F1PART 2A DATA MATCHING
26DDisclosure of results of data matching
1
This section applies to the following data—
a
data relating to a particular person obtained by or on behalf of Audit Scotland for the purpose of carrying out a data matching exercise, and
b
the results of such an exercise.
2
Data to which this section applies may be disclosed by or on behalf of Audit Scotland if the disclosure is—
a
for, or in connection with, a purpose for which a data matching exercise is carried out,
b
to a Scottish audit agency, or a related party, for, or in connection with a function of that audit agency under—
i
Part 2 of this Act, or
ii
Part 7 of the Local Government (Scotland) Act 1973 (c.65) (finance),
c
to a United Kingdom audit agency, or a related party, for, or in connection with, a function of that audit agency corresponding or similar to—
i
the functions of a Scottish audit agency, or
ii
the functions of Audit Scotland under this Part, or
d
in pursuance of a duty imposed by or under an enactment.
3
“Scottish audit agency”, for the purpose of subsections (2)(b) and (c)(i), means—
a
the Auditor General, or
b
the Accounts Commission.
4
“United Kingdom audit agency”, for the purposes of subsection (2)(c), means—
a
the National Audit Office,
b
the Audit Commission for Local Authorities and the National Health Service in England,
c
the Auditor General for Wales,
d
the Comptroller and Auditor General for Northern Ireland, or
e
a person designated as a local government auditor under article 4 of the Local Government (Northern Ireland) Order 2005 (S.I. 2005/1968 (NI.18)).
5
“Related party”, in relation to a Scottish or United Kingdom audit agency means—
a
a person acting on its behalf,
b
a body or office holder whose accounts are required to be audited by it or by a person appointed by it, or
c
a person appointed by it to audit those accounts.
6
If the data used for a data matching exercise includes patient data—
a
subsection (2)(a) applies only so far as the purpose for which the disclosure is made relates to a relevant NHS body, and
b
subsection (2)(b) or (c) applies only so far as the function for, or in connection with, which the disclosure is made relates to such a body.
7
In subsection (6)—
“patient data” has the same meaning as section 26B(4), and
“relevant NHS body” means—
- a
an NHS body as defined in section 22(1) of the Community Care and Health (Scotland) Act 2002 (asp 5),
- b
a health service body as defined in section 53(1) of the Audit Commission Act 1998 (c.18),
- c
a Welsh NHS body as defined in section 60 of the Public Audit (Wales) Act 2004 (c.23),
- d
a
- a
8
Data disclosed under subsection (2) may not be further disclosed except—
a
for, or in connection with—
i
the purpose for which it was disclosed under subsection (2)(a), or
ii
the function for which it was disclosed under subsection (2)(b) or (c),
b
otherwise for the investigation or prosecution of an offence, or
c
in pursuance of a duty imposed by or under an enactment.
9
Except as authorised by subsections (2) and (8), a person who discloses data to which this section applies is guilty of an offence and liable—
a
on summary conviction, to imprisonment for a term not exceeding 12 months, to a fine or to both, or
b
on conviction on indictment, to imprisonment for a term not exceeding two years, to a fine or to both.
Pt. 2A (ss. 26A-26G) inserted (6.10.2010) by Criminal Justice and Licensing (Scotland) Act 2010 (asp 13), ss. 97(3), 206(1); S.S.I. 2010/339, art. 2