House of Commons portcullis
House of Commons
Session 2006 - 07
Internet Publications
Other Bills before Parliament

Serious Crime Bill [HL]


Serious Crime Bill [HL]
Schedule 7 — Data matching
Part 1 — Data matching: England

72

 

(a)   

a county council, county borough council or community

council in Wales,

(b)   

a National Park authority for a National Park in Wales,

(c)   

a police authority for a police area in Wales,

(d)   

a fire and rescue authority in Wales constituted by a scheme

5

under section 2 of the Fire and Rescue Services Act 2004

(c. 21) or a scheme to which section 4 of that Act applies.

32C     

Voluntary provision of data

(1)   

If the Commission thinks it appropriate to conduct a data matching

exercise using data held by or on behalf of a body or person not

10

subject to section 32B, the data may be disclosed to the Commission

or a person acting on its behalf.

(2)   

A disclosure under subsection (1) does not breach—

(a)   

any obligation of confidence owed by a person making the

disclosure, or

15

(b)   

any other restriction on the disclosure of information

(however imposed).

(3)   

But nothing in this section authorises a disclosure which—

(a)   

contravenes the Data Protection Act 1998 (c. 29), or

(b)   

is prohibited by Part 1 of the Regulation of Investigatory

20

Powers Act 2000 (c. 23).

(4)   

Data may not be disclosed under subsection (1) if the data comprise

or include patient data.

(5)   

“Patient data” means data relating to an individual which are held

for medical purposes (within the meaning of section 251 of the

25

National Health Service Act 2006 (c. 41)) and from which the

individual can be identified.

(6)   

This section does not limit the circumstances in which data may be

disclosed apart from this section.

(7)   

Data matching exercises may include data provided by a body or

30

person outside England and Wales.

32D     

Disclosure of results of data matching etc

(1)   

This section applies to the following information—

(a)   

information relating to a particular body or person obtained

by or on behalf of the Commission for the purpose of

35

conducting a data matching exercise,

(b)   

the results of any such exercise.

(2)   

Information to which this section applies may be disclosed by or on

behalf of the Commission if the disclosure is—

(a)   

for or in connection with a purpose for which the data

40

matching exercise is conducted,

(b)   

to a body mentioned in subsection (3) (or a related party) for

or in connection with a function of that body corresponding

or similar to the functions of an auditor under Part 2 or the

functions of the Commission under this Part, or

45

 

 

Serious Crime Bill [HL]
Schedule 7 — Data matching
Part 1 — Data matching: England

73

 

(c)   

in pursuance of a duty imposed by or under a statutory

provision.

(3)   

The bodies are—

(a)   

the Auditor General for Wales,

(b)   

the Auditor General for Scotland,

5

(c)   

the Accounts Commission for Scotland,

(d)   

Audit Scotland,

(e)   

the Comptroller and Auditor General for Northern Ireland,

(f)   

a person designated as a local government auditor under

Article 4 of the Local Government (Northern Ireland) Order

10

2005 (S.I. 2005/1968 (N.I.18)).

(4)   

“Related party”, in relation to a body mentioned in subsection (3),

means—

(a)   

a body or person acting on its behalf,

(b)   

a body whose accounts are required to be audited by it or by

15

a person appointed by it,

(c)   

a person appointed by it to audit those accounts.

(5)   

If the data used for a data matching exercise include patient data—

(a)   

subsection (2)(a) applies only so far as the purpose for which

the disclosure is made relates to a relevant NHS body,

20

(b)   

subsection (2)(b) applies only so far as the function for or in

connection with which the disclosure is made relates to such

a body.

(6)   

In subsection (5)—

(a)   

“patient data” has the same meaning as in section 32C,

25

(b)   

“relevant NHS body” means—

(i)   

a health service body,

(ii)   

a Welsh NHS body,

(iii)   

an NHS body as defined in section 22(1) of the

Community Care and Health (Scotland) Act 2002 (asp

30

5),

(iv)   

an HSS trust within the meaning of the Health and

Personal Social Services (Northern Ireland) Order

1991 (S.I. 1991/194 (N.I.1)).

(7)   

Information disclosed under subsection (2) may not be further

35

disclosed except—

(a)   

for or in connection with the purpose for which it was

disclosed under paragraph (a) or the function for which it

was disclosed under paragraph (b) of that subsection,

(b)   

for the investigation or prosecution of an offence (so far as the

40

disclosure does not fall within paragraph (a)), or

(c)   

in pursuance of a duty imposed by or under a statutory

provision.

(8)   

Except as authorised by subsections (2) and (7), a person who

discloses information to which this section applies is guilty of an

45

offence and liable—

(a)   

on conviction on indictment, to imprisonment for a term not

exceeding two years, to a fine or to both, or

 

 

Serious Crime Bill [HL]
Schedule 7 — Data matching
Part 1 — Data matching: England

74

 

(b)   

on summary conviction, to imprisonment for a term not

exceeding 12 months, to a fine not exceeding the statutory

maximum or to both.

(9)   

Section 49 does not apply to information to which this section

applies.

5

(10)   

In this section, “body” includes office.

32E     

Publication

(1)   

Nothing in section 32D prevents the Commission from publishing a

report on a data matching exercise (including on the results of the

exercise).

10

(2)   

But the report may not include information relating to a particular

body or person if—

(a)   

the body or person is the subject of any data included in the

data matching exercise,

(b)   

the body or person can be identified from the information,

15

and

(c)   

the information is not otherwise in the public domain.

(3)   

A report published under this section may be published in such

manner as the Commission considers appropriate for bringing it to

the attention of those members of the public who may be interested.

20

(4)   

Section 51 does not apply to information to which section 32D

applies.

(5)   

This section does not affect any powers of an auditor where the data

matching exercise in question forms part of an audit under Part 2.

32F     

Fees for data matching

25

(1)   

The Commission must prescribe a scale or scales of fees in respect of

data matching exercises.

(2)   

A body required under section 32B(1) to provide data for a data

matching exercise must pay to the Commission the fee applicable to

that exercise in accordance with the appropriate scale.

30

(3)   

But if it appears to the Commission that the work involved in the

exercise was substantially more or less than that envisaged by the

appropriate scale, the Commission may charge the body a fee which

is larger or smaller than that referred to in subsection (2).

(4)   

Before prescribing a scale of fees under this section, the Commission

35

must consult—

(a)   

the bodies mentioned in section 32B(2), and

(b)   

such other bodies or persons as the Commission thinks fit.

(5)   

If the Secretary of State considers it necessary or desirable to do so,

he may by regulations prescribe a scale or scales of fees to have effect,

40

for such period as is specified in the regulations, in place of any scale

or scales of fees prescribed by the Commission and, if he does so,

references in this section to the appropriate scale are to be read as

respects that period as references to the appropriate scale prescribed

by the Secretary of State.

45

 

 

Serious Crime Bill [HL]
Schedule 7 — Data matching
Part 1 — Data matching: England

75

 

(6)   

Before making any regulations under subsection (5), the Secretary of

State must consult—

(a)   

the Commission, and

(b)   

such other bodies or persons as he thinks fit.

(7)   

In addition to the power under subsection (2), the Commission may

5

charge a fee to any other body or person providing data for or

receiving the results of a data matching exercise, such fee to be

payable in accordance with terms agreed between the Commission

and that body or person.

32G     

Code of data matching practice

10

(1)   

The Commission must prepare, and keep under review, a code of

practice with respect to data matching exercises.

(2)   

Regard must be had to the code in conducting and participating in

any such exercise.

(3)   

Before preparing or altering the code, the Commission must consult

15

the bodies mentioned in section 32B(2), the Information

Commissioner and such other bodies or persons as the Commission

thinks fit.

