Sch. 7 para. 4 in force at 1.3.2008 for specified purposes by S.I. 2008/219, art. 3(i)

Sch. 7 para. 4 in force at 6.4.2008 in so far as not already in force by S.I. 2008/755, art. 16(a)

http://www.legislation.gov.uk/ukpga/2007/27/schedule/7/paragraph/4/2008-04-06Serious Crime Act 2007An Act to make provision about serious crime prevention orders; to create offences in respect of the encouragement or assistance of crime; to enable information to be shared or processed to prevent fraud or for purposes relating to proceeds of crime; to enable data matching to be conducted both in relation to fraud and for other purposes; to transfer functions of the Director of the Assets Recovery Agency to the Serious Organised Crime Agency and other persons and to make further provision in connection with the abolition of the Agency and the office of Director; to amend the Proceeds of Crime Act 2002 in relation to certain investigations and in relation to accredited financial investigators, management receivers and enforcement receivers, cash recovery proceedings and search warrants; to extend stop and search powers in connection with incidents involving serious violence; to make amendments relating to Her Majesty's Revenue and Customs in connection with the regulation of investigatory powers; and for connected purposes.texttext/xmlenStatute Law Database2024-05-18Expert Participation2008-04-06SCHEDULESSCHEDULE 7Data matchingPart 2Data matching: Wales4

After Part 3 of the Public Audit (Wales) Act 2004 (c. 23) insert—Part 3AData matching

64APower to conduct data matching exercises(1)

The Auditor General for Wales may conduct data matching exercises or arrange for them to be conducted on his behalf.

(2)

A data matching exercise is an exercise involving the comparison of sets of data to determine how far they match (including the identification of any patterns and trends).

(3)

The power in subsection (1) is exercisable for the purpose of assisting in the prevention and detection of fraud in or with respect to Wales.

(4)

That assistance may, but need not, form part of an audit.

(5)

A data matching exercise may not be used to identify patterns and trends in an individual's characteristics or behaviour which suggest nothing more than his potential to commit fraud in the future.

(6)

In the following provisions of this Part, reference to a data matching exercise is to an exercise conducted or arranged to be conducted under this section.

64BMandatory provision of data(1)

The Auditor General for Wales may require—

(a)

any body mentioned in subsection (2), and

(b)

any officer or member of such a body,

to provide the Auditor General or a person acting on his behalf with such data (and in such form) as the Auditor General or that person may reasonably require for the purpose of conducting data matching exercises.

(2)

The bodies are—

(a)

a local government body in Wales (as defined in section 12(1));

(b)

a Welsh NHS body (as defined in section 60).

(3)

A person who without reasonable excuse fails to comply with a requirement of the Auditor General under subsection (1)(b) is guilty of an offence and liable on summary conviction—

(a)

to a fine not exceeding level 3 on the standard scale, and

(b)

to an additional fine not exceeding £20 for each day on which the offence continues after conviction for that offence.

(4)

If an officer or member of a body is convicted of an offence under subsection (3), any expenses incurred by the Auditor General in connection with proceedings for the offence, so far as not recovered from any other source, are recoverable from that body.

64CVoluntary provision of data(1)

If the Auditor General for Wales thinks it appropriate to conduct a data matching exercise using data held by or on behalf of a body or person not subject to section 64B, the data may be disclosed to the Auditor General or a person acting on his behalf.

(2)

A disclosure under subsection (1) does not breach—

(a)

any obligation of confidence owed by a person making the disclosure, or

(b)

any other restriction on the disclosure of information (however imposed).

(3)

But nothing in this section authorises a disclosure which—

(a)

contravenes the Data Protection Act 1998 (c. 29), or

(b)

is prohibited by Part 1 of the Regulation of Investigatory Powers Act 2000 (c. 23).

(4)

Data may not be disclosed under subsection (1) if the data comprise or include patient data.

(5)

Patient data” means data relating to an individual which are held for medical purposes (within the meaning of section 251 of the National Health Service Act 2006 (c. 41)) and from which the individual can be identified.

(6)

This section does not limit the circumstances in which data may be disclosed apart from this section.

(7)

Data matching exercises may include data provided by a body or person outside England and Wales.

64DDisclosure of results of data matching etc(1)

This section applies to the following information—

(a)

information relating to a particular body or person obtained by or on behalf of the Auditor General for Wales for the purpose of conducting a data matching exercise,

(b)

the results of any such exercise.

(2)

Information to which this section applies may be disclosed by or on behalf of the Auditor General for Wales if the disclosure is—

(a)

for or in connection with a purpose for which the data matching exercise is conducted,

(b)

to a body mentioned in subsection (3) (or a related party) for or in connection with a function of that body corresponding or similar to the functions of an auditor under Chapter 1 of Part 2 or the functions of the Auditor General under Part 3 or this Part, or

(c)

in pursuance of a duty imposed by or under a statutory provision.

