Juggling data silos, privacy and fraud
Among the uncomfortable truths about the government’s response to the pandemic is the fact that some people have and will continue to play the system.
At the time it was introduced, the furlough scheme helped many people remain employed, when their workplace was forced to shut due to Covid-19. But it was open to misuse, with a number of businesses making fraudulent claims.
In October 2020, the National Audit Office (Nao) published its investigation to the Government’s Bounce Back Loan Scheme. It stated that up to 60% of borrowers may default on the loan scheme, representing a cost to the government of up to £26bn. In the report, the Nao stated: “The Cabinet Office’s Government Counter Fraud Function believes fraud losses are likely to be significantly above the general estimates of public sector fraud levels of 0.5% to 5%.” The extent of the fraud is unlikely to emerge until the loans are due to start being repaid from May 4th, 2021.
Another example is fraud on Universal Credit advances. Here, advances were claimed fraudulently against stolen identities during April to June 2020. People found out months later that the advance would be taken out of their earnings directly, even though they had never claimed Universal Credit.
Lack of due diligence
Fraudsters are opportunists. The government was firefighting at the start of the pandemic. While the schemes it put in place were open to abuse, it needed to get funds to people and business quickly. However, at least some of the checks and balances should have been in place.
According to Simon Dennis, a public sector specialist who works for SAS, for the purposes of fraud detection and prevention, data can and should be shared between different government departments. It is covered by the Digital Economy Act 2017. But whether it is due to red tape, a lack of understanding of what can and cannot be shared or the slow pace with which IT can grant external access to an API (application programming interface), data in government departments tends to be very much siloed.
The Information Commissioner’s Office recently published a new Data Sharing Code of Practice and said it would further engage with organisations in the public and private sectors to help them better understand the law on data sharing, share good practices, and “dispel some myths that still persist.”
January 28th, 2021 marks the 40th anniversary of the European Data Protection Day. Data privacy is an important pillar of society. But privacy has wide societal implications and needs coordination with a balanced and well-understood approach for data sharing.