Match data against similar data points
Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Why this countermeasure matters
Not matching data with similar data points may lead to:
- an inability to obtain or verify information
- false information being used to support a request or claim
- changes or information not being disclosed that would affect entitlements
- changes in circumstances being missed.
How to put this countermeasure in place
Some ways to implement this countermeasure include:
- automatically comparing claim or recipient data by comparing new data with a corresponding data file
- automatically populating claim data by using a data link
- matching program participants by sharing data files between entities
- automatically matching employment details with Tax File Number declarations held by the Australian Taxation Office
- automatically verifying recipient income through Single Touch Payroll.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by using the following methods:
- Consult subject matter experts about the data matching process.
- Review controls and policies to see if they conform to national guidelines and frameworks.
- Review reports to determine the accuracy of the data match, such as the percentage of successful matches.
- Evaluate the reliability of the data match, such as checking whether the data is consistent and trustworthy.
- Evaluate the usefulness of the data match for preventing fraud.
- Review any data quality issues and find out if these affect the usefulness of the data match for preventing fraud.
- Review a sample of completed requests/claims to confirm the data matching is working correctly.
- Review the original source of the data and see if it’s an impartial, reliable or trustworthy source.
- Review system specifications to confirm the data match is working as designed.
- Undertake testing or a process walk-through to confirm that data matching occurs and is used to support decision-making.
- Confirm data matching is always on/available.
- Confirm that someone cannot bypass data matching even when subject to pressure or coercion.
This type of countermeasure is supported by: