This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
Every two years the Cabinet Office requires Oxfordshire County Council to take part in a data matching exercise to assist in the prevention and detection of fraud. This is known as the National Fraud Initiative (NFI).
For more information about how the Cabinet Office processes your data in relation to the NFI, visit GOV.UK.
Oxfordshire County Council (OCC) is known as the 'controller' of the personal data you provide to us.
Why we collect your personal data
Oxfordshire County Council holds a wide variety of personal data which it uses to fulfil its functions and deliver public services. Not all data processed by the council will be relevant to the NFI and only information that is processed for the following purposes will be shared:
- Concessionary travel
- Personal budgets
- Care home placements funded by the county council
- Creditor data
The county council is required by law to protect the public funds it administers. As part of this, we have an obligation to participate in the Cabinet Office’s National Fraud Initiative, which is a data matching exercise to assist in the prevention and detection of fraud. We are required to provide these particular sets of data to the Minister of the Cabinet Office for matching.
The use of the data by the Cabinet Office in a data matching exercise is carried out with a statutory authority under Part 6 of the Local Audit and Accountability Act 2014 and is subject to a code of practice which can be viewed on GOV.UK.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
Personal data we collect
In delivering the above services, the council collects a significant amount of personal data from you. However, NFI is only concerned with the following:
- Name, address and other contact details
- Family details
- Births and deaths
- Financial details
- Employment and education details
- Licences or permits held
Where we get your personal data from
This information is collected in a number of ways
- Provided to us directly by you when you sign up to use a service we are providing
- Provided by another professional organisation involved in the provision of services
- Provided by another professional organisation to allow the research and intelligence necessary to OCC performing its statutory functions
Professional organisations may include other public sector bodies such as health, police services and schools. We may also receive information from government bodies and regulators such as the Department of Work and Pensions and Her Majesty’s Revenue and Customs.
Who we share your data with
For the purpose of the NFI, your data will be shared with the Cabinet Office. We may also share this information with other bodies that are responsible for administering public funds in order to prevent and detect fraud, such as:
- Department of Work and Pensions
- other local councils
- police authorities
- local probation boards
- fire and rescue authorities
- some private bodies.
How long we keep your personal data for
We are required to retain your personal data only for as long as is necessary, after which it will be securely destroyed in line with the council’s retention policy or the specific requirements of the organisation who has shared personal data with us.
Retention periods can vary and will depend on various criteria including the purpose of processing, regulatory and legal requirements, and internal organisational need.
How we keep your personal data safe
We have an information assurance framework in place which ensures that appropriate technical and organisational measures are in place to help keep your personal data secure and to reduce the risk of loss and theft.
Access to personal data is strictly controlled based on the role of the professional.
All staff are required to undertake regular data protection training and must comply with a variety of policies designed to keep your information secure.
Your personal data is not processed outside of the EU by us unless adequate safeguards are in place.
You have a number of rights which relate to your personal data.
You are entitled to request access to any personal data we hold about you and you can also request a copy. Find out how to make a request.
Where we a relying on your consent to process your personal data you are entitled to withdraw your consent at any time.
You can also request that we correct any personal data we hold about you that you believe is inaccurate; request that we erase your personal data; request that we stop processing all or some of it and request that automated decisions are made by a person.
We are obliged to consider and respond to any such request within one calendar month.
Making a request or complaint
If you wish to make a request or make a complaint about how we have handled your personal data, contact the Data Protection Officer by emailing email@example.com
Alternatively, you can write to Oxfordshire County Council, County Hall, New Road, Oxford, OX1 1ND. Further means of contact can be found here.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office.