Payments Industry and Police Joint Intelligence Unit (PIPJIU)

Payments Industry and Police Joint Intelligence Unit (PIPJIU) was meant to launch in 2007, when fraud reached record levels in the UK. But it got held up by lawyers representing the different groups forming the new unit: the City of London Police, the MET and APACS, the banking body.The unit's almost ready to roll, said a spokesman today: "All issues regarding PIPJIU have been resolved," he said."There were no showstoppers," he said.However, a source close to the PIPJIU said that the legal issues were still unresolved. Its desire to share information about suspected fraudsters between the police and banks was its biggest problem."Data protection is the problem that's exercising everyone at the moment," he said."There are details to be worked out. There's a lot of work going on to work through this. That's going to take some time," he added.The APACS spokesman would not elaborate on what the issues were, but insisted: "Final documents are now being prepared for sign-off by all parties. We will be making an announcement regarding the launch of the PIPJIU in the next few weeks."The source said there were a "number of issues that need to be overcome in a bi-directional sharing arrangement".By that he meant that the banks were not happy that the data sharing was lopsided: that the police could take more data from the banks than they could give in return.There were also some diverging interests. The banking sector is concerned primarily with mitigating its losses, said the source: "But that agenda will not necessarily be shared by a national fraud centre in terms of priorities."Further, there were talks with the Information Commissioner's Office designed to reassure the unit that there would be no showstopping changes to the legislation under which the unit would operate. They were reluctant to take the ICO's word at face value.The ICO's information sharing team refused to comment, which is unfortunate because this legal minefield is clearly hard enough for the lawyers to navigate. The data sharing rules defined by the Data Protection Act are to change when the Serious Crime Act, which was passed last year, comes into force.It will allow for the private and public sector to share data for the purposes of fraud prevention. Nevertheless, that might not give the fraud unit carte blanche sharing powers.To make matters worse, the government has been making bungles like the HMRC's loss of five million child benefit records. This has got the lawyers all a jitter.
"You have got a bunch of legal teams looking at this who are extremely risk averse, but this has just elevated everyone's nervousness," he said.
"It's as fine as long as it all goes swimmingly but in the event that something goes wrong, what are the risks?" he added.As the fraud unit will be handling people's financial records, criminal records and intelligence data about mere suspected fraudsters, the risks are clear. It will use the latest pattern analysing and behaviour prediction software of the sort that has a rabid hunger for data and an accepted percentile of mistaken analysis.The PIPJIU's legal shenanigans will also have implications for the Attorney General's Fraud Review, which has been trying since 2006 to establish a similar intelligence unit to share intelligence data across the public and private sectors, the National Fraud Reporting Centre.The APACS spokesman would not elaborate on what issues had held the unit up. He said yesterday that they were to do with its public-private cross-over. But today "categorically refused" it had anything to do with the commercial arrangements.
He sidestepped the data protection issue: "I don't know why you are being told data sharing has posed a particular problem," he said, "you will have to go back to whoever told you and ask them." µ