Skip to main content
Statutory guidance

National Fraud Initiative privacy notice

Updated 20 May 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/fair-processing-national-fraud-initiative/fair-processing-level-3-full-text

Your data

The data

We process information that you provide when making a claim or applying for:

  • pension
  • taxi driver licence
  • market trader licence - voluntary
  • personal alcohol licence - voluntary
  • social housing (current tenants and individuals on a housing waiting list and temporary accommodation)
  • Right to Buy (completed and in progress)
  • transport pass and permit
  • Council Tax Reduction Scheme
  • Council Tax Single Person Discount
  • Universal Credit
  • Housing Benefit
  • other state benefits
  • personal budget/direct payments in relation to adult social care
  • Grants

In addition to the above, we also process information in relation to:

  • residents in private care homes.
  • payment of an invoice from an organisation that takes part in the NFI. This is referred to as trade creditor standing and payment history data.
  • payment for employment from an organisation that takes part in the NFI. This is referred to as payroll data.
  • registering to vote. This is referred to as Electoral Register data.
  • business rates.
  • Properties advertised and let for short periods. This is referred to as short-term rental of housing data
  • Home Office disqualified persons
  • Publicly available statistics and public records (such as national census data, local authority housing registers, or regional demographic statistics). We only use this data behind the scenes to measure how well our systems are performing and to securely research new ways to detect fraud, rather than investigating individuals directly.

Data specifications setting out exactly what data we process in the above areas can be found on the National Fraud Initiative: public sector data specifications page

Data specifications detailing the exact data we process for National Fraud Initiative pilots can be found at National Fraud Initiative: Pilot Data Specification

Refer to the privacy notice for social housing fraudulent subletting to find out how we will use your data for this pilot.

Criminal convictions data

If the investigation of a data match produced by the NFI results in a prosecution, then this may be recorded by participating organisations in the secure NFI web-based application. This information is for outcomes recording purposes only. We use information from past investigations to test and improve our fraud-detection systems. This helps us stay accurate and focus on real threats. This data is only used for internal improvements, it is not used to make automated decisions about your case.

Special categories of personal information

Included in the above are certain special categories of personal information:

Housing, other benefits, and student loan data include an indicator of physical or mental health or condition. This disability flag, which does not identify the specific condition, is required as disability has an impact upon a student’s entitlement to claim housing benefit.

We collect information on blue badge holders (and applicants) and individuals in receipt of, or applying for a personal budget. . While we do not hold information on the medical condition that entitles the individual to a badge or personal budget, we do know who has a badge.

We collect information on individuals in private residential care homes. While we do not hold information on the health status of individuals in residential care, we do know who resides in a care home.

Purpose

The purposes for which we are processing your personal data are:

Detecting Fraud through Data Matching

The Cabinet Office conducts data matching exercises to assist in the prevention and detection of fraud.

We also use this data to create “priority lists” so that the most likely cases of fraud are dealt with first, and data quality is enhanced, ensuring accurate and effective matching.

These are one of the ways the Minister for the Cabinet Office takes responsibility within government for public sector efficiency and reform.

This is a more detailed description of the Data Matching process

Research and System Improvement

In addition to the standard data matching exercises, the NFI carries out internal research to examine and improve the methods we use. Because the ways to commit fraud are constantly changing, existing ways of finding fraud are not always enough to detect complex fraud.

When we do the research, we analyse and review the data we hold and past investigation outcomes to refine our systems. We may also use data from outside sources, like statistics of how many people live in a specific area. Or publicly available data bases, like the Houses of Multiple Occupation Register.

This work helps us stop fraud more efficiently adjusting to any new ways of committing fraud, whilst ensuring we don’t wrongly flag people who haven’t done anything wrong. 

In this way, the NFI can continue to help detect and prevent fraud in the most efficient and effective way possible. 

This is a more detailed description of the Research and System Improvement process

The data that is matched and the reasons for matching it for fraud prevention and detection

Information summarising the various match types by participating organisation type, and the purpose of the matching, is set out in the document​ ​NFI match types per participating body​. 

These are the services the NFI provides

Automated decision making

Your personal data will not be subject to automated decision making or profiling as defined by Article 22 UK GDPR. 

Data Matching

The legal basis for processing your personal data is that it is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the data controller (Article 6(1)(e) UK GDPR). In this case that is improving the effectiveness and accuracy of the prevention and detection of fraud.

The NFI is conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (LAAA).

Under the LAAA legislation:

  1. The Cabinet Office may carry out data matching exercises for the purpose of assisting in the prevention and detection of fraud.
  2. The Cabinet Office may require certain bodies (as set out in the Act) to provide data for data matching exercises
  3. Bodies may participate in its data matching exercises on a voluntary basis where the Cabinet Office considers it appropriate. Where they do so, the Act states that there is no breach of confidentiality and generally removes other restrictions in providing the data to the Cabinet Office. The requirements of the data protection legislation, however, continue to apply, so data cannot be voluntarily provided if to do so would be a breach of data protection legislation. In addition, the sharing of patient data on a voluntary basis is prohibited.
  4. The Cabinet Office may disclose the results of data matching exercises where this assists in the prevention and detection of fraud, including disclosure to bodies that have provided the data and to auditors that it appoints, as well as in pursuance of a duty under an enactment.
  5. The Cabinet Office may disclose both data provided for data matching and the results of data matching to the Auditor General for Wales, the Comptroller and Auditor General for Northern Ireland, the Auditor General for Scotland, the Accounts Commission for Scotland, and Audit Scotland, for the purposes of preventing and detecting fraud.
  6. Wrongful disclosure of data obtained for the purposes of data matching by any person is a criminal offence. A person found guilty of the offence is liable on summary conviction to a fine not exceeding level 5 on the standard scale.
  7. The Cabinet Office may charge a fee to a body participating in a data matching exercise and must set a scale of fees for bodies required to participate.
  8. The Cabinet Office must prepare and publish a ​Code of Practice​. All bodies conducting or participating in its data matching exercises, including the Cabinet Office itself, must have regard to the Code.
  9. The Cabinet Office may report publicly on its data matching activities.

The legal basis for processing your criminal convictions data is paragraphs 6 and 10 of ​schedule 1​ to the Data Protection Act 2018

The legal basis for processing your special category data is that it is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment (paragraph 6, schedule 1, Data Protection Act 2018).

Recipients of data matches

Your personal data (where it appears in an NFI match) will be shared by us as necessary for the purposes of preventing and detecting fraud with:

  • The Auditor General for Wales
  • The Comptroller and Auditor General for Northern Ireland
  • The Auditor General for Scotland
  • The Accounts Commission for Scotland
  • Audit Scotland

The NFI will also share your personal data where necessary with Local Government, UK Police and other public sector bodies. 

This is a full list of all the organisations the NFI shares data with 

The NFI will also share your personal data with Synectics Solutions Limited SIRA and LexisNexis Risk Solutions Ltd as the contracted data processor for the NFI. 

Synectics Solutions Limited SIRA, and LexisNexis Risk Solutions Ltd, also provides anti-fraud data matching services. For this we allow them to use the data matches only, not the data NFI shares with them for our contracted service. 

In very specific circumstances the NFI may also share your personal data with private business to support the data matching process and to identify new areas of fraud prevention and detection. 

Where this happens and if necessary, we will provide more details. Currently we are working with:

Third Parties

Data Matching on behalf of the Cabinet Office

We will share records containing personal data with a number of third parties for them to undertake matching on behalf of the Cabinet Office. Specifically, these are:

  • HMRC. These will be matched against HMRC records and additional HMRC information, appended and fed back to the NFI securely. The HMRC matching will seek to identify persons at the address provided and relevant income-related information. 
  • DWP. These will be matched against DWP records, additional DWP information appended, and fed back to the NFI securely. The DWP matching will seek to identify deceased persons.
  • Synectics Solutions Limited SIRA. These will be matched against the SIRA adverse fraud databases and additional information fed back to the NFI.
  • Credit Reference Agencies (CRA). These will be matched against credit reference agency data and additional information appended and fed back to the NFI. 

Data Controllers

The Data Controller for the purposes your personal data will be used for as described is the Cabinet Office.

Where we share NFI data match results only, with Synectics Solutions Limited SIRA, and LexisNexis Risk Solutions Ltd, for them to use in their anti-fraud data matching services, they are the responsible data controllers. 

Their privacy notices are available here:

Where personal data has not been obtained from you

Your personal data is provided to the NFI by a number of organisations. These include voluntary participants in the NFI Data Matching process and other bodies providing data to the NFI.

This is a list of the organisations that provide us with your data

Your rights

You have the right to:

  • request information about how your personal data is processed, and to request a copy of that personal data
  • request that any inaccuracies in your personal data is rectified without delay
  • request that any incomplete personal data is completed, including by means of a supplementary statement
  • request that your personal data is erased if there is no longer a justification for it to be processed.
  • in certain circumstances (for example, where accuracy is contested), to request that the processing of your personal data is restricted
  • Object to the processing of your personal data

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Email: icocasework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is the Cabinet Office. To contact the data controller, email 

nfiqueries@cabinetoffice.gov.uk

The contact details for the Data Protection Officer (DPO) of the data controller are:

Email: dpo@cabinetoffice.gov.uk

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

Back to top