Data fears snag fraud cops

THE NATIONAL Fraud Strategy is about to make a cautious start with an initiative to persuade industry that the police can be trusted with its data.

The Fraud Stategy will rely on private sector data to feed analytical software that looks for suspect behaviour.

But a similar programme being set up Metropolitan Police is
already a year late because of problems pulling data from the banking industry in the shadow of a string of public sector data security breaches such as the HMRC's loss of 25 million child benefit records.

Arshad Rahman, assistant director of the Attorney General's National Fraud Strategy, told The INQUIRER how it had developed a plan to demonstrate to industry how the government could be trusted with its data.

"The worst thing we can do is over-promise so we are doing a proof of concept," he said.

"We will see if we can record and secure that data securely, produce something that's usable and transmit it securely to others who can use it," he said.

"We need to address the data security issues early on," he said. "Once we can prove that, then we will go upscale."

The National Fraud Strategy is an all-industry national scheme being pursued by the Attorney General at the recommendation of its 2006 Fraud Review.

Rahman said the proof of concept would start "in the Spring" with just a limited number of business sectors sharing fraud data with the National Fraud Intelligence Bureau, which will be subsumed into the National Fraud Reporting Centre and Intelligence Bureau promised in the 2006 Fraud Review.

The pilot would run until next summer, after which it would be rolled out gradually to all sectors.

The PIPJIU, which is already a year behind schedule, has been unable to agree the terms on which its key members - the Metropolitan Police and the banks - can share data to combat fraud.

A source close to the effort told The INQUIRER that it had been held up because banking lawyers were concerned, so soon after the HMRC child benefits records fiasco, about the risks involved in giving their customer data to the public sector.

They were also uncertain of the legal basis on which police and financiers can share data about potential frauds, even though provisions being passed in the Serious Crime Bill should make this easier.

Rahman refused to say whether the Attorney General's fraud strategy was snarled up in the same problems as the PIPJIU.

Data protection is likely to be a concern for the banks if they do not trust the government not to lose their data. Data protection law says that organisations must make all reasonable security precautions.

In a press statement introducing the Fraud Strategy last March, the Attorney General used a quote from the Information Commissioner to justify its plans. But the ICO's support was given without reference to data protection law.

"Leaving aside data protection, we can certainly see advantages in there being a single place for individuals and businesses to go to report fraud, where the expertise will exist to act effectively when a report is received," said the ICO.

Rahman also refused to say whether the implementation of the Attorney General's fraud strategy would be contingent on the PIPJIU working out its data sharing problems. But he did say that he was working with closely the PIPJIU.

The national Fraud Bureau will be based on the PIPJIU, only rather than collecting fraud data from the banking industry and correlated public sector bodies alone, it will collect and compare fraud data from all industries.

Rahman said he had plans to meet with industry representatives he hoped would join the Fraud Bureau's proof of concept project. But he refused to say who they were or when he was meeting them.

The Attorney General's office led the INQUIRER to believe that if the first batch of industry bodies refuse to join the pilot, Rahman will have to call another batch in to persuade them to take part.

But the banking and insurance sectors have been vocal backers of the Fraud strategy and its constituent bodies since its inception.

The National Fraud Reporting Centre Working Group, which has been working on the implementation scheme for over a year, includes representatives from the banking and insurance sectors.

And the Attorney General's office said in a press statement last July: "A good deal of interest and enthusiasm for implementation of a national strategy and establishment of the NFSA, NFRC and Lead Force has already been generated amongst stakeholders."

A stakeholders group had also been formed. Rahman said he was presently talking to "just a few" industries about the scheme. Industry would not want to invest money setting up systems to transmit fraud data in the way the Fraud Centre wanted it until the centre had proved it could be effective.

The Attorney General has described the Fraud Centre and Bureau as a central repository of all data relating to frauds, suspected and actual. It will also track "suspicious activity".

However, a key component of the Fraud Strategy, which involved members of the public contributing similar information about suspected frauds, which Rahman said would include "names and numbers", will be deferred until the industry data sharing arrangements are working. Data protection laws make such plans even less certain. µ