Who are we?

The Council is a local authority providing a broad range of local government services, including Council Tax billing, social services, processing planning applications, waste collection etc. 

The Council is a registered data controller with the Information Commissioner’s Office (ICO), registration number Z7517364.

The following information informs you about what we do with your information.

This authority has a legal duty to protect the public funds it administers and may use information held about you for all lawful purposes including, but not limited to, the prevention and detection of crime including fraud and money laundering.

One of the primary objectives of the council’s Counter fraud Strategy is to ensure the prevention of fraud and corrupt acts and to ensure that any instances or allegations of these are investigated and dealt with effectively. As part of this strategy, we may conduct pro-active counter fraud reviews into transactions and records held across different business areas. They are designed specifically to identify unusual, incorrect or potentially fraudulent transactions.

How we use your personal information 

In order to ensure an effective counter fraud service the Council has to process certain information from you. The processing of your information includes the collection, use, sharing (if appropriate), retention and destruction of your information.

The information we collect includes your name, address, contact number, email address.  and is necessary for the contract with you. 

Lawful basis for processing your personal information 

The legal basis for processing and or sharing your personal information is under article 6(1)(c) and 6(1)(e) of the General Data Protection Regulations. We process your information as part of our compliance with a legal obligation and under our public tasking duties.

The legal basis for Counter Fraud investigations is set out below:

• Section 151, Local Government Act 1972
• The Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013
• Local Audit and Accountability Act 2014 (Part 6)
• Section 68 of the Serious Crime Act 2007
• Prevention of Social Housing Fraud Act 2013
• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
• Fraud Act 2006
• Criminal Procedures and Investigations Act 1996
• Schedule 2, Data Protection Act 2018
• The Police & Criminal Evidence Act 1984 (PACE)

As a Local Authority we are required to participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. This involves the provision of particular sets of data to the Minister for the Cabinet Office for matching, for each exercise, as detailed on the National Fraud Initiative page from GOV.UK.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information on the National Fraud Initiative privacy notice from GOV.uk

We may disclose information you provide to a Specified Anti-Fraud Organisation (SAFO) for the purposes of preventing fraud. A SAFO enables or facilitates the sharing of information for the prevention of fraud and is specified by an order made by the Secretary of State. Disclosures of information from a public authority to a SAFO are subject to a Code of Practice and this, along with a full list of SAFO’s we may share information with can be found on the Home Office website, see data sharing for the prevention of fraud, Code of Practice from GOV.UK.

Categories of personal information

We collect and process the following:

• personal and family details
• lifestyle and social circumstances
• goods and services
• financial details
• employment and education details
• housing needs
• visual images, personal appearance and behaviour
• licenses or permits held
• student and pupil records
• business activities
• case file information
• criminal convictions and offences

We may also collect and process special categories of personal information that may include:

• racial or ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data, biometric data for the purpose of uniquely identifying a person
• data concerning health
• data concerning a person’s sex life or sexual orientation

Protecting your personal information 

The Council endeavours to ensure that the services we provide comply with all data protection legislation, for example, the General Data Protection Regulations (GDPR), and the Data Protection Act 2018 (DPA 2018). 

The Council has appropriate security and controls in place to prevent data loss, for example, hacking attempts, however, we cannot guarantee that the personal information you submit will not be intercepted.

Sharing your personal information 

Where the Council seeks to disclose sensitive personal data about you, (such as medical details) to third parties, we will do so only with your prior express consent or where we are legally required or allowed to do.

The Council will not share your information with third parties unless we have a required to do so by law, or with your consent.

We will share personal information with law enforcement or other authorities if required by applicable law such as:

• The Cabinet Office
• Government agencies
• Specified anti-fraud organisations (SAFOs)
• The Police
• Judicial agencies e.g. Courts
• Department of work and pensions
• HMRC
• Local authorities
• In certain circumstances employers
• Credit reference agencies

We will only share information with these organisations where it is appropriate and legal to do so.  We may also share information, for example, if there is a risk of serious harm or threat to life. Where this is necessary, we are required to comply with all aspects of the General Data Protection Regulation and the Data Protection Act 2018.

CIFAS Fraud Database

The council participates in the CIFAS National Fraud Database. CIFAS is an independent, not-for profit company trusted by the UK government. It runs a national fraud prevention network where personal information from public and private sector organisations like local authorities, police, utility companies and banks are kept and shared. These organisations record and share details of internal and external fraud attempted against their business.

The information is stored in secure databases and CIFAS members use this data and related intelligence in their processes for activities like verifying applications, preventing money laundering or screening staff.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by these fraud prevention agencies, and your data protection rights, can be found by visiting Fair Processing Notices for Cifas

More information can also be found on the CIFAS website

Retaining your personal information 

The Council will only keep your information for as long as is necessary, for the minimum amount of time, for the purpose it was collected, and in line with statutory and/or business requirements.   

The standard retention period for counter fraud records is 6 years. This is defined as 6 years after the last entry in a record.

Records must only be retained beyond the default retention period if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value.

In cases where criminal prosecutions have taken place data may be kept for a longer period to cater for appeals and retrials. The standard retention period for such cases is 7 years from the date of conviction. 

International transfer of personal information 

No information is transferred outside the UK

Automated decision-making/profiling

No processing involved automated decision making or profiling.

Cookies

To learn more about cookies, please visit our general privacy notice page. 

Your Individual Rights

To learn more about your Individual Rights, or how to raise a concern, please visit our general privacy notice page.

Last reviewed 

9 April 2026