(3)

The bodies are—

(a)

the Audit Commission,

(b)

the Auditor General for Scotland,

(c)

the Accounts Commission for Scotland,

(d)

Audit Scotland,

(e)

the Comptroller and Auditor General for Northern Ireland,

(f)

a person designated as a local government auditor under Article 4 of the Local Government (Northern Ireland) Order 2005 (S.I. 2005/1968 (N.I.18)).

(4)

Related party”, in relation to a body mentioned in subsection (3), means—

(a)

a body or person acting on its behalf,

(b)

a body whose accounts are required to be audited by it or by a person appointed by it,

(c)

a person appointed by it to audit those accounts.

(5)

If the data used for a data matching exercise include patient data—

(a)

subsection (2)(a) applies only so far as the purpose for which the disclosure is made relates to a relevant NHS body,

(b)

subsection (2)(b) applies only so far as the function for or in connection with which the disclosure is made relates to such a body.

(6)

In subsection (5)—

(a)

patient data” has the same meaning as in section 64C,

(b)

relevant NHS body” means—

(i)

a Welsh NHS body as defined in section 60,

(ii)

a health service body as defined in section 53(1) of the Audit Commission Act 1998 (c. 18),

(iii)

an NHS body as defined in section 22(1) of the Community Care and Health (Scotland) Act 2002 (asp 5),

(iv)

a body to which Article 90 of the Health and Personal Social Services (Northern Ireland) Order 1972 (S.I. 1972/1265 (N.I.14)) applies.

(7)

Information disclosed under subsection (2) may not be further disclosed except—

(a)

for or in connection with the purpose for which it was disclosed under paragraph (a) or the function for which it was disclosed under paragraph (b) of that subsection,

(b)

for the investigation or prosecution of an offence (so far as the disclosure does not fall within paragraph (a)), or

(c)

in pursuance of a duty imposed by or under a statutory provision.

(8)

Except as authorised by subsections (2) and (7), a person who discloses information to which this section applies is guilty of an offence and liable—

(a)

on conviction on indictment, to imprisonment for a term not exceeding two years, to a fine or to both, or

(b)

on summary conviction, to imprisonment for a term not exceeding 12 months, to a fine not exceeding the statutory maximum or to both.

(9)

Section 54 does not apply to information to which this section applies.

(10)

In this section “statutory provision” has the meaning given in section 59(8).

64EPublication(1)

Nothing in section 64D prevents the Auditor General for Wales from publishing a report on a data matching exercise (including on the results of the exercise).

(2)

But the report may not include information relating to a particular body or person if—

(a)

the body or person is the subject of any data included in the data matching exercise,

(b)

the body or person can be identified from the information, and

(c)

the information is not otherwise in the public domain.

(3)

A report published under this section may be published in any manner which the Auditor General considers appropriate for bringing it to the attention of those members of the public who may be interested.

(4)

This section does not affect any powers of an auditor or the Auditor General where the data matching exercise in question forms part of an audit under Part 2 or 3.

64FFees for data matching(1)

The Auditor General for Wales must prescribe a scale or scales of fees in respect of data matching exercises.

(2)

A body required under section 64B(1) to provide data for a data matching exercise must pay to the Auditor General the fee applicable to that exercise in accordance with the appropriate scale.

(3)

But if it appears to the Auditor General that the work involved in the exercise was substantially more or less than that envisaged by the appropriate scale, the Auditor General may charge the body a fee which is larger or smaller than that referred to in subsection (2).

(4)

Before prescribing a scale of fees under this section, the Auditor General must consult—

(a)

the bodies mentioned in section 64B(2), and

(b)

such other bodies or persons as the Auditor General thinks fit.

(5)

If the Welsh Ministers consider it necessary or desirable to do so, they may by regulations prescribe a scale or scales of fees to have effect, for such period as is specified in the regulations, in place of any scale or scales of fees prescribed by the Auditor General and, if they do so, references in this section to the appropriate scale are to be read as respects that period as references to the appropriate scale prescribed by the Welsh Ministers.

(6)

Before making any regulations under subsection (5), the Welsh Ministers must consult—

(a)

the Auditor General for Wales, and

(b)

such other bodies or persons as they think fit.

(7)

The power under subsection (5) is exercisable by statutory instrument subject to annulment in pursuance of a resolution of the Assembly.

(8)

In addition to the power under subsection (2), the Auditor General may charge a fee to any other body or person providing data for or receiving the results of a data matching exercise, such fee to be payable in accordance with terms agreed between the Auditor General and that body or person.

64GCode of data matching practice(1)

The Auditor General for Wales must prepare, and keep under review, a code of practice with respect to data matching exercises.

(2)

Regard must be had to the code in conducting and participating in any such exercise.

