The fuss - in some circles, at least - over the Audit Commission's practice of mass 'fishing' for local government employees' salary details (under the aegis of the National Fraud Initiative) has been visible enough that I expect the AC must have been under some pressure to quantify the results of its investigations. Today there's a news item about over £140m of questionable payments (of which some are fraudulent) in 2006-7.
The figures include £24m in housing benefit payments, although it is then noted that of that £24m, 62% was accounted for by 'claimant error', 31% by fraud and 7% by local authority error. In other words, something under £8m was classified as fraud. Now, £8m of incorrect public expenditure is not a figure to be sniffed at, for sure. On the other hand, the article also notes that the NFI is only one of the ways in which such fraud is detected: apparently the total amount of housing benefit fraud detected for the 2005-6 period was £760m. So actually the NFI probably accounts for only about 1% of detections of that kind of fraud.
The question this raises is one of proportionality. In order to identify about 1% of housing benefit fraud detected, the salary details of a segment of public sector employees have been collected (in many cases, without their knowledge or consent) and passed to a third party, who then subcontracts to a commercial sector company to have the data processed. As I mentioned back in 2006, as the spouse of a local government employee with a joint bank account, my banking details will have followed the same route... Arguably, such data transfers put all those data subjects at risk, either of identity theft or of having their data go astray (with unpredictable consequences, depending on whether the data is ever known to re-surface).
You may contend that the impact associated with this risk can't possibly amount to £8m-worth (unless local authority employees are doing rather better than expected in salary terms...); however, if someone suffers large-scale identity fraud because their banking and salary details have been compromised, the impact for that individual can be catastrophic.
As with the HMRC data breach - where it was 'easier' for the employee concerned to disclose all the data than to pay for it to be pared down - I think the risk/benefit calculations for disclosures like this need to be re-balanced so that the data subject's interests are better represented.
And it's worth noting, as the article points out, that the AC's detection of these instances of fraud does not necessarily mean that the fraud is prevented. The AC notifies the local authority, but that doesn't mean that enforecement action is taken, either to stop current fraud or to prevent future instances.
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}