for an Auditor to see the ‘results’ of the data analytics to
assess whether that fraud control tool had been used: the use of the tool would
of necessity have costs in terms of processing, programming and time and would
be reflected in the accounts of the council.
Code of Practice
It is not appropriate for the
Secretary of State to be given the powers to write his own laws in this
matter. Any Code should be debated before
Parliament with full public debate, and then should have proper force. It
should have the force of law. It is inappropriate for consultation to be
limited: a wide range of interest groups including those representing the data
subjects concerned, most of whom will not be involved in any improper or
fraudulent activity, including, it would appear, a majority of those on some
NFI hit lists.
The Need for Independent Oversight and
Rights of Appeal
Finally, Parliament appears to have
been under the impression shared by many that in the case where false or
inaccurate information was demanded or produced by the NFI the Information
Commissioner could or would intervene.
He has stated that he has no powers to make any comment if the complaint
involves him commenting upon any financial or legal framework.
Therefore, I consider that the Act
should bestow such a power on the Information Commissioner, possibly by the
introduction of a whole new section.
Alternatively, a new Commissioner with responsibility for reviewing the
legal accuracy of any assertions or allegations made at the time when data is
demanded for matching, uploaded or when reports are produced. There could also be a formal appeal process
for councils and individuals who feel that the uses of data or the ‘data’
demanded or produced is unfair or improper.
This may be an area where the Surveillance Commissioner could have some
input.
In some countries formal arrangements
exist whereby people who are thrown up as ‘cases’ using data matching have a
right to be immediately informed of the fact. This seems entirely fair, and to
be a reasonable addition to the fair processing notification, which the NFI has
diluted to the extent that the present Code is utterly misleading on this. It would allow people to take action when
they believed that incorrect, unjust and inappropriate interpretations were
being put upon their personal data or that prejudicial assertions were being
made about them. An example of this
would be the NFI report stating that when a second adult was resident there was
no entitlement to a ‘single person discount’.
This is a legal nonsense, an argument based, it would appear, on a false
belief that the law contains any such thing as a ‘single person discount’. Providing for notification would put a break
on some of the worst examples of injustice and maladministration which have
followed in the wake of at least of the NFI exercises.
There should also be a formal
procedure for notifying a person that they have been assumed to be a fraud, as
none currently exists and the whole thing is kept secret so they may never
know. This is a breach of natural
justice and is wholly unnecessary.
Such considerations were clearly very
low down on the political agenda of the Audit Commission and their partners in
the data analytics and data mining industry, but one has to assume that a
government with a commitment to civil liberties and privacy will take them into
account.
