GovWire

Policy paper: SFO Privacy Policy

Serious Fraud Office

December 10
00:00 2024

class="gem-c-govspeak govuk-govspeak gem-c-govspeak--direction-ltr govuk-!-margin-bottom-0">

Purpose

Personal data is any data which identifies a living individual directly or indirectly, in particular by reference to an identifier such as their name, address or date of birth.

The processing of personal data can mean anything we do with personal data, including but not limited to collecting, recording, storing and sharing.

Data Controller

The Director of the Serious Fraud Office is the data controller. You can contact the SFO at:

Email:public.enquiries@sfo.gov.uk

Address: The Serious Fraud Office, 2-4 Cockspur Street, London, SW1Y 5BS

Telephone: +44 (0)20 7239 7272 / 7152

Data Protection Officer

You can contact the SFOs Data Protection Officer at:

Email:DataProtectionOfficer@sfo.gov.uk

Address: Data Protection Officer, Serious Fraud Office, 2-4 Cockspur Street, London, SW1Y 5BS

How are your rights protected?

The primary purpose for processing personal data determines what law protects your rights and provides the legal basis for our processing activities.

Your rights are protected by either:

  1. The General Data Protection Regulation (UK GDPR) and Part 2 of the Data Protection Act 2018; or
  2. Part 3 of the Data Protection Act 2018 (DPA 2018).

Where the SFO processes your personal data for general purposes not relating to our casework, the UK GDPR and Part 2 of the Data Protection Act apply.

Where the SFO processes your personal data for law enforcement purposes in connection with our casework, Part 3 of the Data Protection Act applies.

What information do we collect about you?

The SFO collects personal data from a range of sources in the course of the exercise of its statutory Law Enforcement functions. Types of personal data we process under Part 3 of the DPA 2018 may include information such as:

  • Personal details including name, address, contact details, proof of ID, date of birth
  • Financial information
  • Location and communications data
  • Sound and visual images
  • Conviction data
  • Online identifiers such as IP addresses
  • Any other personal data about you or other individuals collected by the SFO which is necessary and processed lawfully for the purposes under Part 3 of the DPA 2018.

We also process personal data that is unrelated to our law enforcement processing, including in the course of our administrative functions such as staff administration, procurement, property management, media and public correspondence.

Types of personal data we process under UK GDPR and Part 2 of the DPA 2018 may include information such as:

  • Personal details including name, address, contact details, proof of ID, date of birth
  • Employment details
  • Personal data supplied in requests, complaints or correspondence
  • Job applications or applications to join an SFO Counsel Panel
  • Information relating to safeguarding or victim support services
  • Any other personal data about you or other individuals collected by the SFO which is necessary to discharge our general administrative duties

We may also need to process special categories of personal data (also referred to in Part 3 of the DPA 2018 as sensitive processing) for either our general or law enforcement purposes. This could include personal data revealing:

  • Racial or ethnic origin
  • Political opinions
  • Religious, cultural or philosophical beliefs
  • Trade union membership
  • Physical or mental health
  • Sex life or orientation
  • Genetic or biometric data

Whose personal data do we handle?

In order to carry out our functions we process information relating to a wide variety of individuals.

For law enforcement purposes in connection with our casework these may include:

  • People suspected of an offence
  • Victims
  • Witnesses
  • People convicted of an offence
  • Solicitors and counsel
  • Expert witnesses and interpreters
  • Members of the public
  • Colleagues from other law enforcement agencies, Government departments, regulators or international organisations
  • Former and existing members of staff

For general purposes not relating to our casework this may include:

  • Complainants, correspondents and enquirers
  • Members of the public
  • Journalists and the media
  • Suppliers and commercial partners
  • Colleagues from other law enforcement agencies, Government departments, regulators or international organisations
  • Consultants and other professional experts
  • Former, potential and existing members of staff

Why do we use personal data?

The SFO is a specialist prosecuting authority responsible for investigating and prosecuting the top level of serious or complex fraud, bribery and corruption. In addition, the SFO also pursues criminals for the financial benefit they have made from their crimes and assists overseas jurisdictions with their investigations into serious and complex fraud, bribery and corruption cases.

We will process personal data for the law enforcement purposes as outlined in Part 3 of the DPA, specifically as part of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.

The Criminal Justice Act 1987 empowers the Director of the SFO to investigate suspected offences of serious or complex fraud, and bribery and corruption. Acting in accordance with these powers provides the SFO with a basis in law to process personal data for law enforcement purposes. For data protection purposes we are a competent authority under the DPA 2018 schedule 7.

The SFO also processes personal data for non-law enforcement purposes. This includes for recruitment, staff administration, responding to enquiries, requests or complaints, and maintaining our accounts and records. Depending on the nature of the data and why we need to process it, there may be a number of different legal bases that apply, including where:

  • the processing is necessary to perform a task in the public interest or for official functions, such as where we make referrals to victim and witness support services or share information for regulatory purposes
  • the processing is necessary for a contract or to take specific steps before entering into a contract, such as where we vet and recruit employees or procure goods and services
  • the processing is necessary in order to comply with a legal obligation, such as where we are required to respond to Freedom of Information Act 2000 or other statutory requests
  • there is legitimate interest to do so, and it is necessary and balanced against your own interests, rights and freedoms
  • on the rare occasions where processing data becomes necessary to protect your vital interests (or someone elses vital interests), such as in line with our safeguarding policy

Who will we share data with?

During the course of our casework the SFO may share personal data either internally or with other individuals or organisations. This may be for the purposes of furthering the SFOs investigations and prosecutions, as part of joint investigations, responding to requests for assistance, or as part of complying with our statutory duties to disclose information.

These recipients will include, but are not limited to:

  • Other UK or overseas law enforcement agencies
  • UK or overseas Government departments
  • The Court
  • Witnesses or interviewees
  • Expert witnesses, interpreters and other professional experts
  • Counsel
  • Financial institutions and regulatory bodies
  • Administrators and Liquidators
  • Other third party data holders in context of an investigation

We may also need to share data for non-law enforcement purposes, including to:

  • Service providers
  • Current, past and prospective employers
  • Local authorities or victim and witness support services
  • Government departments
  • Regulatory bodies

How long do we keep personal data?

Whilst held on SFO systems your personal data is subject to internal data retention policies.

The appropriate retention period for law enforcement data will be determined by the lifecycle of the investigation and prosecution, along with any outstanding actions or orders following its conclusion.

Where data is held for general purposes the SFO will only retain your personal information for as long as necessary. We will securely dispose of your data when it is no longer necessary to retain it.

How do we keep your data secure?

The SFO has put in place appropriate technical and organisational measures to safeguard and secure the information we collect about you. We have strict technical security standards and all our staff get regular training about how to keep information safe. In add

Related Articles

Comments

  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:
Comments:

Post my comment

Recent Comments

Follow Us on Twitter

Share This


Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: