In Schedule 3 to the Data Protection Act 1998 (c. 29) (conditions for processing sensitive personal data), after paragraph 7, insert—

“7A

(1)

The processing—

(a)

is either—

(i)

the disclosure of sensitive personal data by a person as a member of an anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation; or

(ii)

any other processing by that person or another person of sensitive personal data so disclosed; and

(b)

is necessary for the purposes of preventing fraud or a particular kind of fraud.

(2)

In this paragraph “an anti-fraud organisation” means any unincorporated association, body corporate or other person which enables or facilitates any sharing of information to prevent fraud or a particular kind of fraud or which has any of these functions as its purpose or one of its purposes.”