(4)   

The Commission must—

(a)   

send a copy of the code, and of any alterations made to the

20

code, to the Secretary of State, who must lay the copy before

Parliament, and

(b)   

from time to time publish the code as for the time being in

force.

32H     

Powers of Secretary of State

25

(1)   

The Secretary of State may by order amend this Part—

(a)   

to add any purpose mentioned in subsection (2) to the

purposes for which data matching exercises may be

conducted,

(b)   

to modify the application of this Part in relation to a purpose

30

so added.

(2)   

The purposes which may be added are—

(a)   

to assist in the prevention and detection of crime (other than

fraud),

(b)   

to assist in the apprehension and prosecution of offenders,

35

(c)   

to assist in the recovery of debt owing to public bodies.

(3)   

The Secretary of State may by order amend this P art—

(a)   

to add a public body to the list of bodies in section 32B(2),

(b)   

to modify the application of this Part in relation to a body so

added,

40

(c)   

to remove a body from that list.

(4)   

An order under this section may include such incidental,

consequential, supplemental or transitional provision as the

Secretary of State thinks fit.

 

 

Serious Crime Bill [HL]
Schedule 7 — Data matching
Part 2 — Data matching: Wales

76

 

(5)   

In this section, “public body” means a body or person whose

functions—

(a)   

are functions of a public nature, or

(b)   

include functions of that nature,

   

but, in the latter case, the body or person is a public body to the

5

extent only of those functions.”

3          

In section 52 (orders and regulations), after subsection (1) insert—

“(1A)   

No order shall be made under section 32H unless a draft of the order

has been laid before and approved by a resolution of each House of

Parliament.”

10

Part 2

Data matching: Wales

4          

After Part 3 of the Public Audit (Wales) Act 2004 (c. 23) insert—

Part 3A

Data matching

15

64A     

Power to conduct data matching exercises

(1)   

The Auditor General for Wales may conduct data matching exercises

or arrange for them to be conducted on his behalf.

(2)   

A data matching exercise is an exercise involving the comparison of

sets of data to determine how far they match (including the

20

identification of any patterns and trends).

(3)   

The power in subsection (1) is exercisable for the purpose of assisting

in the prevention and detection of fraud in or with respect to Wales.

(4)   

That assistance may, but need not, form part of an audit.

(5)   

A data matching exercise may not be used to identify patterns and

25

trends in an individual’s characteristics or behaviour which suggest

nothing more than his potential to commit fraud in the future.

(6)   

In the following provisions of this Part, reference to a data matching

exercise is to an exercise conducted or arranged to be conducted

under this section.

30

64B     

Mandatory provision of data

(1)   

The Auditor General for Wales may require—

(a)   

any body mentioned in subsection (2), and

(b)   

any officer or member of such a body,

   

to provide the Auditor General or a person acting on his behalf with

35

such data (and in such form) as the Auditor General or that person

may reasonably require for the purpose of conducting data matching

exercises.

(2)   

The bodies are—

(a)   

a local government body in Wales (as defined in section

40

12(1));

 

 

Serious Crime Bill [HL]
Schedule 7 — Data matching
Part 2 — Data matching: Wales

77

 

(b)   

a Welsh NHS body (as defined in section 60).

(3)   

A person who without reasonable excuse fails to comply with a

requirement of the Auditor General under subsection (1)(b) is guilty

of an offence and liable on summary conviction—

(a)   

to a fine not exceeding level 3 on the standard scale, and

5

(b)   

to an additional fine not exceeding £20 for each day on which

the offence continues after conviction for that offence.

(4)   

If an officer or member of a body is convicted of an offence under

subsection (3), any expenses incurred by the Auditor General in

connection with proceedings for the offence, so far as not recovered

10

from any other source, are recoverable from that body.

64C     

Voluntary provision of data

(1)   

If the Auditor General for Wales thinks it appropriate to conduct a

data matching exercise using data held by or on behalf of a body or

person not subject to section 64B, the data may be disclosed to the

15

Auditor General or a person acting on his behalf.

(2)   

A disclosure under subsection (1) does not breach—

(a)   

any obligation of confidence owed by a person making the

disclosure, or

(b)   

any other restriction on the disclosure of information

20

(however imposed).

(3)   

But nothing in this section authorises a disclosure which—

(a)   

contravenes the Data Protection Act 1998 (c. 29), or

(b)   

is prohibited by Part 1 of the Regulation of Investigatory

Powers Act 2000 (c. 23).

25

(4)   

Data may not be disclosed under subsection (1) if the data comprise

or include patient data.

(5)   

“Patient data” means data relating to an individual which are held

for medical purposes (within the meaning of section 251 of the

National Health Service Act 2006 (c. 41)) and from which the

30

individual can be identified.

(6)   

This section does not limit the circumstances in which data may be

disclosed apart from this section.

(7)   

Data matching exercises may include data provided by a body or

person outside England and Wales.

35

64D     

Disclosure of results of data matching etc

(1)   

This section applies to the following information—

(a)   

information relating to a particular body or person obtained

by or on behalf of the Auditor General for Wales for the

purpose of conducting a data matching exercise,

40

(b)   

the results of any such exercise.

(2)   

Information to which this section applies may be disclosed by or on

behalf of the Auditor General for Wales if the disclosure is—

(a)   

for or in connection with a purpose for which the data

matching exercise is conducted,

45

 

 

Serious Crime Bill [HL]
Schedule 7 — Data matching
Part 2 — Data matching: Wales

78

 

(b)   

to a body mentioned in subsection (3) (or a related party) for

or in connection with a function of that body corresponding

or similar to the functions of an auditor under Chapter 1 of

Part 2 or the functions of the Auditor General under Part 3 or

this Part, or

5

(c)   

in pursuance of a duty imposed by or under a statutory

provision.

(3)   

The bodies are—

(a)   

the Audit Commission,

(b)   

the Auditor General for Scotland,

10

(c)   

the Accounts Commission for Scotland,

(d)   

Audit Scotland,

(e)   

the Comptroller and Auditor General for Northern Ireland,

(f)   

a person designated as a local government auditor under

Article 4 of the Local Government (Northern Ireland) Order

15

2005 (S.I. 2005/1968 (N.I.18)).

(4)   

“Related party”, in relation to a body mentioned in subsection (3),

means—

(a)   

a body or person acting on its behalf,

(b)   

a body whose accounts are required to be audited by it or by

20

a person appointed by it,

(c)   

a person appointed by it to audit those accounts.

(5)   

If the data used for a data matching exercise include patient data—

(a)   

subsection (2)(a) applies only so far as the purpose for which

the disclosure is made relates to a relevant NHS body,

25

(b)   

subsection (2)(b) applies only so far as the function for or in

connection with which the disclosure is made relates to such

a body.

(6)   

In subsection (5)—

(a)   

“patient data” has the same meaning as in section 64C,

30

(b)   

“relevant NHS body” means—

(i)   

a Welsh NHS body as defined in section 60,

(ii)   

a health service body as defined in section 53(1) of the

Audit Commission Act 1998 (c. 18),

(iii)   

an NHS body as defined in section 22(1) of the

35

Community Care and Health (Scotland) Act 2002 (asp

5),

(iv)   

an HSS trust within the meaning of the Health and

Personal Social Services (Northern Ireland) Order

1991 (S.I. 1991/194 (N.I.1)).

40

(7)   

Information disclosed under subsection (2) may not be further

disclosed except—

(a)   

for or in connection with the purpose for which it was

disclosed under paragraph (a) or the function for which it

was disclosed under paragraph (b) of that subsection,

45

(b)   

for the investigation or prosecution of an offence (so far as the

disclosure does not fall within paragraph (a)), or

 

 

 
previous section contents continue
 
House of Commons home page Houses of Parliament home page House of Lords home page search page enquiries

© Parliamentary copyright 2007
Revised 11 May 2007