Counter Fraud privacy notice

In order to ensure effective counter-fraud service, the Council has to process certain information from you.

The London Borough of Barking and Dagenham (the ‘Council’) is committed to ensuring that your personal information is protected, used lawfully and respectfully and in a transparent manner.

The council collects, uses and is responsible for certain personal information about you. We are regulated under the General Data Protection Regulation (GDPR) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. The Data Protection Act 2018 also governs the use of Data and ensures we act within the law.

This privacy notice broadly explains the purpose for processing, the legal basis, categories of personal information collected, who we may share it with and your rights.

It applies to all personal information collected for or on behalf of the council whether by letter, email, face-to-face, telephone, online, or any other method.

Who we are

The Council is a local authority providing a broad range of local government services, including Council Tax billing, social services, processing planning applications, waste collection, etc. 

The Council is a registered data controller with the Information Commissioner’s Office (ICO), registration number Z7517364.

The following information informs you about what we do with your information.

This authority has a legal duty to protect the public funds it administers and may use information held about you for all lawful purposes including, but not limited to, the prevention and detection of crime including fraud and money laundering.

One of the primary objectives of the council’s Counter fraud Strategy is to ensure the prevention of fraud and corrupt acts and to ensure that any instances or allegations of these are investigated and dealt with effectively. As part of this strategy, we may conduct pro-active counter fraud reviews into transactions and records held across different business areas. They are designed specifically to identify unusual, incorrect, or potentially fraudulent transactions.

How we use your personal information

In order to ensure effective counter-fraud service, the Council has to process certain information from you. The processing of your information includes the collection, use, sharing (if appropriate), retention and destruction of your information.

The information we collect includes your name, address, contact number, and email address.  and is necessary for the contract with you. 

Lawful basis for processing your personal information

The legal basis for processing and or sharing your personal information is under articles 6(1)(c) and 6(1)(e) of the General Data Protection Regulations. We process your information as part of our compliance with a legal obligation and under our public tasking duties.

The legal basis for Counter Fraud investigations is set out below:

  • Section 151, Local Government Act 1972
  • The Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013
  • Local Audit and Accountability Act 2014 (Part 6)
  • Section 68 of the Serious Crime Act 2007
  • Prevention of Social Housing Fraud Act 2013
  • The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
  • Fraud Act 2006
  • Criminal Procedures and Investigations Act 1996
  • Schedule 2, Data Protection Act 2018
  • The Police & Criminal Evidence Act 1984 (PACE)

As a Local Authority, we are required to participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. This involves the provision of particular sets of data to the Minister for the Cabinet Office for matching, for each exercise, as detailed on the National Fraud Initiative page from GOV.UK.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information on the National Fraud Initiative privacy notice from GOV.UK.

We may disclose information you provide to a Specified Anti-Fraud Organisation (SAFO) for the purposes of preventing fraud. A SAFO enables or facilitates the sharing of information for the prevention of fraud and is specified by an order made by the Secretary of State. Disclosures of information from a public authority to a SAFO are subject to a Code of Practice and this, along with a full list of SAFOs we may share information with can be found on the Home Office website, see Data sharing for the prevention of fraud, Code of Practice.

We collect and process the following categories of personal information: 

  • Personal and family details
  • Lifestyle and social circumstances
  • Goods and services
  • Financial details
  • Employment and education details
  • Housing needs
  • Visual images, personal appearance and behaviour
  • Licenses or permits held
  • Student and pupil records
  • Business activities
  • Case file information
  • Criminal convictions and offences

We may also collect and process special categories of personal information that may include:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data, biometric data for the purpose of uniquely identifying a person
  • Data concerning health
  • Data concerning a person’s sex life or sexual orientation

Protecting your personal information

The Council endeavours to ensure that the services we provide comply with all data protection legislation, for example, the General Data Protection Regulations (GDPR), and the Data Protection Act 2018 (DPA 2018).

The Council has appropriate security and controls in place to prevent data loss, for example, hacking attempts, however, we cannot guarantee that the personal information you submit will not be intercepted.

Sharing your personal information

Where the Council seeks to disclose sensitive personal data about you, (such as medical details) to third parties, we will do so only with your prior express consent or where we are legally required or allowed to do.

The Council will not share your information with third parties unless we have a required to do so by law, or with your consent.

We will share personal information with law enforcement or other authorities if required by applicable law such as:

  • The Cabinet Office
  • Government agencies
  • Specified anti-fraud organisations (SAFOs)
  • The Police
  • Judicial agencies e.g. Courts
  • Department of work and pensions
  • HMRC
  • Local authorities
  • In certain circumstances employers
  • Credit reference agencies

We will only share information with these organisations where it is appropriate and legal to do so.  We may also share information, for example, if there is a risk of serious harm or threat to life. Where this is necessary, we are required to comply with all aspects of the General Data Protection Regulation and the Data Protection Act 2018.

CIFAS Fraud Database

The council participates in the CIFAS National Fraud Database. CIFAS is an independent, not-for-profit company trusted by the UK government. It runs a national fraud prevention network where personal information from public and private sector organisations like local authorities, police, utility companies and banks are kept and shared. These organisations record and share details of internal and external fraud attempted against their business.

The information is stored in secure databases and CIFAS members use this data and related intelligence in their processes for activities like verifying applications, preventing money laundering or screening staff.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by these fraud prevention agencies, and your data protection rights, can be found by visiting Fair Processing Notices for Cifas.

More information can also be found on the CIFAS website.

Retaining your personal information

The Council will only keep your information for as long as is necessary, for the minimum amount of time, for the purpose it was collected, and in line with statutory and/or business requirements.   

The standard retention period for anti-fraud records is 6 years. This is defined as 6 years after the last entry in a record.

Records must only be retained beyond the default retention period if their retention can be justified for statutory, regulatory, legal, or security reasons or for their historic value.

In cases where criminal prosecutions have taken place, data may be kept for a longer period to cater for appeals and retrials. The standard retention period for such cases is 7 years from the date of conviction. 

International Transfer of personal information

No information is being transferred outside the UK.

Automated decision-making/profiling

No processing involved automated decision-making or profiling.


To learn more about cookies, please go to our General Privacy Notice.

Your Individual Rights

To learn more about your Individual Rights, or how to raise a concern, please go to our General Privacy Notice