xmlns:atom="http://www.w3.org/2005/Atom" xmlns:atom="http://www.w3.org/2005/Atom"

Part 3 U.K.Other measures to prevent or disrupt serious and other crime

Chapter 1U.K.Prevention of fraud

Sharing information with anti-fraud organisationsU.K.

68Disclosure of information to prevent fraudU.K.

(1)A public authority may, for the purposes of preventing fraud or a particular kind of fraud, disclose information as a member of a specified anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation.

(2)The information—

(a)may be information of any kind; and

(b)may be disclosed to the specified anti-fraud organisation, any members of it or any other person to whom disclosure is permitted by the arrangements concerned.

(3)Disclosure under this section does not breach—

(a)any obligation of confidence owed by the public authority disclosing the information; or

(b)any other restriction on the disclosure of information (however imposed).

(4)But nothing in this section authorises any disclosure of information which—

(a)contravenes [F1the data protection legislation]; or

(b)is prohibited by [F2any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016].

(5)Nothing in this section authorises any disclosure by a relevant public authority of information whose subject-matter is a matter about which provision would be within the legislative competence of the Scottish Parliament if it were included in an Act of that Parliament.

(6)In subsection (5) “relevant public authority” means a public authority which has (whether alone or in addition to other functions) functions which are exercisable within devolved competence (within the meaning given by section 54 of the Scotland Act 1998 (c. 46)).

(7)This section does not limit the circumstances in which information may be disclosed apart from this section.

(8)In this section—

Textual Amendments

F1Words in s. 68(4)(a) substituted (25.5.2018) by Data Protection Act 2018 (c. 12), s. 212(1), Sch. 19 para. 145(2) (with ss. 117, 209, 210); S.I. 2018/625, reg. 2(1)(g)

Commencement Information

I1S. 68(1)-(7) in force at 1.10.2008 by S.I. 2008/2504, art. 2(b)

I2S. 68(8) in force at 1.3.2008 by S.I. 2008/219, art. 3(e)

69Offence for certain further disclosures of informationU.K.

(1)A person (“B”) commits an offence, subject as follows, if—

(a)B discloses protected information which has been disclosed by a public authority—

(i)as a result of the public authority being a member of a specified anti-fraud organisation; or

(ii)otherwise in accordance with any arrangements made by such an organisation;

(b)the information—

(i)has been so disclosed by the public authority to B; or

(ii)has come into B's possession as a result (whether directly or indirectly) of such a disclosure by the public authority to another person; and

(c)B knows or suspects, or has reasonable grounds for suspecting, that the information is information of the kind mentioned in paragraphs (a) and (b).

(2)Subsection (1) does not apply to a disclosure made by B—

(a)where B is acting (whether as an employee or otherwise) on behalf of the person to whom the information was disclosed by the public authority concerned and the disclosure by B is to another person acting (whether as an employee or otherwise) on behalf of that person;

(b)for the purposes of the detection, investigation or prosecution of an offence in the United Kingdom;

(c)with the consent of the public authority concerned; or

(d)in pursuance of an [F4EU] obligation or a duty imposed by an enactment;

but it does apply to a disclosure made by B which does not fall within paragraphs (a) to (d) above but which (but for the offence) would have been permitted by a power conferred by an enactment.

(3)Subsection (1) does not apply to a disclosure made by B of information—

(a)which has been disclosed by a relevant public authority; and

(b)whose subject-matter is a matter about which provision would be within the legislative competence of the Scottish Parliament if it were included in an Act of that Parliament;

and subsection (6) of section 68 applies for the purposes of this subsection as it applies for the purposes of subsection (5) of that section.

(4)It is a defence for a person charged with an offence under this section to prove that the person reasonably believed—

(a)that the disclosure was lawful; or

(b)that the information had already and lawfully been made available to the public.

(5)In this section “protected information” means—

(a)any revenue and customs information disclosed by Revenue and Customs and revealing the identity of the person to whom it relates; or

(b)any specified information disclosed by a specified public authority.

(6)For the purposes of this section—

(a)revenue and customs information” means information about, acquired as a result of or held in connection with the exercise of a function of the Commissioners of Revenue and Customs or an officer of Revenue and Customs in respect of a person;

(b)revenue and customs information reveals a person's identity if—

(i)it specifies his identity; or

(ii)his identity can be deduced from it; and

(c)revenue and customs information relates to a person if he is the person in respect of whom the function mentioned in paragraph (a) is exercised.

(7)In this section—

Textual Amendments

Commencement Information

I3S. 69 in force at 1.10.2008 by S.I. 2008/2504, art. 2(c)

70Penalty and prosecution for offence under section 69U.K.

(1)A person who commits an offence under section 69 is liable—

(a)on summary conviction, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

(b)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.

(2)A prosecution for an offence under section 69 may be begun in England and Wales [F5only by or with the consent of the Director of Public Prosecutions]

(3)A prosecution for an offence under section 69 may be begun in Northern Ireland only—

(a)in the case of revenue and customs information disclosed by Revenue and Customs—

(i)by the Commissioners of Revenue and Customs; or

(ii)with the consent of the Director of Public Prosecutions for Northern Ireland; and

(b)in any other case, with the consent of the Director of Public Prosecutions for Northern Ireland.

(4)If an offence under section 69 committed by a body corporate or a partnership is proved to have been committed with the consent or connivance of—

(a)an officer of the body corporate or (as the case may be) a partner or a senior officer of the partnership; or

(b)a person who was purporting to act in any such capacity;

he (as well as the body corporate or partnership) is guilty of the offence and liable to be proceeded against and punished accordingly.

(5)In the application of subsection (1)(a) in Northern Ireland, the reference to 12 months is to be read as a reference to 6 months.

(6)In this section—

71Code of practice for disclosure of information to prevent fraudU.K.

(1)The Secretary of State must prepare, and keep under review, a code of practice with respect to the disclosure, for the purposes of preventing fraud or a particular kind of fraud, of information by public authorities as members of specified anti-fraud organisations or otherwise in accordance with any arrangements made by such organisations.

(2)Before preparing or altering the code, the Secretary of State must consult—

(a)any specified anti-fraud organisation;

(b)the Information Commissioner; and

(c)such other persons as the Secretary of State considers appropriate.

(3)A public authority must have regard to the code in (or in connection with) disclosing information, for the purposes of preventing fraud or a particular kind of fraud, as a member of a specified anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation.

(4)Nothing in this section applies in relation to any disclosure by a relevant public authority of information whose subject-matter is a matter about which provision would be within the legislative competence of the Scottish Parliament if it were included in an Act of the Scottish Parliament.

(5)The Secretary of State must—

(a)lay a copy of the code, and of any alterations to it, before Parliament; and

(b)from time to time publish the code as for the time being in force.

(6)In this section—

Commencement Information

I5S. 71(1)(2)(4)(5) in force at 1.3.2008 by S.I. 2008/219, art. 3(f)

I6S. 71(3)(6) in force at 1.10.2008 by S.I. 2008/2504, art. 2(d)

72Data protection rulesU.K.

In Schedule 3 to the Data Protection Act 1998 (c. 29) (conditions for processing sensitive personal data), after paragraph 7, insert—

7A(1)The processing—

(a)is either—

(i)the disclosure of sensitive personal data by a person as a member of an anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation; or

(ii)any other processing by that person or another person of sensitive personal data so disclosed; and

(b)is necessary for the purposes of preventing fraud or a particular kind of fraud.

(2)In this paragraph “an anti-fraud organisation” means any unincorporated association, body corporate or other person which enables or facilitates any sharing of information to prevent fraud or a particular kind of fraud or which has any of these functions as its purpose or one of its purposes.

Commencement Information

I7S. 72 in force at 1.10.2008 by S.I. 2008/2504, art. 2(e)