(3)

Before preparing or altering the code, the Auditor General must consult the bodies mentioned in section 64B(2), the Information Commissioner and such other bodies or persons as the Auditor General thinks fit.

(4)

The Auditor General must—

(a)

lay a copy of the code, and of any alterations made to the code, before the Assembly, and

(b)

from time to time publish the code as for the time being in force.

64HPowers of Secretary of State(1)

The Secretary of State may by order amend this Part—

(a)

to add any purpose mentioned in subsection (2) to the purposes for which data matching exercises may be conducted,

(b)

to modify the application of this Part in relation to a purpose so added.

(2)

The purposes which may be added are—

(a)

to assist in the prevention and detection of crime (other than fraud) in or with respect to Wales,

(b)

to assist in the apprehension and prosecution of offenders in or with respect to Wales,

(c)

to assist in the recovery of debt owing to Welsh public bodies.

(3)

The Secretary of State may by order amend this Part—

(a)

to add a Welsh public body to the list of bodies in section 64B(2),

(b)

to modify the application of this Part in relation to a body so added,

(c)

to remove a body from that list.

(4)

Before making an order under this section, the Secretary of State must consult the Auditor General for Wales.

(5)

An order under this section—

(a)

is to be made by statutory instrument, and

(b)

may include such incidental, consequential, supplemental or transitional provision as the Secretary of State thinks fit.

(6)

No order under this section may be made unless a draft of the statutory instrument has been laid before, and approved by a resolution of, each House of Parliament.

(7)

In this section “Welsh public body” means a public body (as defined in section 12(3)) whose functions relate exclusively to Wales or an area of Wales.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<akomaNtoso xmlns:uk="https://www.legislation.gov.uk/namespaces/UK-AKN" xmlns:ukl="http://www.legislation.gov.uk/namespaces/legislation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/legaldocml/ns/akn/3.0" xsi:schemaLocation="http://docs.oasis-open.org/legaldocml/ns/akn/3.0 http://docs.oasis-open.org/legaldocml/akn-core/v1.0/cos01/part2-specs/schemas/akomantoso30.xsd">
<act name="ukpga">
<meta>
<identification source="#">
<FRBRWork>
<FRBRthis value="http://www.legislation.gov.uk/id/ukpga/2007/27"/>
<FRBRuri value="http://www.legislation.gov.uk/id/ukpga/2007/27"/>
<FRBRdate date="2007-10-30" name="enacted"/>
<FRBRauthor href="http://www.legislation.gov.uk/id/legislature/UnitedKingdomParliament"/>
<FRBRcountry value="GB-UKM"/>
<FRBRnumber value="27"/>
<FRBRname value="2007 c. 27"/>
<FRBRprescriptive value="true"/>
</FRBRWork>
<FRBRExpression>
<FRBRthis value="http://www.legislation.gov.uk/ukpga/2007/27/2008-04-06"/>
<FRBRuri value="http://www.legislation.gov.uk/ukpga/2007/27/2008-04-06"/>
<FRBRdate date="2008-04-06" name="validFrom"/>
<FRBRauthor href="#"/>
<FRBRlanguage language="eng"/>
</FRBRExpression>
<FRBRManifestation>
<FRBRthis value="http://www.legislation.gov.uk/ukpga/2007/27/2008-04-06/data.akn"/>
<FRBRuri value="http://www.legislation.gov.uk/ukpga/2007/27/2008-04-06/data.akn"/>
<FRBRdate date="2024-11-30Z" name="transform"/>
<FRBRauthor href="http://www.legislation.gov.uk"/>
<FRBRformat value="application/akn+xml"/>
</FRBRManifestation>
</identification>
<lifecycle source="#">
<eventRef refersTo="#enactment" date="2007-10-30" eId="date-enacted" source="#"/>
<eventRef date="2008-04-06" eId="date-2008-04-06" source="#"/>
<eventRef date="2008-04-28" eId="date-2008-04-28" source="#"/>
<eventRef date="2008-10-01" eId="date-2008-10-01" source="#"/>
<eventRef date="2015-04-01" eId="date-2015-04-01" source="#"/>
</lifecycle>
<analysis source="#">
<restrictions source="#">
<restriction refersTo="#extent-e+w+s+ni" type="jurisdiction"/>
<restriction href="#schedules" refersTo="#extent-e+w+s+ni" type="jurisdiction"/>
<restriction href="#schedule-7" refersTo="#extent-e+w+ni" type="jurisdiction"/>
<restriction href="#schedule-7-part-2" refersTo="#extent-e+w" type="jurisdiction"/>
<restriction refersTo="#period-from-2008-04-06-to-2008-04-28" type="jurisdiction"/>
<restriction href="#schedules" refersTo="#period-from-2008-04-06-to-2008-10-01" type="jurisdiction"/>
<restriction href="#schedule-7" refersTo="#period-from-2008-04-06-to-2015-04-01" type="jurisdiction"/>
<restriction href="#schedule-7-part-2" refersTo="#period-from-2008-04-06" type="jurisdiction"/>
<restriction href="#schedule-7-paragraph-4" refersTo="#period-from-2008-04-06" type="jurisdiction"/>
</restrictions>
<otherAnalysis source="">
<uk:commentary href="#schedule-7-paragraph-4" refersTo="#key-175a437a2c31d35cb19207415de44d04"/>
<uk:commentary href="#schedule-7-paragraph-4" refersTo="#key-8dd722ab0ad25aeda14c50e14e46c1d7"/>
</otherAnalysis>
</analysis>
<temporalData source="#">
<temporalGroup eId="period-from-2008-04-06">
<timeInterval start="#date-2008-04-06" refersTo="#"/>
</temporalGroup>
<temporalGroup eId="period-from-2008-04-06-to-2008-04-28">
<timeInterval start="#date-2008-04-06" end="#date-2008-04-28" refersTo="#"/>
</temporalGroup>
<temporalGroup eId="period-from-2008-04-06-to-2008-10-01">
<timeInterval start="#date-2008-04-06" end="#date-2008-10-01" refersTo="#"/>
</temporalGroup>
<temporalGroup eId="period-from-2008-04-06-to-2015-04-01">
<timeInterval start="#date-2008-04-06" end="#date-2015-04-01" refersTo="#"/>
</temporalGroup>
</temporalData>
<references source="#">
<TLCEvent eId="enactment" href="" showAs="EnactmentDate"/>
<TLCLocation eId="extent-e+w+s+ni" href="" showAs="E+W+S+N.I."/>
<TLCLocation eId="extent-e+w+ni" href="" showAs="E+W+N.I."/>
<TLCLocation eId="extent-e+w" href="" showAs="E+W"/>
</references>
<notes source="#">
<note ukl:Name="Commentary" ukl:Type="I" class="commentary I" eId="key-175a437a2c31d35cb19207415de44d04" marker="I1">
<p>
<ref eId="cye5yka41-00115" class="subref" href="http://www.legislation.gov.uk/id/ukpga/2007/27/schedule/7/paragraph/4">Sch. 7 para. 4</ref>
in force at 1.3.2008 for specified purposes by
<ref eId="cye5yka41-00116" href="http://www.legislation.gov.uk/id/uksi/2008/219">S.I. 2008/219</ref>
,
<ref eId="cye5yka41-00117" class="subref operative" href="http://www.legislation.gov.uk/id/uksi/2008/219/article/3/i">art. 3(i)</ref>
</p>
</note>
<note ukl:Name="Commentary" ukl:Type="I" class="commentary I" eId="key-8dd722ab0ad25aeda14c50e14e46c1d7" marker="I2">
<p>
<ref eId="cye9a8vq1-00945" class="subref" href="http://www.legislation.gov.uk/id/ukpga/2007/27/schedule/7/paragraph/4">Sch. 7 para. 4</ref>
in force at 6.4.2008 in so far as not already in force by
<ref eId="cye9a8vq1-00946" href="http://www.legislation.gov.uk/id/uksi/2008/755">S.I. 2008/755</ref>
,
<ref eId="cye9a8vq1-00947" class="subref operative" href="http://www.legislation.gov.uk/id/uksi/2008/755/article/16/a">art. 16(a)</ref>
</p>
</note>
</notes>
<proprietary xmlns:ukm="http://www.legislation.gov.uk/namespaces/metadata" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" source="#">
<dc:identifier>http://www.legislation.gov.uk/ukpga/2007/27/schedule/7/paragraph/4/2008-04-06</dc:identifier>
<dc:title>Serious Crime Act 2007</dc:title>
<dc:description>An Act to make provision about serious crime prevention orders; to create offences in respect of the encouragement or assistance of crime; to enable information to be shared or processed to prevent fraud or for purposes relating to proceeds of crime; to enable data matching to be conducted both in relation to fraud and for other purposes; to transfer functions of the Director of the Assets Recovery Agency to the Serious Organised Crime Agency and other persons and to make further provision in connection with the abolition of the Agency and the office of Director; to amend the Proceeds of Crime Act 2002 in relation to certain investigations and in relation to accredited financial investigators, management receivers and enforcement receivers, cash recovery proceedings and search warrants; to extend stop and search powers in connection with incidents involving serious violence; to make amendments relating to Her Majesty's Revenue and Customs in connection with the regulation of investigatory powers; and for connected purposes.</dc:description>
<dc:type>text</dc:type>
<dc:format>text/xml</dc:format>
<dc:language>en</dc:language>
<dc:publisher>Statute Law Database</dc:publisher>
<dc:modified>2024-05-18</dc:modified>
<dc:contributor>Expert Participation</dc:contributor>
<dct:valid>2008-04-06</dct:valid>
<ukm:PrimaryMetadata>
<ukm:DocumentClassification>
<ukm:DocumentCategory Value="primary"/>
<ukm:DocumentMainType Value="UnitedKingdomPublicGeneralAct"/>
<ukm:DocumentStatus Value="revised"/>
</ukm:DocumentClassification>
<ukm:Year Value="2007"/>
<ukm:Number Value="27"/>
<ukm:EnactmentDate Date="2007-10-30"/>
<ukm:ISBN Value="9780105427070"/>
</ukm:PrimaryMetadata>
<ukm:Notes>
<ukm:Note IdURI="http://www.legislation.gov.uk/id/ukpga/2007/27/notes"/>
<ukm:Alternatives>
<ukm:Alternative Date="2008-01-31" URI="http://www.legislation.gov.uk/ukpga/2007/27/pdfs/ukpgaen_20070027_en.pdf" Title="Explanatory Note"/>
</ukm:Alternatives>
</ukm:Notes>
<ukm:Alternatives>
<ukm:Alternative Date="2008-01-31" URI="http://www.legislation.gov.uk/ukpga/2007/27/pdfs/ukpga_20070027_en.pdf" Title="Print Version"/>
</ukm:Alternatives>
<ukm:Statistics>
<ukm:TotalParagraphs Value="722"/>
<ukm:BodyParagraphs Value="101"/>
<ukm:ScheduleParagraphs Value="621"/>
<ukm:AttachmentParagraphs Value="0"/>
<ukm:TotalImages Value="0"/>
</ukm:Statistics>
</proprietary>
</meta>
<body>
<hcontainer name="schedules" eId="schedules">
<heading>SCHEDULES</heading>
<hcontainer name="schedule" eId="schedule-7">
<num>SCHEDULE 7</num>
<heading>Data matching</heading>
<part eId="schedule-7-part-2">
<num>
<b>Part 2</b>
</num>
<heading>Data matching: Wales</heading>
<paragraph eId="schedule-7-paragraph-4" uk:target="true" class="schProv1">
<num>4</num>
<content>
<p>
<mod>
After Part 3 of the Public Audit (Wales) Act 2004 (c. 23) insert—
<quotedStructure startQuote="" endQuote="" uk:context="unknown" uk:docName="unknown" ukl:TargetClass="unknown" ukl:TargetSubClass="unknown" ukl:Context="unknown" ukl:Format="default">
<part>
<num>
<b>Part 3A</b>
</num>
<heading>Data matching</heading>
<section>
<num>64A</num>
<heading>Power to conduct data matching exercises</heading>
<subsection>
<num>(1)</num>
<content>
<p>The Auditor General for Wales may conduct data matching exercises or arrange for them to be conducted on his behalf.</p>
</content>
</subsection>
<subsection>
<num>(2)</num>
<content>
<p>A data matching exercise is an exercise involving the comparison of sets of data to determine how far they match (including the identification of any patterns and trends).</p>
</content>
</subsection>
<subsection>
<num>(3)</num>
<content>
<p>The power in subsection (1) is exercisable for the purpose of assisting in the prevention and detection of fraud in or with respect to Wales.</p>
</content>
</subsection>
<subsection>
<num>(4)</num>
<content>
<p>That assistance may, but need not, form part of an audit.</p>
</content>
</subsection>
<subsection>
<num>(5)</num>
<content>
<p>A data matching exercise may not be used to identify patterns and trends in an individual's characteristics or behaviour which suggest nothing more than his potential to commit fraud in the future.</p>
</content>
</subsection>
<subsection>
<num>(6)</num>
<content>
<p>In the following provisions of this Part, reference to a data matching exercise is to an exercise conducted or arranged to be conducted under this section.</p>
</content>
</subsection>
</section>
<section>
<num>64B</num>
<heading>Mandatory provision of data</heading>
<subsection>
<num>(1)</num>
<intro>
<p>The Auditor General for Wales may require—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>any body mentioned in subsection (2), and</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>any officer or member of such a body,</p>
</content>
</level>
<wrapUp>
<p>to provide the Auditor General or a person acting on his behalf with such data (and in such form) as the Auditor General or that person may reasonably require for the purpose of conducting data matching exercises.</p>
</wrapUp>
</subsection>
<subsection>
<num>(2)</num>
<intro>
<p>The bodies are—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>a local government body in Wales (as defined in section 12(1));</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>
a Welsh
<abbr class="acronym" title="National Health Service">NHS</abbr>
body (as defined in section 60).
</p>
</content>
</level>
</subsection>
<subsection>
<num>(3)</num>
<intro>
<p>A person who without reasonable excuse fails to comply with a requirement of the Auditor General under subsection (1)(b) is guilty of an offence and liable on summary conviction—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>to a fine not exceeding level 3 on the standard scale, and</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>to an additional fine not exceeding £20 for each day on which the offence continues after conviction for that offence.</p>
</content>
</level>
</subsection>
<subsection>
<num>(4)</num>
<content>
<p>If an officer or member of a body is convicted of an offence under subsection (3), any expenses incurred by the Auditor General in connection with proceedings for the offence, so far as not recovered from any other source, are recoverable from that body.</p>
</content>
</subsection>
</section>
<section>
<num>64C</num>
<heading>Voluntary provision of data</heading>
<subsection>
<num>(1)</num>
<content>
<p>If the Auditor General for Wales thinks it appropriate to conduct a data matching exercise using data held by or on behalf of a body or person not subject to section 64B, the data may be disclosed to the Auditor General or a person acting on his behalf.</p>
</content>
</subsection>
<subsection>
<num>(2)</num>
<intro>
<p>A disclosure under subsection (1) does not breach—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>any obligation of confidence owed by a person making the disclosure, or</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>any other restriction on the disclosure of information (however imposed).</p>
</content>
</level>
</subsection>
<subsection>
<num>(3)</num>
<intro>
<p>But nothing in this section authorises a disclosure which—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>contravenes the Data Protection Act 1998 (c. 29), or</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>is prohibited by Part 1 of the Regulation of Investigatory Powers Act 2000 (c. 23).</p>
</content>
</level>
</subsection>
<subsection>
<num>(4)</num>
<content>
<p>Data may not be disclosed under subsection (1) if the data comprise or include patient data.</p>
</content>
</subsection>
<subsection>
<num>(5)</num>
<content>
<p>
<term refersTo="#term-patient-data">Patient data</term>
” means data relating to an individual which are held for medical purposes (within the meaning of section 251 of the National Health Service Act 2006 (c. 41)) and from which the individual can be identified.
</p>
</content>
</subsection>
<subsection>
<num>(6)</num>
<content>
<p>This section does not limit the circumstances in which data may be disclosed apart from this section.</p>
</content>
</subsection>
<subsection>
<num>(7)</num>
<content>
<p>Data matching exercises may include data provided by a body or person outside England and Wales.</p>
</content>
</subsection>
</section>
<section>
<num>64D</num>
<heading>
Disclosure of results of data matching
<abbr title="Et cetera" xml:lang="la">etc</abbr>
</heading>
<subsection>
<num>(1)</num>
<intro>
<p>This section applies to the following information—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>information relating to a particular body or person obtained by or on behalf of the Auditor General for Wales for the purpose of conducting a data matching exercise,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>the results of any such exercise.</p>
</content>
</level>
</subsection>
<subsection>
<num>(2)</num>
<intro>
<p>Information to which this section applies may be disclosed by or on behalf of the Auditor General for Wales if the disclosure is—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>for or in connection with a purpose for which the data matching exercise is conducted,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>to a body mentioned in subsection (3) (or a related party) for or in connection with a function of that body corresponding or similar to the functions of an auditor under Chapter 1 of Part 2 or the functions of the Auditor General under Part 3 or this Part, or</p>
</content>
</level>
<level class="para1">
<num>(c)</num>
<content>
<p>in pursuance of a duty imposed by or under a statutory provision.</p>
</content>
</level>
</subsection>
<subsection>
<num>(3)</num>
<intro>
<p>The bodies are—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>the Audit Commission,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>the Auditor General for Scotland,</p>
</content>
</level>
<level class="para1">
<num>(c)</num>
<content>
<p>the Accounts Commission for Scotland,</p>
</content>
</level>
<level class="para1">
<num>(d)</num>
<content>
<p>Audit Scotland,</p>
</content>
</level>
<level class="para1">
<num>(e)</num>
<content>
<p>the Comptroller and Auditor General for Northern Ireland,</p>
</content>
</level>
<level class="para1">
<num>(f)</num>
<content>
<p>
a person designated as a local government auditor under Article 4 of the Local Government (Northern Ireland) Order 2005 (
<abbr class="acronym" title="Statutory Instrument">S.I.</abbr>
2005/1968 (N.I.18)).
</p>
</content>
</level>
</subsection>
<subsection>
<num>(4)</num>
<intro>
<p>
<term refersTo="#term-related-party">Related party</term>
”, in relation to a body mentioned in subsection (3), means—
</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>a body or person acting on its behalf,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>a body whose accounts are required to be audited by it or by a person appointed by it,</p>
</content>
</level>
<level class="para1">
<num>(c)</num>
<content>
<p>a person appointed by it to audit those accounts.</p>
</content>
</level>
</subsection>
<subsection>
<num>(5)</num>
<intro>
<p>If the data used for a data matching exercise include patient data—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>
subsection (2)(a) applies only so far as the purpose for which the disclosure is made relates to a relevant
<abbr class="acronym" title="National Health Service">NHS</abbr>
body,
</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>subsection (2)(b) applies only so far as the function for or in connection with which the disclosure is made relates to such a body.</p>
</content>
</level>
</subsection>
<subsection>
<num>(6)</num>
<intro>
<p>In subsection (5)—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>
<term refersTo="#term-patient-data">patient data</term>
” has the same meaning as in section 64C,
</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<intro>
<p>
<term refersTo="#term-relevant-nhs-body">
relevant
<abbr class="acronym" title="National Health Service">NHS</abbr>
body
</term>
” means—
</p>
</intro>
<level class="para2">
<num>(i)</num>
<content>
<p>
a Welsh
<abbr class="acronym" title="National Health Service">NHS</abbr>
body as defined in section 60,
</p>
</content>
</level>
<level class="para2">
<num>(ii)</num>
<content>
<p>a health service body as defined in section 53(1) of the Audit Commission Act 1998 (c. 18),</p>
</content>
</level>
<level class="para2">
<num>(iii)</num>
<content>
<p>
an
<abbr class="acronym" title="National Health Service">NHS</abbr>
body as defined in section 22(1) of the Community Care and Health (Scotland) Act 2002 (asp 5),
</p>
</content>
</level>
<level class="para2">
<num>(iv)</num>
<content>
<p>
a body to which Article 90 of the Health and Personal Social Services (Northern Ireland) Order 1972 (
<abbr class="acronym" title="Statutory Instrument">S.I.</abbr>
1972/1265 (N.I.14)) applies.
</p>
</content>
</level>
</level>
</subsection>
<subsection>
<num>(7)</num>
<intro>
<p>Information disclosed under subsection (2) may not be further disclosed except—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>for or in connection with the purpose for which it was disclosed under paragraph (a) or the function for which it was disclosed under paragraph (b) of that subsection,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>for the investigation or prosecution of an offence (so far as the disclosure does not fall within paragraph (a)), or</p>
</content>
</level>
<level class="para1">
<num>(c)</num>
<content>
<p>in pursuance of a duty imposed by or under a statutory provision.</p>
</content>
</level>
</subsection>
<subsection>
<num>(8)</num>
<intro>
<p>Except as authorised by subsections (2) and (7), a person who discloses information to which this section applies is guilty of an offence and liable—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>on conviction on indictment, to imprisonment for a term not exceeding two years, to a fine or to both, or</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>on summary conviction, to imprisonment for a term not exceeding 12 months, to a fine not exceeding the statutory maximum or to both.</p>
</content>
</level>
</subsection>
<subsection>
<num>(9)</num>
<content>
<p>Section 54 does not apply to information to which this section applies.</p>
</content>
</subsection>
<subsection>
<num>(10)</num>
<content>
<p>
In this section “
<term refersTo="#term-statutory-provision">statutory provision</term>
” has the meaning given in section 59(8).
</p>
</content>
</subsection>
</section>
<section>
<num>64E</num>
<heading>Publication</heading>
<subsection>
<num>(1)</num>
<content>
<p>Nothing in section 64D prevents the Auditor General for Wales from publishing a report on a data matching exercise (including on the results of the exercise).</p>
</content>
</subsection>
<subsection>
<num>(2)</num>
<intro>
<p>But the report may not include information relating to a particular body or person if—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>the body or person is the subject of any data included in the data matching exercise,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>the body or person can be identified from the information, and</p>
</content>
</level>
<level class="para1">
<num>(c)</num>
<content>
<p>the information is not otherwise in the public domain.</p>
</content>
</level>
</subsection>
<subsection>
<num>(3)</num>
<content>
<p>A report published under this section may be published in any manner which the Auditor General considers appropriate for bringing it to the attention of those members of the public who may be interested.</p>
</content>
</subsection>
<subsection>
<num>(4)</num>
<content>
<p>This section does not affect any powers of an auditor or the Auditor General where the data matching exercise in question forms part of an audit under Part 2 or 3.</p>
</content>
</subsection>
</section>
<section>
<num>64F</num>
<heading>Fees for data matching</heading>
<subsection>
<num>(1)</num>
<content>
<p>The Auditor General for Wales must prescribe a scale or scales of fees in respect of data matching exercises.</p>
</content>
</subsection>
<subsection>
<num>(2)</num>
<content>
<p>A body required under section 64B(1) to provide data for a data matching exercise must pay to the Auditor General the fee applicable to that exercise in accordance with the appropriate scale.</p>
</content>
</subsection>
<subsection>
<num>(3)</num>
<content>
<p>But if it appears to the Auditor General that the work involved in the exercise was substantially more or less than that envisaged by the appropriate scale, the Auditor General may charge the body a fee which is larger or smaller than that referred to in subsection (2).</p>
</content>
</subsection>
<subsection>
<num>(4)</num>
<intro>
