The NICS is required by law to protect the public funds it administers. It may share information provided to it with bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Comptroller and Auditor General audits the accounts of NICS Departments and other HRConnect customers. The Comptroller and Auditor General is also responsible for carrying out data matching exercises by virtue of his powers under Articles 4A to 4G of the Audit and Accountability (Northern Ireland) Order 2003.
Data matching involves comparing the computer records held by different bodies to see how far they match. This is usually personal information. Computerised data matching allows fraudulent claims and payments to be identified. Where a match is found it indicates that there may be an inconsistency which requires further investigation. No assumption can be made as to whether there has been fraud, error or other explanation until an investigation is carried out.
The processing of personal data by the Comptroller and Auditor General in a data matching exercise is carried out with statutory authority under Article 6(1)(c) of the General Data Protection Regulation (GDPR), and therefore does not require the consent of the individual.
The Comptroller and Auditor General currently requires HRConnect customer organisations to participate in a data matching exercise at the end of September 2020 to assist in the prevention and detection of fraud. Participant organisations are required to provide particular sets of data including payroll information to the Comptroller and Auditor General. Further details of the data to be provided are set out on the Northern Ireland Audit Office website.
The data matching exercise is subject to a code of practice which can be found on the Northern Ireland Audit Office website.
For further information on the Comptroller and Auditor General’s legal powers and the reasons for matching particular information, please see the Level 3 notice on the Northern Ireland Audit Office website.
For more information about how NICSHR processes your personal data, please see the NICSHR Privacy Notice.