Sch. 7 para. 4 in force at 1.3.2008 for specified purposes by S.I. 2008/219, art. 3(i)
Sch. 7 para. 4 in force at 6.4.2008 in so far as not already in force by S.I. 2008/755, art. 16(a)
The Auditor General for Wales may conduct data matching exercises or arrange for them to be conducted on his behalf. A data matching exercise is an exercise involving the comparison of sets of data to determine how far they match (including the identification of any patterns and trends). The power in subsection (1) is exercisable for the purpose of assisting in the prevention and detection of fraud in or with respect to Wales. That assistance may, but need not, form part of an audit. A data matching exercise may not be used to identify patterns and trends in an individual's characteristics or behaviour which suggest nothing more than his potential to commit fraud in the future. In the following provisions of this Part, reference to a data matching exercise is to an exercise conducted or arranged to be conducted under this section. The Auditor General for Wales may require— any body mentioned in subsection (2), and any officer or member of such a body, to provide the Auditor General or a person acting on his behalf with such data (and in such form) as the Auditor General or that person may reasonably require for the purpose of conducting data matching exercises. The bodies are— a local government body in Wales (as defined in section 12(1)); a Welsh NHS body (as defined in section 60). A person who without reasonable excuse fails to comply with a requirement of the Auditor General under subsection (1)(b) is guilty of an offence and liable on summary conviction— to a fine not exceeding level 3 on the standard scale, and to an additional fine not exceeding £20 for each day on which the offence continues after conviction for that offence. If an officer or member of a body is convicted of an offence under subsection (3), any expenses incurred by the Auditor General in connection with proceedings for the offence, so far as not recovered from any other source, are recoverable from that body. If the Auditor General for Wales thinks it appropriate to conduct a data matching exercise using data held by or on behalf of a body or person not subject to section 64B, the data may be disclosed to the Auditor General or a person acting on his behalf. A disclosure under subsection (1) does not breach— any obligation of confidence owed by a person making the disclosure, or any other restriction on the disclosure of information (however imposed). But nothing in this section authorises a disclosure which— contravenes the Data Protection Act 1998 (c. 29), or is prohibited by Part 1 of the Regulation of Investigatory Powers Act 2000 (c. 23). Data may not be disclosed under subsection (1) if the data comprise or include patient data. “ This section does not limit the circumstances in which data may be disclosed apart from this section. Data matching exercises may include data provided by a body or person outside England and Wales. This section applies to the following information— information relating to a particular body or person obtained by or on behalf of the Auditor General for Wales for the purpose of conducting a data matching exercise, the results of any such exercise. Information to which this section applies may be disclosed by or on behalf of the Auditor General for Wales if the disclosure is— for or in connection with a purpose for which the data matching exercise is conducted, to a body mentioned in subsection (3)
(or a related party) for or in connection with a function of that body corresponding or similar to the functions of an auditor under Chapter 1 of Part 2 or the functions of the Auditor General under Part 3 or this Part, or in pursuance of a duty imposed by or under a statutory provision. The bodies are— the Audit Commission, the Auditor General for Scotland, the Accounts Commission for Scotland, Audit Scotland, the Comptroller and Auditor General for Northern Ireland, a person designated as a local government auditor under Article 4 of the Local Government (Northern Ireland) Order 2005 (S.I. 2005/1968 (N.I.18)). “ a body or person acting on its behalf, a body whose accounts are required to be audited by it or by a person appointed by it, a person appointed by it to audit those accounts. If the data used for a data matching exercise include patient data— subsection (2)(a) applies only so far as the purpose for which the disclosure is made relates to a relevant NHS body, subsection (2)(b) applies only so far as the function for or in connection with which the disclosure is made relates to such a body. In subsection (5)— “ “ a Welsh NHS body as defined in section 60, a health service body as defined in section 53(1) of the Audit Commission Act 1998 (c. 18), an NHS body as defined in section 22(1) of the Community Care and Health (Scotland) Act 2002 (asp 5), a body to which Article 90 of the Health and Personal Social Services (Northern Ireland) Order 1972 (S.I. 1972/1265 (N.I.14)) applies. Information disclosed under subsection (2) may not be further disclosed except— for or in connection with the purpose for which it was disclosed under paragraph (a) or the function for which it was disclosed under paragraph (b) of that subsection, for the investigation or prosecution of an offence (so far as the disclosure does not fall within paragraph (a)), or in pursuance of a duty imposed by or under a statutory provision. Except as authorised by subsections (2) and (7), a person who discloses information to which this section applies is guilty of an offence and liable— on conviction on indictment, to imprisonment for a term not exceeding two years, to a fine or to both, or on summary conviction, to imprisonment for a term not exceeding 12 months, to a fine not exceeding the statutory maximum or to both. Section 54 does not apply to information to which this section applies. In this section “ Nothing in section 64D prevents the Auditor General for Wales from publishing a report on a data matching exercise (including on the results of the exercise). But the report may not include information relating to a particular body or person if— the body or person is the subject of any data included in the data matching exercise, the body or person can be identified from the information, and the information is not otherwise in the public domain. A report published under this section may be published in any manner which the Auditor General considers appropriate for bringing it to the attention of those members of the public who may be interested. This section does not affect any powers of an auditor or the Auditor General where the data matching exercise in question forms part of an audit under Part 2 or 3. The Auditor General for Wales must prescribe a scale or scales of fees in respect of data matching exercises. A body required under section 64B(1) to provide data for a data matching exercise must pay to the Auditor General the fee applicable to that exercise in accordance with the appropriate scale. But if it appears to the Auditor General that the work involved in the exercise was substantially more or less than that envisaged by the appropriate scale, the Auditor General may charge the body a fee which is larger or smaller than that referred to in subsection (2). Before prescribing a scale of fees under this section, the Auditor General must consult— the bodies mentioned in section 64B(2), and such other bodies or persons as the Auditor General thinks fit. If the Welsh Ministers consider it necessary or desirable to do so, they may by regulations prescribe a scale or scales of fees to have effect, for such period as is specified in the regulations, in place of any scale or scales of fees prescribed by the Auditor General and, if they do so, references in this section to the appropriate scale are to be read as respects that period as references to the appropriate scale prescribed by the Welsh Ministers. Before making any regulations under subsection (5), the Welsh Ministers must consult— the Auditor General for Wales, and such other bodies or persons as they think fit. The power under subsection (5) is exercisable by statutory instrument subject to annulment in pursuance of a resolution of the Assembly. In addition to the power under subsection (2), the Auditor General may charge a fee to any other body or person providing data for or receiving the results of a data matching exercise, such fee to be payable in accordance with terms agreed between the Auditor General and that body or person. The Auditor General for Wales must prepare, and keep under review, a code of practice with respect to data matching exercises. Regard must be had to the code in conducting and participating in any such exercise. Before preparing or altering the code, the Auditor General must consult the bodies mentioned in section 64B(2), the Information Commissioner and such other bodies or persons as the Auditor General thinks fit. The Auditor General must— lay a copy of the code, and of any alterations made to the code, before the Assembly, and from time to time publish the code as for the time being in force. The Secretary of State may by order amend this Part— to add any purpose mentioned in subsection (2) to the purposes for which data matching exercises may be conducted, to modify the application of this Part in relation to a purpose so added. The purposes which may be added are— to assist in the prevention and detection of crime (other than fraud) in or with respect to Wales, to assist in the apprehension and prosecution of offenders in or with respect to Wales, to assist in the recovery of debt owing to Welsh public bodies. The Secretary of State may by order amend this Part— to add a Welsh public body to the list of bodies in section 64B(2), to modify the application of this Part in relation to a body so added, to remove a body from that list. Before making an order under this section, the Secretary of State must consult the Auditor General for Wales. An order under this section— is to be made by statutory instrument, and may include such incidental, consequential, supplemental or transitional provision as the Secretary of State thinks fit. No order under this section may be made unless a draft of the statutory instrument has been laid before, and approved by a resolution of, each House of Parliament. In this section “