<p>Before prescribing a scale of fees under this section, the Auditor General must consult—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>the bodies mentioned in section 64B(2), and</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>such other bodies or persons as the Auditor General thinks fit.</p>
</content>
</level>
</subsection>
<subsection>
<num>(5)</num>
<content>
<p>If the Welsh Ministers consider it necessary or desirable to do so, they may by regulations prescribe a scale or scales of fees to have effect, for such period as is specified in the regulations, in place of any scale or scales of fees prescribed by the Auditor General and, if they do so, references in this section to the appropriate scale are to be read as respects that period as references to the appropriate scale prescribed by the Welsh Ministers.</p>
</content>
</subsection>
<subsection>
<num>(6)</num>
<intro>
<p>Before making any regulations under subsection (5), the Welsh Ministers must consult—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>the Auditor General for Wales, and</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>such other bodies or persons as they think fit.</p>
</content>
</level>
</subsection>
<subsection>
<num>(7)</num>
<content>
<p>The power under subsection (5) is exercisable by statutory instrument subject to annulment in pursuance of a resolution of the Assembly.</p>
</content>
</subsection>
<subsection>
<num>(8)</num>
<content>
<p>In addition to the power under subsection (2), the Auditor General may charge a fee to any other body or person providing data for or receiving the results of a data matching exercise, such fee to be payable in accordance with terms agreed between the Auditor General and that body or person.</p>
</content>
</subsection>
</section>
<section>
<num>64G</num>
<heading>Code of data matching practice</heading>
<subsection>
<num>(1)</num>
<content>
<p>The Auditor General for Wales must prepare, and keep under review, a code of practice with respect to data matching exercises.</p>
</content>
</subsection>
<subsection>
<num>(2)</num>
<content>
<p>Regard must be had to the code in conducting and participating in any such exercise.</p>
</content>
</subsection>
<subsection>
<num>(3)</num>
<content>
<p>Before preparing or altering the code, the Auditor General must consult the bodies mentioned in section 64B(2), the Information Commissioner and such other bodies or persons as the Auditor General thinks fit.</p>
</content>
</subsection>
<subsection>
<num>(4)</num>
<intro>
<p>The Auditor General must—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>lay a copy of the code, and of any alterations made to the code, before the Assembly, and</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>from time to time publish the code as for the time being in force.</p>
</content>
</level>
</subsection>
</section>
<section>
<num>64H</num>
<heading>Powers of Secretary of State</heading>
<subsection>
<num>(1)</num>
<intro>
<p>The Secretary of State may by order amend this Part—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>to add any purpose mentioned in subsection (2) to the purposes for which data matching exercises may be conducted,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>to modify the application of this Part in relation to a purpose so added.</p>
</content>
</level>
</subsection>
<subsection>
<num>(2)</num>
<intro>
<p>The purposes which may be added are—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>to assist in the prevention and detection of crime (other than fraud) in or with respect to Wales,</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>to assist in the apprehension and prosecution of offenders in or with respect to Wales,</p>
</content>
</level>
<level class="para1">
<num>(c)</num>
<content>
<p>to assist in the recovery of debt owing to Welsh public bodies.</p>
</content>
</level>
</subsection>
<subsection>
<num>(3)</num>
<intro>
<p>The Secretary of State may by order amend this Part—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>to add a Welsh public body to the list of bodies in section 64B(2),</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>to modify the application of this Part in relation to a body so added,</p>
</content>
</level>
<level class="para1">
<num>(c)</num>
<content>
<p>to remove a body from that list.</p>
</content>
</level>
</subsection>
<subsection>
<num>(4)</num>
<content>
<p>Before making an order under this section, the Secretary of State must consult the Auditor General for Wales.</p>
</content>
</subsection>
<subsection>
<num>(5)</num>
<intro>
<p>An order under this section—</p>
</intro>
<level class="para1">
<num>(a)</num>
<content>
<p>is to be made by statutory instrument, and</p>
</content>
</level>
<level class="para1">
<num>(b)</num>
<content>
<p>may include such incidental, consequential, supplemental or transitional provision as the Secretary of State thinks fit.</p>
</content>
</level>
</subsection>
<subsection>
<num>(6)</num>
<content>
<p>No order under this section may be made unless a draft of the statutory instrument has been laid before, and approved by a resolution of, each House of Parliament.</p>
</content>
</subsection>
<subsection>
<num>(7)</num>
<content>
<p>
In this section “
<term refersTo="#term-welsh-public-body">Welsh public body</term>
” means a public body (as defined in section 12(3)) whose functions relate exclusively to Wales or an area of Wales.
</p>
</content>
</subsection>
</section>
</part>
</quotedStructure>
</mod>
</p>
</content>
</paragraph>
</part>
</hcontainer>
</hcontainer>
</body>
</act>
</akomaNtoso>