Guidance

OPG privacy notice: deputy supervision

Updated 14 January 2026

Applies to England and Wales

• Publication for Northern Ireland
• Publication for Scotland

This Privacy Notice refers to Deputy Supervision related duties such as:

• supervision of deputies
• investigating concerns about how a deputy is acting
• maintaining the deputy register

This privacy notice sets out the standards that you can expect from the Office of the Public Guardian (OPG):

• when we request or hold personal information (‘personal data’) about you
• how you can get access to a copy of your personal data
• what you can do if you think the standards are not being met

OPG is an executive agency of the Ministry of Justice (MoJ).

MoJ is the data controller for the personal information we hold.

OPG collects and processes personal data for the exercise of its own and associated public functions. This includes supervision of court-appointed deputies, investigating safeguarding concerns raised by third parties, and responding to complaints.

About personal data

Personal data is information about you as an individual. It can be your name, address or telephone number. It can also include information about finances, benefit entitlement or medical conditions. We may also receive health or mental capacity information, or criminal conviction data.

We know how important it is to protect customers’ privacy and to comply with data protection laws. We will safeguard your personal data and will only disclose it where it is lawful to do so, or with your consent. This applies to the client, deputy, and any third parties.

Any information received, from any source, can form part of a court application.

Types of personal data we process

We only process personal data that is relevant for the services we are providing to you. This may include:

• name, dates of birth, address, contact details
• financial information
• decisions taken on behalf of the client
• social care information (local authority records)
• your computer’s Internet Protocol (IP) address when using our online services

These can be collected for the following purposes:

• reviewing the report of a court-appointed deputy
• arranging a visit by a Court of Protection visitor
• reports produced by Court of Protection visitors
• offering guidance and support to deputies and answering queries
• processing a fee payment or application for remission or exemption of fees
• investigating any safeguarding concerns relating a vulnerable adult
• recording of telephone calls to our contact centre
• assisting bond providers in ensuring premiums are paid

The legal basis for processing data

The information is processed so that OPG may carry out its lawful duties as set out in section 58 of the Mental Capacity Act (MCA) 2005.

The MCA states that the Public Guardian must, among other duties:

• establish and maintain a register of orders appointing deputies
• supervise court-appointed deputies

To do this, we may examine and take copies of: health records

• records held by a local authority
• any records held by a person registered under the Care Standards Act 2000

When processing data we must comply with the following legal bases:

• UK General Data Protection Regulation (GDPR) Article 6(1)(e) – Public task
• Special category data: substantial public interest and statutory and government purposes (Schedule 1 DPA 2018)

Failure to comply with the reasonable directions or requests of OPG in the exercise of these functions may result in an application for the removal of the appointed deputy.

Sharing information

We sometimes need to share the personal information we process with other organisations. Where this is necessary, we will comply with all aspects of the data protection laws.

The organisations we share your personal information with include:

• the Department for Work and Pensions (DWP)
• the Court of Protection
• Court of Protection visitors
• Solicitors Regulation Authority
• the police
• local authorities and social services
• the Government Legal Department,  Barristers and Parties to proceedings
• bond providers
• other government agencies
• the Department for Work and Pensions (DWP) and Social Security Scotland
• individuals who request a search of the deputy register

We also share data with organisations who provide secure IT, payment and case management services on behalf of the MoJ.

This list is not exhaustive and any decision to share information will be made on a case-by-case basis.

Although we make every attempt to protect your rights, under certain circumstances we have a legal duty to share your information, even if you do not consent. This might include the prevention or detection of crime, interests of counter-terrorism, and safeguarding responsibilities including child protection.

Court-appointed deputies are offered a free newsletter which we will only send out with your consent.

If you agree to receive this your name, address and email address will be shared with a third party publishing company, CDS, in order to send our InTouch newsletter.

You can ask to be removed from this mailing list at any time by contacting us, and we will offer you the option to withdraw your consent with every correspondence.

Office of the Public Guardian registers

When the Court of Protection appoints a deputy, we add the details of the deputy and client to the register.

Anyone can apply to search the Office of the Public Guardian registers as long as they can provide certain details about the person that want to search for.

Find out if someone has a registered attorney or deputy

Not all the information we hold about a person is on the registers. We disclose additional information only when the request for it is reasonable and justified and where the law says we can.

Find out more about the Office of the Public Guardian registers

Transfer of personal data overseas

Personal data is transferred to the Republic of Ireland for the purpose of hosting our primary case management system and hosting the data held on the MoJ Analytical Platform. These international transfers comply with UK data protection law.

How long we keep personal data

We will keep personal data only for as long as:

• we need it to carry out the services we provide to you
• the law requires us to

OPG publishes a record retention disposition schedule (RRDS), which shows how long different types of information are kept. At the end of this period your data is disposed of. Data held on the MoJ Analytical Platform is retained for 20 years.

Access to personal data

You can find out if we hold any personal data about you by making a subject access request. 

To request details of personal data we hold, please send your request to:

Information Governance and Data Protection
Ministry of Justice
Post point 10.38
10th Floor
102 Petty France
London
SW1H 9AJ 

You can also make your Subject Access Request via our online service:

Request personal information from the Ministry of Justice - GOV.UK

You can find more information about your rights under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) or our personal information charter.

Use of Artificial Intelligence (AI)

Artificial intelligence (AI) is the theory and development of digital technology to be able to perform tasks normally requiring human intelligence. This includes the creation or use of large language models and machine learning.

OPG uses AI and other automated technologies to help improve the efficiency of some of our processes. AI tools may be used to support activities such as data analysis, quality assurance, and generating or updating guidance materials. Any use of AI is carefully assessed to ensure it complies with data protection law, aligns with OPG’s statutory functions, and does not make decisions that have a direct effect on individuals without appropriate human review. The use of AI is continually monitored and governed in line with MoJ policies, ensuring your personal data remains protected and used fairly, transparently and lawfully.

When we ask you for personal data

We promise:

• to inform you why we need your personal data and ask only for the personal data we need
• not to collect information that is irrelevant or excessive
• to protect your personal data and make sure no unauthorised person has access to it
• only to share your data with other organisations for legitimate purposes where appropriate and necessary
• to make sure we don’t keep it longer than is necessary
• not to make your personal data available for commercial use
• to consider your request to correct, stop processing or erase your personal data

You can get more details on:

• agreements we have with other organisations for sharing information
• circumstances where we can pass on personal information without telling you, for example, to help with the prevention or detection of crime or to produce anonymised statistics
• how we check that the information we hold is accurate and up to date
• how to make a complaint
• how to contact the MoJ Data Protection Officer

For more information about these topics, please contact:

OPG information Assurance
PO Box 16185
Birmingham
B2 2WH

OPGInformationAssurance@publicguardian.gov.uk

For more information on how and why your information is processed please see the information provided when you accessed our services or were contacted by us.

Data Protection Officer

If you have any concerns about how OPG is handling your personal data, you may contact the Data Protection Officer (DPO).

The DPO provides independent advice and monitoring of our use of personal information.

You can contact the Data Protection Officer at:

MoJ Data Protection Officer
Post point 10.38
102 Petty France
London
SW1H 9AJ

DataProtection@justice.gov.uk

Complaints

When we ask you for information, we will keep to the law. If you consider that your information has been handled incorrectly, you can contact the Information Commissioner for independent advice about data protection.

You can contact the Information Commissioner at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk