JORF n ° 0254 October 31, 2012, text no. 76 Deliberation No. 2012-114 of April 12, 2012 on the opinion on a draft decree of the Council of State allowed the creation of a processing of personal data relating to the management of fraud at the general system of insurance (approval No. 1564507) NOR: CNIX1237879X ELI: not available the National Informatics and Liberties Commission Seized for opinion by the Ministry of labour, employment and health of a draft decree authorizing the creation of a processing of personal data relating to the management of the general scheme of old-age insurance fraud;
See convention no. 108 of 28 January 1981 of the Council of Europe for the protection of persons against the treatment automated of personal data;
Given the directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of natural persons with respect to the processing of data personal data and the free movement of such data;
Given the code of social security, particularly its articles L. 114 - 9 and following, 114-16-1-3 and L. 224 - 14;
Seen the law No. 78-17 of 6 January 1978 relative to information technology, files and freedoms changed, and in particular article 27-1 ((1));
Considering Decree No. 2005-1309 of 20 October 2005, taken for the purposes of the law No. 78-17 of 6 January 1978 relative to information technology, files and freedoms changed;
After hearing Mr. Philippe GOSSELIN, Commissioner, in her report and Mrs Elisabeth ROLIN, Commissioner of the Government, in its observations;
We offer the following observations: the National Informatics and freedoms Commission by the Ministry of labour, employment and health of a request for an opinion on a draft decree authorising it to establish and manage a database of information on records of authors and actors of fraud called "national fraud management system".
Presentation of the national system of fraud management: the commission takes note that the draft decree submitted was intended to allow the implementation of a 'national fraud management system' (SNGF) committed to the detriment of organizations branch retirement under the general scheme.
As a preliminary point, it emphasises that the SNGF treatment actually refers to a system of fraud alerts and report proven fraud management. This is why it proposes to the Ministry to change the name of the treatment implemented in this sense.
The national fraud (SNGF) management system consists of two applications: ― the management tool alerts (OGEDA), managed by the CNAV.
― the national database to report fraud (BNSF), managed by the CNAV, and giving rise to a one-off information of its partners.
The OGEDA continue a goal to fight against fraud to the detriment of the retirement industry organizations by enabling the management of "attempted fraud" and "fraud, suspected or proven" (article 2-I of the draft decree). It must allow: ― to collect information about suspected fraudsters, authors or actors, to control by the agents sworn to the CNAV and organize these controls;
― to improve the targeting of the actions of control by providing identification criteria "risks of fraud.
The commission takes note that the BNSF will record all of the information relating to the authors or actors of fraud, i.e. fraud will be proven through: ― on the one hand, control by officials sworn of the CNAV giving rise to action to exclude them from the benefit of a right of a benefit or the opening of a dispute;
final — on the other hand, from a judicial decision.
It has asked the Ministry of labour, employment and health to amend the last paragraph of section 241 of the draft decree to define the notions of authors, actors and proven fraud.
The BNSF will allow, through report cards dematerialized and encrypted, sharing some information about recipients perpetrators of fraud between the CNAV and its partners, namely: the national social security bodies (CNAMTS, CNAF, ACOSS, CCMSA CNRSI) and their regional or local funds (CPAM, CAF, URSSAF, MSA, RS1), Pôle emploi, the DGFiP and the other agents mentioned in article L. 114-16-3 of the code of social security , committees departmental operational anti-fraud (CODAF) and prosecutors.
On the applicable law: the identification of the insured in the SNGF will be carried out using the registration number of the people in the national directory of identification of individuals ("NIR") that is the identifier of the insured of the retired branch of the general scheme (art. R. 115-1 of the CSS).
In accordance with article 27-1 (1) of the amended Act of 6 January 1978, "are authorized by Decree in Council of State, taken after notice motivated and published the National Commission of computing and freedoms", treatment of personal data implemented on behalf of a legal person of public law "regarding data include the registration number of the people to the national directory of identification of physical persons".
To the purposes pursued by the treatment: in application of the provisions of the code of social security issues of law No. 2007 - 1786 19 December 2007 funding of social security for 2008 (art.) L. 114-9 and following of the code of social security), the national system of management fraud (SNGF) was intended to allow the national insurance pension (CNAV) to process information about the authors or actors of fraud and organize the sharing of information related to fraud to social benefits with all of its partners.
This treatment also meets the requirements of article L. 224 - 14 of the code of social security (CSS) which reads in part that the National Fund of the insurance of salaried workers (CNAM), the National Fund of pension for workers (CNAV) and the National Fund of family allowances (CNAF) "implement or coordinate control on the benefits service actions to detect fraud and abuse. "They can use automated treatment of the data related to the benefits service.
In accordance with article 1 I of the draft decree, the OGEDA will meet two objectives: on the one hand, the collection of information to control as part of the fight against fraud in the scheme of the retirement industry and, on the other hand, improve the targeting of controls undertaken by the CNAV actions.
For the purposes of the BNSF defined in article 141 of the draft decree, the purposes of management fraud (art. 1-II-1), reporting of fraud (art. 1-11 ) and statistics (arts. 1-11 ) don't call observation.
The commission takes note that the BNSF has not only designed the fraud management proven but also the development of a mapping of the risk of fraud and report fraud proven partners of the CNAV.
These complementary purposes call special vigilance of the commission on the implementation of the SNGF conditions.
On the categories of data processed: the commission considers that the categories of data entered into the OGEDA (art. 3-I of the draft decree) and the BNSF (art. 3-11 of the draft decree) are adequate, relevant and not excessive for the purpose for which they are collected (art. 6 [(3)] of the Act of 6 January 1978 amended).
She recalled that only those categories of data referred to in the draft decree may subject to treatment in the OGEDA and the BNSF.
Regarding the OGEDA, the commission insists on the need to systematically indicate that each of the persons whose identity will be registered has a status of "alleged offender" or actor.
On the BNSF, she recalled that the recording of the status of author in the BNSF cannot be made only after a final judicial decision.
The treatment of data relating to fraud and offences will be limited to the date of detection of fraud observed, a short description of the fraud, to the date of notification of this fraud to the CNAV by partner organizations, to the date of notification of fraud to the partner organizations by the CNAV, on the date of the filing of the complaint (if any) the amount of the financial loss and penalties and the nature of the final judicial decision (number registration, the nature of the sanction, date of final decision).
These data will not include any appreciation on the social difficulties of the people, or any sensitive data within the meaning of article 8 of the law of 6 January 1978 amended.
Also, regarding free field areas (relating to absence now given to reporting, the operating mode of detection of fraud, the description of the fraud, to measures of prevention to remember and comments on the inadequacy of the regulations in force), she recommends the following to appear in the data entry: "only should be entered relevant information given the context. They must not show of subjective assessment, or reveal, directly or indirectly, racial origins, political, philosophical or religious views Union memberships, or manners of the person concerned. "On the categories of recipients: the commission takes note that the personal data processed in the OGEDA will result in no transmission.
On this point, she offers to the Department to clarify article 4 (1) of the draft decree: as soon as they are not recipients within the meaning of article 3-11 of the law of 6 January 1978 modified, the reference to "users of the national system of fraud management" could be deleted.
Regarding the application BNSF, article 4-2 of the draft decree aims agencies other partners referred to in article L. 114-16-3 of the code of social security and social protection. They can be recipients of the information in the BNSF (identity of physical and legal persons concerned, NIR of the insured, number SIRET, company type of employer, address of the natural or legal persons concerned, beginning and end of the fraudulent accrual period and type of service in question, registration number and date of final determination of the criminal and civil actions) useful to the prevention or detection of fraud.
Similarly, excluding NIR of the insured, scammers information will be addressed to the DGFiP.
To contribute to a better prevention of fraud, the Department of prevention and fight against fraud (DNPLF) of the CNAV will receive information related to the type of service in question, to the administrative position of the file (before the statement, current statement or after trial completed) or the nature of the sanction as a result of the final determination of the criminal and civil actions.
The direction of social security (DSS) will receive an anonymous report form (art.) L. 114-9 of the code of social security).
Safety: the exclusion of any other category of staff, users of the BNSF are the agents in charge of the fight against fraud empowered within the CNAV, of one of the 15 funds of retirement insurance and health at work (CARSAT) metropolitan or one of the four funds of social security (CGSS) of Guadeloupe, Martinique , Guiana and meeting or of the Fund of social security of Mayotte.
At the regional level, the authorised agents of a cash Manager can view the dashboard from their fund only.
At the national level, only the "fraud national referent' and the administrator of the BNSF will be able to see the dashboard of all regional banks as well as the status of report cards.
Regarding the OGEDA, the regime of authorizations to access the database defines five user profiles: the profiles 'reader', 'contributor', 'validator', 'local Manager' and 'national Manager. All officers authorized the CNAV and the CARSAT will be subject to professional secrecy.
These clearances will be issued with the authorization of the Director of each regional Bank and the Director of the CNAV national (structures, directors and accounting officers).
The password for the authentication of the user, the maintenance of the base and the destruction of the end-of-life data carriers don't call of observations by the commission.
Regarding access to the application, the logging features will allow to know the date and time of the connections, the ID of the user, the type of access (consultation, creation, update, validation, remove, export plug), the reference partition data (file number). These traces will be searchable by the basis administrator and will be stored for twelve months.
On the BNSF, the regime of authorizations to access the database defines four user profiles: the profiles 'reader', 'contributor', 'validator' and 'national Manager.
The password allowing the user authentication, encryption of data during exchanges with other organizations, the basic maintenance, anonymization of the data as well as the destruction of end-of-life data media respect the recommendations of the commission and call for no comment on its part.
The logging features will allow to know the date and time of the connections, the ID of the user, the type of access to the application (consultation, creation, update, validation, remove, export plug), the reference partition data (file number).
Regarding the management of these traces, which will be searchable by the basis administrator, the commission advocates hold, in article 5 (4) of the draft decree, a shelf life of three years, rather than 12 months.
The commission took note that report cards produced by agents of the CNAV will be encrypted, and then addressed to the partners in the form of an attached document secure via e-mail.
On shelf life: OGEDA application, the Commission considers that the data referred to in article 5 (1) of the draft decree must be "kept in a form allowing the identification of the persons concerned for a period which does not exceed the time necessary for the purposes for which they are collected and processed" (art. 6 [(5)] of the Act of 6 January 1978 amended).
It considers that a retention of data for three years is sufficient to "improve the targeting of control actions" (art. 1-I of the draft decree).
In addition, she stressed the need for an immediate update of the recorded data. Thus, the occurrence of a new event, such as a decision of the judicial authority putting out of the people registered in the OGEDA, should give rise to an amendment or a systematic deletion of the information concerned.
It considers that, to avoid to control the year N + 1 year controlled recipients N, the identification data and the date of control performed can be kept in a separate database from the OGEDA.
The BNSF application, taking into account, on the one hand, the purposes and, on the other hand, nature and effects of the decisions at issue, she asked the CNAV keep entered data (art. 5 [(2)]): — three years after the decision of sentence of the accused person;
― three years from the date of their classification without further action by the public prosecutor of the Republic or by the bodies responsible for the risk of old age scheme;
― three months from the date of the administrative decision or from the date of transmission of the judicial decision not leading to a conviction of the accused person.
The commission considers that the information kept for three years after the decision of final conviction of the person concerned must be accessible only officers in charge of the actions of control and prevention of recidivism.
The commission takes note that these delays will run at the end of the quarter during which classification — which is not always formally brought to the attention of the person concerned ― or decision will have been made and that the reports published in the BNSF will result in no records.
Archiving paper of this information for a period of five years will specify, as appropriate, the conditions for re-opening of a case.
On the rights of persons: pursuant to article 32 of the law of 6 January 1978 modified, the persons concerned will be informed individually of registration of personal data about them in the BNSF by post of the Director of the Agency of a compulsory old-age insurance, unless this information is likely to compromise the ongoing investigations (art. 6 (, paragraph 1, of the draft decree).
Where appropriate, information from the people will take place after that interim measures were taken to prevent the destruction of evidence relating to reporting.
The commission notes that, concerning the OGEDA treatment and treatment BNSF, the exercise of the right of access and rectification (art. 6, paragraph 3, of the draft decree) will be carried out in the regional banks and the CNAV, with the corresponding computer and freedoms of the Organization, in accordance with articles 39 and 40 of the Act of 6 January 1978 amended.
Finally, the commission asks the CNAV to present a report on the implementation of the national system of fraud management at the end of a period of three years. This assessment will have to appear: ― a description of clearances and training to the tool being implemented within the CNAV and local funds;
― the improvements carried out, or planned, in terms of prevention and fight against fraud;
— a summary of the statistics of the SNGF table (number of consultations by agents empowered the local banks and the CNAV; number of individual fraud or network recenseesn proportion of fraud listed in the BNSF having given rise to penalties and/or filing a complaint; updates and purges);
― an assessment relating to the transmission of records of the CNAV to partner agencies reporting (number of reports, follow-up by the recipient organization, network fraud detected and confirmed); and ― the efforts to inform people of the implementation of the SNGF and their rights.
President, I. Falque-Pierrotin