You are here:

  1. Home
  2. Services
  3. Council and elections
  4. Privacy notices
  5. Internal audit and anti-fraud privacy notice

Internal audit and anti-fraud privacy notice

Online council services

Who we are and what we do

The Internal Audit and Anti-Fraud Division is part of the Finance and Governance Directorate and provide an independent function to provide the council assurance on its internal control, fraud and governance processes.  This is set out under Section 151 of the Local Government Act 1972.  These functions require us to hold or have access to information from systems and processes across the council, in order to fulfil the legal requirement to provide an internal audit function and to prevent, detect, deter and investigate referrals of fraud bribery and corruption.

Information we hold about you Click to get info

The Internal Audit and Anti-Fraud Division may collect a wide variety of information from a range of sources, including, but not limited to:

  • Personal, such as name, date of birth, address;
  • Employment, for example national insurance number, employer details and history, next of kin, sickness records;
  • Financial details, such as bank account information, mortgage accounts, pensions, credit history;
  • Health information gathered to assess eligibility for benefits;
  • Information gathered during the course of an investigation or proactive exercise;

Documentary evidence provided in order to access council services.

Why we need your information and how we use it Click to get info

  • Information collated as part of a sample to undertake internal audits of council provided services and of services provided to the council
  • Information used for proactive anti-fraud exercises to identify fraud
  • Information used for internal audit assurance work to identify discrepancies
  • To assist with the investigation of criminal, civil and disciplinary offences
  • To verify that the information you have supplied is correct and accurate
  • For service planning, delivery and improvement
  • To prevent money-laundering and to verify your identity

The lawful basis for the processing Click to get info

The Internal Audit and Anti-Fraud Division have a duty to protect the public purse.  The following acts and regulations provide the basis on which the section operates:

  • Section 151 of the Local Government Act 1972 requires that authorities ‘make arrangements for the proper administration of their financial affairs’
  • The Accounts and Audit Regulations 2015 require that ”a relevant body must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance. Any officer or member of that body must, if the body requires:
    • a) make available such documents and records (including those in electronic form); and
    • b) supply such information and explanation.

as are considered necessary by those conducting the internal audit”.

  • The Police and Criminal Evidence Act 1984
  • Criminal Procedure and Investigations Act 1996
  • Local Government Finance Act 1992
  • Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013
  • Prevention of Social Housing Fraud Act (Power to Require Information) (England) Regulations 2014
  • Regulation of Investigatory Powers Act 2000
  • Criminal Procedures and Investigations Act 1996
  • Police & Criminal Evidence Act 1984
  • Public Interest Disclosure Act 1998
  • Local Audit and Accountability Act 2014

For more details on the Lawful Basis see the ICO guidance

Who your information will be shared with Click to get info

Including but not limited to:

  • Other local authorities
  • Contracted audit delivery partners
  • Registered social landlords
  • The Cabinet Office
  • Other Government departments
  • The Police
  • Employers
  • NHS
  • Judicial agencies, for example; Courts
  • Where information is requested under relevant legislation
  • Fraud prevention agencies.
  • National Fraud Initiative 
    From 1 April 2015 the National Fraud Initiative will be conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (LAAA). Previous exercises were conducted by the Audit Commission under Part IIA of the Audit Commission Act 1998.  The provision of data by the council to the Minister does not require the consent of the individuals concerned.
    Data matching involves comparing sets of data, such as the payroll or council tax records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims, payments and information to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation.
    No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
    The Cabinet Office currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise, and these are set out in the Cabinet Office’s guidance, which can be found on the GOV.UK website
    For further information on the Cabinet Office’s legal powers and the reasons why it matches particular information, see the GOV.UK website.
    For further information on data matching at this authority contact Kevin Campbell-Scott on 020 8496 4487 or at kevin.campbell-scott@walthamforest.gov.uk
  • The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found on the cifas website

Automated data matching Click to get info

The work of the Internal Audit and Anti-Fraud Division may involve elements of automated data matching between sources. Any data processing and sharing of this kind is carried out in line with GDPR requirements.

Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation. No assumption will be made as to whether there is fraud, error or other explanation until an investigation is carried out.  Any algorithm used will therefore not have a direct legal effect on an individual. 

The processing of data by the Council in a data matching exercise is carried out with statutory authority under its powers.  It does not require the consent of the individuals concerned under data protection legislation or the GDPR.

How long we will keep your information Click to get info

The Internal Audit and Anti-Fraud Division have retention schedules in place to ensure that information is only held for as long as is needed. 

For successful sanction cases, we are requested to keep your information for a minimum of seven years after which time it will be destroyed.  For other cases, your information will be kept for 12 months after which time it will be destroyed.

Our data protection officer Click to get info

Our Data Protection Officer is Mark Hynes. You can contact him at Data.Protection@walthamforest.gov.uk.

Protecting your information Click to get info

Please see the relevant section of the Corporate Privacy Notice

Your information choice and rights Click to get info

Please see the relevant section of the Corporate Privacy Notice

Complaints and contact details Click to get info

These are included in the relevant section of the Corporate Privacy Notice.

Information Commissioner’s Office Click to get info

If we’re unable to resolve your complaint to your satisfaction, you can make a complaint to the Information Commissioner's Office (ICO).

National Fraud Initiative Click to get info

From 1 April 2015 the National Fraud Initiative will be conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (LAAA). Previous exercises were conducted by the Audit Commission under Part IIA of the Audit Commission Act 1998.  The provision of data by the council to the Minister does not require the consent of the individuals concerned.

Data matching involves comparing sets of data, such as the payroll or council tax records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims, payments and information to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation.

No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Cabinet Office currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise, and these are set out in the Cabinet Office’s guidance.

For further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.

For further information on data matching at this authority contact Kevin Campbell-Scott on 020 8496 4487 or at kevin.campbell-scott@walthamforest.gov.uk