Statutory guidance

National Fraud Initiative Privacy Notice – Additional Information

Updated 20 May 2026

Data Matching

Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. This is done as an automated process with no decisions made as part of that process. The data is usually personal information. 

To ensure data accuracy and reduce duplicate results, the matching process may prioritise newer datasets provided through regular automated refreshes over existing records to ensure results are based on the latest available information.

The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it may indicate that there is an inconsistency that requires further investigation. All bodies participating in the Cabinet Office’s data matching exercises receive a report of matches that they should investigate, so as to detect instances of fraud, over- or underpayments, and other errors, to take remedial action and update their records accordingly. No assumption can be made as to whether there is fraud, error, or other explanation until an investigation is carried out. This requires human intervention and decision-making.

The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under data protection legislation or the UK GDPR.

Research and System Improvement 

In addition to standard data matching, the NFI conducts secure, internal research to evaluate and improve our methods. Because fraud is constantly evolving, static rules are not always enough to detect complex fraud. This research involves:  

• System Testing: Using internal data to safely test new ideas for spotting fraud before we roll them out as standard data matches.
• Statistical Benchmarking: Comparing NFI data against external, publicly available statistics (like regional population estimates) to ensure our matching is effective, fair, and proportionate.
• Improving Accuracy: Using the confirmed results of past fraud investigations to fine-tune our systems, helping us target genuine risks and reduce unnecessary investigations into innocent people.
• Important Safeguards: The results of this exploratory research are strictly advisory. They are used by our management team to understand general fraud trends and improve the NFI system. No operational action or investigation is ever taken against you based solely on this exploratory research; any further action would require human review and standard investigative processes.

The data that is matched, the reasons for matching it for fraud prevention and detection across the services we provide

Information summarising the various match types by participating organisation type, and the purpose of the matching, is set out in the document NFI match types per participating body. We provide the following services:

National Exercise

The NFI conducts a comprehensive national data matching exercise every two years, in addition to annual Council Tax Single Person Discount matching. Mortality screening occurs biannually. The system identifies potential anomalies, known as ‘matches’, which participating organisations review and investigate. Data is submitted securely via a dedicated website, with the NFI team offering support and monitoring activities. A report summarising the effectiveness of different match types is published biennially.

ReCheck

ReCheck is a flexible data matching service that complements the national exercise. This service allows NFI participant bodies to re-perform existing data matching, at a time that suits them, by uploading their organisation’s datasets for internal matching.

AppCheck

NFI participants can use this service at the point of application to check against NFI data to help verify people’s identity or if they have left out relevant information that might affect their entitlement to a benefit, service, or employment. 

FraudHub

Allows NFI participant bodies, who want to work together, to regularly and effectively screen their collective data in order to prevent errors in processing payments and to reduce fraud. Data supplied via the NFI FraudHub may also be used to automatically refresh other NFI services, so that the most up-to-date information available is used to improve matching accuracy.

Retention

Your personal data will be kept by us for the periods set out in our Data Deletion Schedule, which is available on our  Code of Data Matching Practice GOV.UK page.

Recipients of Data Matches

Your personal data (where it appears in an NFI match) will be shared by us as necessary for the purposes of preventing and detecting fraud with:

Mandatory participants who include:

• district and county councils
• London and metropolitan boroughs
• unitary authorities
• combined authorities
• police authorities
• fire and rescue authorities
• pension authorities
• NHS Trusts
• Foundation Trusts
• Integrated Care Boards
• passenger transport authorities
• passenger transport executives
• waste authorities
• Greater London Authority and its functional bodies

In addition, the following bodies provide data to the NFI for matching on a voluntary basis, and so may also receive your data where it appears in a match:

• private sector pension schemes (various)
• Metropolitan Police – Operation Amberhill
• Special health authorities
• housing associations and other social housing providers
• probation authorities
• national park authorities
• central government pensions schemes
• Insurance Fraud Bureau
• UK central government departments 
• Social Security Scotland
• Rent Smart Wales
• Rent Smart Northern Ireland
• Synectics Solutions Limited SIRA*
• LexisNexis Risk Solutions Ltd*
• Airbnb - separate privacy notice applies
• Tenancy Deposit Protection Scheme
• other private organisations/companies

*Where we share NFI data match results with Synectics Solutions Limited SIRA, and LexisNexis Risk Solutions Ltd, for them to use in their anti-fraud data matching services, they are the responsible data controllers. Their privacy notices are available here:

• This is the LexisNexis Risk Solutions Privacy Notice
• This is the Synectics Solutions Limited SIRA Privacy Notice

Third Party Provision of personal data

If your personal data was not provided to the NFI by you, we will have obtained if from the following organisations:

Mandatory participants:

• district and county councils
• London and metropolitan boroughs
• unitary authorities
• Combined Authorities
• police authorities
• fire and rescue authorities
• pension authorities
• NHS Trusts
• Foundation Trusts
• Integrated Care Boards
• passenger transport authorities
• passenger transport executives
• waste authorities
• Greater London Authority and its functional bodies

Voluntary participants and other bodies providing data to NFI may include:

• private sector pension schemes (various)
• Metropolitan Police – Operation Amberhill
• special health authorities
• housing associations and other social housing providers
• probation authorities
• national park authorities
• central government pensions schemes
• other central government departments (UK)
• Social Security Scotland
• Rent Smart Wales
• Rent Smart Northern Ireland
• Synectics Solutions Limited SIRA
• LexisNexis Risk Solutions Ltd
• Airbnb
• Tenancy Deposit Protection Scheme
• Credit reference agencies
• other private organisations/companies