Key Benefits:
National Computer and Liberties Commission,
Seizure for opinion by the Ministry of Labour, Employment and Health of a draft decree authorising the creation of personal data processing relating to the management of fraud in the general old-age insurance scheme;
Vu Convention No 108 of 28 January 1981 of the Council of Europe for the protection of persons with regard to the automatic processing of personal data;
Having regard to Directive 95 /46/EC of the European Parliament and of the Council of 24 October 1995 Relating to the protection of natural persons with regard to the processing of data Personal character and the free movement of such data;
In view of the social security code, in particular Articles L. 114-9 and later, L. 114-16-1 to 3 and L. 224-14;
Due to Act No. 78-17 of January 6, 1978 relating to information technology, files and amended freedoms, and in particular its article 27-1 (1 °);
Seen decree n ° 2005-1309 of 20 October 2005 for the application of Law n ° 78-17 of 6 January 1978 Relating to information technology, files and freedoms changed;
After hearing Mr Philippe GOSSELIN, Commissioner, in his report and Elisabeth ROLIN, Commissioner of the Government, in his observations;
Form of observations Following:
The National Commission on Informatics and Liberties was seized by the Ministry of Labour, Employment and Health of a request for an opinion on a draft decree authorising it to form and manage a database of information on files Perpetrators and actors of fraud known as " National fraud management system ".
Presentation of the national fraud management system:
The Commission takes note that the draft decree submitted to it is intended to authorise the establishment of a national fraud management system. National fraud management system " (SNGF) committed to the detriment of the organizations of the retired branch of the general system.
As a preliminary point, it points out that SNGF treatment is actually a system for managing fraud alerts and fraud reporting True. For this reason, it is proposing that the department change the name of the processing that is being implemented.
The National Fraud Management System (NFMS) will be composed of two applications:
-the Alert Management Tool (OGEDA), managed by the CNAV ;
-the national fraud reporting base (BNSF), managed by the CNAV, and giving rise to ad hoc information from its partners.
OGEDA will pursue an objective to combat fraud committed against the Retirement branch by allowing the management of " Attempted fraud " And " Fraud, suspected or proven " (art. 2-I of the draft order). It should allow:
-to collect information about suspected fraudsters, authors or actors, to be controlled by the CNAV's sworn agents and to organize these checks;
-to improve the targeting of control actions to be carried out By proposing criteria for identifying " Risk of fraud ".
The Commission takes note that the BNSF will record all the information relating to the perpetrators or actors of fraud, that is to say, fraud will be proven by:
-on the one hand, a control by sworn agents of the CNAV giving rise to either an action to exclude them from the benefit of a right or benefit or to the opening of a dispute;
-on the other hand, a judicial decision
It asks the Ministry of Labour, Employment and Health to amend the last paragraph of Article 241 of the draft decree to define the concepts of proven authors, actors and fraud.
The BNSF will, by means of Dematerialized and encrypted report cards, the sharing of some of the Information on beneficiaries of fraud between the CNAV and its partners, namely: National social security bodies (CNAMTS, CNAF, ACOSS, CNRSI, CCMSA) and their regional or local bodies (CPAM, CAF, URSSAF, MSA, RS1), as well as Pôle emploi, the DGFiP and the other agents mentioned in article L. 114-16-3 of the Social Security Code, the Departmental Anti-Fraud Operational Committees (CODAF) and the
On the applicable legal regime:
The identification of insured persons in the NFIS will be done using the person's registration number in the National Personal Identification Directory (NIR), which is the identifier of the insured persons of the general pension scheme. (art. R. 115-1 of the CSS).
In accordance with Article 27-1 (1 °) of the Act of 6 January 1978, as amended, " Are authorised by decree in the Council of State, taken after reasoned opinion and published by the National Commission on Informatics and Freedoms ", the processing of personal data implemented on behalf of a legal person Public " Which shall relate to data including the registration number of persons in the national directory for the identification of natural persons ".
On the purposes of processing:
Pursuant to the Social Security Code provisions of the Act N ° 2007-1786 of 19 December 2007 for the financing of social security for 2008 (art. L. 114-9 et seq du code de la sécurité sociale), the national system for the management of fraud (SNGF) is intended to enable the National Old Age Insurance Fund (CNAV) to process information relating to authors or actors Fraud and the sharing of information related to social security fraud with all its partners.
This treatment also meets the requirements of article L. 224-14 of the Social Security Code ( CSS), which includes the National Fund for Workers' Health Insurance (CNAM), the National Old Age Insurance Fund Salaried workers (CNAV) and the National Family Allowance Fund (CNAF) " Implement or coordinate control actions on the benefit service in order to detect fraud and abusive behaviour.
accordance with Article 1-I of the draft decree, OGEDA will meet two objectives: on the one hand, the collection of information on the Control in the fight against fraud in the general scheme of the branch and, on the other hand, the improvement of the targeting of the actions of controls undertaken by the CNAV.
As regards the purposes of the BNSF as defined in Article 141 of the Draft decree, the purposes of fraud management (art. 1-II-1), reporting of fraud (art. 1-11 [3 °]) and statistics (art. 1-11 [4 °]) do not call for observation.
The Commission takes note that the BNSF not only aims at the management of proven fraud, but also the development of fraud risk mapping and the reporting of proven fraud The partners of the CNAV.
These additional purposes require special vigilance by the Commission on the conditions for the implementation of the SNGF.
On the categories of data processed:
The Commission considers that the Categories of data captured in OGEDA (art. 3-I of the draft decree) and in the BNSF (art. 3-11 of the draft decree) are adequate, relevant and not excessive in relation to the purposes for which they are collected (Art. 6 [3 °] of the law of 6 January 1978 amended).
It points out that only the categories of data mentioned in the draft decree can be dealt with in the OGEDA and the BNSF
The need to systematically indicate that each of the persons whose identity will be registered has a status of "presumed authorship"
regards the BNSF, it recalls that the registration of the author's status in the BNSF can only be made after a final judicial decision.
The processing of data relating to fraud and offences Limit on the date of detection of the fraud detected, a short description of the fraud, the date of notification of this fraud to the CNAV by the partner organisations, the date of notification of fraud to the partner organisations by the CNAV, on the date of filing of a complaint (if any), the amount of the financial damage and the Penalties and the nature of the final judicial decision (registration number, nature of the sanction, final decision date).
These data will not include any assessment of the social difficulties of individuals or any data Sensitive, within the meaning of Article 8 of the law of 6 January 1978, as amended.
In addition, concerning areas of free field (relating to the absence of a response to the reporting procedure, the procedure for detecting fraud, the description of fraud, The preventive measures to be taken and the observations relating to The inadequacy of existing regulations), it recommends that the following should appear when data are entered: " Only information relevant to the context needs to be entered. They must not include a subjective assessment, nor shall they show, directly or indirectly, racial origins, political, philosophical or religious opinions, union membership or the customs of the person concerned. "
On the categories of recipients:
The Commission takes note of the fact that the personal data processed in the OGEDA will not give rise to any transmission.
On this point, it proposes to the Ministry to clarify Article 4 (1 °) of the draft decree: since they do not constitute addressees within the meaning of Article 3-11 of the Act of 6 January 1978, as amended, the reference to ' Users of the national fraud management system " Could be deleted.
With regard to the BNSF application, Article 4-2 of the draft decree applies to social protection bodies and other partners mentioned in article L. 114-16-3 of the Social Security Code. They may be addressed to the information contained in the BNSF (identity of the natural and legal persons concerned, NIR of insured persons, SIRET number, type of company of the employer, address of the natural or legal persons concerned, beginning and End of the period of fraudulent regularisation and type of benefit in question, registration number and final decision date of criminal and civil actions) useful for the prevention or detection of fraud.
Similarly, excluding NIR Of the insured, information relating to fraudsters will be addressed to the DGFiP.
To contribute to a better prevention of fraud, the CNAV's Department of Fraud Prevention and Control (DNPLF) will receive information on the type of benefit in question, at the administrative position of the case. (before education, training in progress or after completion) or the nature of the sanction resulting from the final decision of the criminal and civil actions.
The Social Security Directorate (DSS) will receive a report card Anonymized ( art. L. 114-9 of the Social Security Code).
Security:
Except for any other category of personnel, the users of the BNSF are the officers in charge of the fight against fraud authorised within the CNAV, of one of the fifteen pension and occupational health insurance funds (CARSAT) metropolitan or one of the four social security funds (CGSS) of Guadeloupe, Martinique, French Guiana and Réunion or the social security fund of Mayotte.
At the regional level, the authorized officers of a credit union Can view their lane dashboard only.
At the national level, only The " National fraud referent " And the BNSF Administrator will be empowered to view the scoreboard of all regional caisses as well as the status of the report cards.
With respect to OGEDA, the Basic Access Clearances regime defines five User profiles: profiles " Reader "," Contributor "," Validator "," Local manager " And " National Manager ". All authorized officers of the CNAV and the CARSAT will be subject to solicitor-client privilege.
These clearances will be issued under the authority of the Director of each Regional Office and the Director of the NAAE, at the national level ( Structures, directors, and accounting officers).
The password for user authentication, database maintenance, and the destruction of data carriers at the end of life do not require any comments from the Commission.
About access to the application, logging capabilities Will make it possible to know the date and time of the connections, the user ID, the type of access (consultation, creation, updating, validation, deletion, export file), the reference of the data accessed (file number). These traces will only be available to the database administrator and will be retained for 12 months.
With respect to the BNSF, the Basic Access Clearances regime defines four user profiles: profiles " Reader "," Contributor "," Validator " And " National Manager ".
The password for authenticating the user, encrypting the data in exchanges with other organizations, maintaining the database, anonymizing the data, and destroying End of Life data carriers respect the recommendations of the Commission and do not require any comments.
Logging functionality will be used to know the date and time of the connections, the identifier of the The user, the type of access to the application (lookup, create, Day, validation, deletion, export card), the reference of the data accessed (file number).
As regards the management of these traces, which will only be available to the administrator of the database, the committee recommends retaining, in the article 5 (4 °) of the draft decree, a retention period of three years, rather than 12 months.
The committee takes note that the report cards produced by the CNAV officers will be encrypted and then sent to the partners under the Form of a secure joint document via e-mail.
For the duration of Conservation:
As regards the OGEDA application, the Commission considers that the data referred to in Article 5 (1) of the draft decree must be " Kept in a form which permits the identification of the persons concerned for a period not exceeding the duration necessary for the purposes for which they are collected and processed '. (art. 6 [5 °] of the law of 6 January 1978 amended).
It considers that data retention for three years is sufficient for " Improve the targeting of control actions " (art. 1-I of the draft decree).
In addition, it insists on the need for an immediate update of the recorded data. Thus, the occurrence of a new event, such as a decision by the judicial authority involving the persons registered in the OGEDA, will have to result in a systematic alteration or deletion of the information
It considers that, in order to avoid checking the year N + 1, the year N, the identification data and the date of the check carried out can be kept in a separate database of the OGEDA.
With regard to the BNSF application, taking into account, on the one hand, the purposes and, on the other, Of the nature and effects of the decisions in question, it requests the CNAV to keep the data seized (Art. 5 [2 °]):
-three years from the final conviction of the person being prosecuted;
-three years from the date of their filing without further action by the public prosecutor or by the agencies responsible for the old-age risk of the General scheme;
-three months from the date of the administrative decision or from the date of the transmission of the judicial decision which did not result in a conviction of the person being
. Information kept for three years from the final conviction decision The person concerned must be accessible only to the agents responsible for the control and prevention of recidivism.
The Commission takes note that these time limits will run at the end of the quarter during which the classification-which Is not always formally brought to the attention of the person concerned-or the decision will have been pronounced and the reports published in the BNSF will not give rise to any archiving.
A paper archive of this information for a duration of Five years will specify, where appropriate, the conditions for re-opening a file.
On the Rights of persons:
Pursuant to Article 32 of the law of 6 January 1978 amended, the persons concerned shall be informed individually of the registration of personal data concerning them in the BNSF by mail of the The director of the body responsible for a compulsory old-age insurance scheme, unless this information is such as to jeopardise the ongoing investigations (Art. 6, paragraph 1, of the draft order).
Where appropriate, the information of the persons shall take place after the precautionary measures have been taken to prevent the destruction of evidence relating to the
. The exercise of the right of access and rectification concerning the OGEDA treatment and the BNSF processing (Art. 6, paragraph 3, of the draft decree) shall be carried out, in the regional funds and the CNAV, with the computer correspondent and freedoms of the body, in accordance with Articles 39 and 40 of the law of 6 January 1978 as amended
Requests the CNAV to present a report on the implementation of the national fraud management system at the end of three years. This balance sheet should show:
-a description of the clearances and training for the tool implemented within the CNAV and the local caisses;
-the improvements achieved, or planned, in terms of preventing and combating fraud;
-a table Summary of SNGF statistics (number of visits by authorized officers of the local funds and the CNAV; number of individual or network frauds identified as a proportion of the fraud recorded in the BNSF which gave rise to Penalties and/or filing a complaint; tracking updates and purges);
-a review of Transmission of the CNAV's report cards to the partner organisations (number of reports transmitted, follow-up given by the recipient organisation, detected and confirmed network fraud); and
-the actions taken to inform the People involved in the implementation of the WNMS and their rights.
The President,
I. Falque-Pierrotin
