Guidance

Privacy Notice for Public Sector Fraud Authority including the Government Counter Fraud Profession (HTML)

Published 3 October 2024

The Public Sector Fraud Authority (PSFA) is the UK government’s Centre of Expertise for the management of fraud (and associated error) against the public sector.

The PSFA leads the Government’s Counter Fraud Profession (GCFP), which brings together the c.16,000 people who work in ministerial departments and public bodies to fight fraud. (Not all colleagues in the PSFA are members of the GCFP.)

One remit the PSFA has in its Mandate is to build capability and set common standards for individuals across government. These are achieved via the Government Counter Fraud Profession, established in 2018.

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

Your Data 

This notice explains how The Public Sector Fraud Authority (PSFA), including the Government Counter Fraud Profession (GCFP), will collect, use or otherwise process the personal data we collect from you. This includes recorded events/meetings and material obtained for the purposes of PSFAs internal Learning and Development programmes and GCFP Knowledge Hub. Knowledge Hub is a centrally managed platform that maintains a repository of guidance, knowledge and other profession-related information sharing to support GCFP colleagues learning. (Recorded can also mean screen-captured images and voices during such events.)

Purpose

The purposes for which we are processing your personal data are:

1. The PSFA will record various Learning and Development events and meetings and share these with new and existing PSFA colleagues. This will provide - 

  • PSFA colleagues the opportunity to review the content multiple times if required to aid understanding of content.
  • PSFA colleagues with a way of catching up on missed events/meetings. 

2. The GCFP will maintain a list of profession members on a secure spreadsheet operated by and accessible only to Practice, Standards and Capability team members within PSFA. Profession member email addresses will be used to invite members to create accounts on Knowledge Hub and join the GCFP Members group. This personal information is provided directly by members and likely to extend to one or more requirements in the list below - 

  • Members access Knowledge Hub and allow the use of cookies to track usage, to validate user identity and improve the user experience..
  • Members register their details on Knowledge Hub.
  • Members provide further optional information by updating their profile.
  • Members use certain features and services of the site (for example, using a “contact us” form).

3. Using Knowledge Hub, GCFP members will access, share, discuss, blog and collaborate on documents, events and information - 

  • to operate a mailing list for members to contact one another and to create their own practitioner profiles, blogs and message boards
  • to circulate content in text, video and audio form, training, presentations, webinars, departmental toolkits, L&D documents 
  • to invite members to events and to circulate related information as appropriate
  • to share career resources including development, job descriptions, coaching, mentoring, shadowing and guidance to support the capability of learning & development across the Government Counter Fraud Profession
  • anyone uploading documents should comply with their departmental policies, and review the documents first. Copyrighted materials should not be uploaded

4. The PSFA Communications and Engagement team will engage with the GCFP members through MailChimp. Mailchimp is a contracted 3rd party email marketing provider and by using the email “BCC” function, the PSFA Communications and Engagement team will send fraud related communications relevant to their roles. Only GCFP member email addresses will be shared with Mailchimp.

The Data

For PSFA Colleagues we will be adding content to the Cabinet Office Google Drive of PSFA internal events/meetings. We will process the following personal data - 

  • Full names
  • Work email addresses
  • Opinions/questions - voice / written
  • Images

For GCFP members who register on Knowledge Hub, we will process the following personal data -

  • Full names
  • Work email addresses
  • Government Department / ALB
  • Job title
  • Opinions/questions - voice/written 
  • Images

For PSFA Colleagues to contact GCFP members we will be adding GCFP member email addresses to Mailchimp.

Lawful Basis for Processing

The PSFA has a legitimate interest in processing your personal data - 

  1. For PSFA colleagues to access shared recordings (for reasons listed in the purpose)
  2. To enable GCFP Members to register on Knowledge Hub (for reasons listed in the purpose).  

This legitimate interest lies in ensuring wide access to training and development for its staff and GCFP members. 

For PSFA colleagues, the intention to record will be advertised in advance and also at the beginning of each event/meeting, giving the opportunity not to participate.

For GCFP members who are presenting content, for capturing & retaining audio/video recordings on Knowledge Hub - the lawful basis for processing is that they consent to us doing so. The intention to record will be shared with the presenter in advance of any recordings taking place, giving them the opportunity not to participate. 

Recipients

For PSFA colleagues, as your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services. 

For GCFP members, your personal data will be shared by us with other Government Departments and ALB colleagues, Google, Knowledge Hub and Mailchimp. 

Retention 

We will retain the data for no longer than necessary to achieve the purposes outlined above.

PSFA events/meeting recordings will be deleted when they are no longer relevant for learning and development purposes, with a maximum retention period of 2 years. To be reviewed annually. The reason for this is to support Counter Fraud capability developed in the PSFA as part of business continuity.

For GCFP Members registered on Knowledge Hub, there is an “unsubscribe” option and a regular programme of data-cleansing is carried out to remove inactive accounts. GCFP events/meetings recordings will be reviewed annually and deleted when they are no longer relevant for learning and development purposes, due to changes in legislation/practice or being superseded by more recent resources, with a maximum retention period of 5 years. 

If someone leaves the Public Sector and/or Civil Service but does not close their account, then the administrators of the Knowledge Hub Learning Group will remove them. The administrators are Select members of the Practice, Standards and Capability team in PSFA have administrative privileges for the GCFP Members group on Knowledge hub.

Your Rights

You have certain rights regarding your personal data under applicable data protection laws. These may include:

  • The right to access your personal data.
  • The right to request rectification of inaccurate personal data
  • You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement. 
  • The right to request the erasure of your personal data in certain circumstances.
  • The right to restrict the processing of your personal data.
  • You have the right to withdraw consent to the processing of your personal data at any time.

International Transfers

As your personal data is stored on our Corporate IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision, reliance on Standard Contractual Clauses, or reliance on a UK International Data Transfer Agreement.

As your data will be shared with Google, Knowledge Hub and Mailchimp which provides data processor services to us, it may be stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through…

  • an adequacy decision by the UK Government
  • standard Contractual Clauses and/or a UK International Data Transfer Agreement

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website or through other appropriate communication channels.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Email: [email protected]

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is the Cabinet Office.

Cabinet Office
1st Floor, 10 Great George Street
London
SW1 3AE

The contact details for the Data Protection Officer (DPO) at the Cabinet Office are: [email protected]

The Data Protection Officer provides independent advice and monitoring of the Cabinet Office’s use of personal information.