Statutory guidance

Code of data matching practice for the National Fraud Initiative

The code of data matching practice helps to ensure that the NFI and everyone involved in data matching exercises comply with the law.


The purpose of this code is to help ensure that the National Fraud Initiative (NFI) and everyone involved in NFI data matching exercises comply with the law, especially the provisions of the Data Protection Act 1998. It also promotes good practice in data matching. It includes guidance on:

  • the notification process for letting individuals know why their data is matched and by whom (view examples of NFI fair processing layered notices
  • the standards that apply
  • where to find further information

The Serious Crime Act 2007 gave the Audit Commission new statutory powers to conduct data matching exercises by inserting a new Part IIA into the Audit Commission Act 1998. The legislation requires the Commission to prepare a code of practice to govern its data matching exercises, and to consult with the Information Commissioner and others over it before approving and laying it before Parliament.

The code of data matching practice was published and laid before Parliament on 21 July 2008. It replaced the previous code published by the Commission in 2006.

From 1 April 2015, responsibility for NFI passes from the Audit Commission to the Cabinet Office. Future NFI exercises will use the powers given to the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014. The existing code of data matching practice will continue in effect until the Minister for the Cabinet Office issues a new code.

The code is subject to review following completion of each NFI exercise. Any changes proposed to the code will be consulted upon before a new code is finalised and laid before Parliament.