The Serious Organised Crime Agency (Soca) identified 21 instances of tax credit fraud last year by using new data mining powers, according to the annual report published last week.

The cases were discovered by matching information from other government departments against intelligence held by Soca – a technique enabled by the 2005 Serious Organised Crime and Police Act.

The agency’s approach to rooting out criminal networks focuses on patterns of activity rather than specific incidents.

‘We need to look at the broader issue of crime,’ Soca director general Bill Hughes told a House of Lords committee last month. ‘If we do not have knowledge we go at it in rifle shots.’

But critics say that plans to extend police data mining raise privacy questions that remain unsatisfactorily answered by the UK’s data protection regime.

The combination of cheap computing power and ever-growing silos of information make it an attractive option for increasingly cash-strapped law enforcement agencies.

Data mining itself is not a new concept. But the patchwork of plans now under discussion represents a shift in approach.

A Home Office white paper published in April details plans to increase the use of data mining techniques. And provisions in the Serious Crime Bill, currently in Parliament, will formalise data-matching practices for fraud detection.

Law enforcement agencies will be able to mine far more speculatively using a wider range of databases, including tax records, private company databases and almost all public or private information sources except for health records.

Rather than matching data according to specific suspicions, information sources can potentially be trawled to create a list of suspects purely on the basis of data anomalies.

The Information Commissioner’s Office (ICO), the body headed by Richard Thomas that enforces UK data protection laws, says data mining by law enforcement agencies does not necessarily break privacy laws.

There are provisions in the Serious Crime Bill to establish a code of practice to govern how personal information is mined, and any subsequent use of it, says a spokesman.

‘Data protection is not a barrier to appropriate information sharing and does not prevent the detection or prevention of crime,’ he said.

But critics say a code of practice will be difficult to enforce because the Data Protection Act only requires the ICO to be notified after data-matching exercises have taken place.

Even then there is little that Thomas can do, says David Murikami-Wood, a surveillance expert at Newcastle University.

‘The problem is that the ICO has no teeth to enforce data protection legislation, or enough resources to investigate instances of this happening.

‘It is especially problematic when monitoring a secretive organisation such as Soca,’ he said.

Soca

... in 30 seconds

z The Serious Organised Crime Agency (Soca) is a policing agency created to target organised crime, including the illegal drugs trade, people smuggling and electronic crimes.

z When Soca was created on 1 April 2006 it took over the functions of the National Hi-Tech Crime Unit, the drug trade investigative and intelligence sections of HM Customs and Excise, and the Immigration Service’s responsibility for organised immigration crime.

z The Home Office-funded agency had a budget of £457m for 2006-2007, of which £416m pays for expenses and £41m is capital investment. It is led by a board of 11 and has 4,200 staff.

z In the past year the agency has identified 160 serious crime bosses, seized 73 tonnes of cocaine and intercepted a shipment of rocket-propelled grenade launchers thought to be destined for Islamist terrorists, according to last week’s annual report.