Guidance

Privacy Notice for Crisis, Incident and Event management - Cabinet Office Crisis Management Capability

Published 1 October 2019

© Crown copyright 2019

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/privacy-notice-for-crisis-incident-and-event-management-cabinet-office-crisis-management-capability/privacy-notice-for-crisis-incident-and-event-management-cabinet-office-crisis-management-capability

This notice sets out how the Cabinet Office may use your personal data, and your rights.

1. Your data

1.1 Purpose

The purpose for which Cabinet Office may process your personal data is to support emergency preparedness and the response to actual or potential civil emergencies and wider national security threats.

This data is used to provide situation awareness and to support emergency preparedness, response and recovery activity within central government.

1.2 Examples of data usage:

  • Maintaining contact details of public sector officials so that they can be contacted in relation to national crises, or in relation to resilience policy or other operational matters

  • Contacting individuals within government and external organisations to facilitate engagement on resilience policy issues, including organising events and meetings

  • Looking for patterns or blooms in social media activity, serving as indicators of unexpected or emerging events/incidents that could trigger response mechanisms

  • Correspondence, consultation and information-sharing on recovery and human aspects policy matters for the local and national recovery advisory groups

  • The production of reports, assessments and analysis to inform the safeguarding of national security and development of government policy

  • To maintain overall control of the Mobile Telecommunications Privileged Access Scheme (MTPAS) which necessitates the keeping of a master entitlement list (MEL) of all organisations registered.

The legal basis upon which we may process personal data is that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. The legal basis upon which we may process special categories of personal data is:

  • it is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department.

  • the processing relates to personal data which has been made public by the data subject, in the case of personal information obtained through open source research, or the data has been provided by the individual for a specific purpose.

The processing by us of personal data relating to criminal convictions and offences or related security measures is: (a) either carried out under official authority, or (b) because the processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department.

1.4 Recipients

Personal data may be shared where necessary and proportionate with other public bodies. Depending upon the nature of the crisis, incident or event, and where necessary and proportionate, we might also on rare occasions need to share personal data with private or third sector recipients.

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.

1.5 Retention

Personal data will be destroyed when no longer needed for the purpose for which it was collected.

1.6 Automated Processing

In relation to the use of data covered by this notice, the Cabinet Office does not make decisions which produce legal effects concerning the data subject based on automated processing, including profiling.

1.7 Where personal data have not been obtained from you

Your personal data were obtained by us from public sources and other public authorities.

2. Your rights

You may have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You may have the right to request that any inaccuracies in your personal data are rectified without delay.

You may have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You may have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You may have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You may have the right to object to the processing of your personal data.

However, please be advised that the Cabinet Office may not be obliged to comply with a request if an exemption applies. For example, this might be required to safeguard the interests of national security. In such a situation, this will be explained to you.

3. International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

We may occasionally transfer personal data outside the European Union to a country without an adequacy decision where this is necessary for important reasons of public interest.

4. Contact details

The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:

Cabinet Office
70 Whitehall
London
SW1A 2AS

Public Enquiries: Online Contact Form

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk

5. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.

The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
0303 123 1113
casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Back to top