Skip to main content
Guidance

Privacy Notice for Managing the Public Sector and Collective Leadership Networks

Updated 14 July 2026

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).

The Public Sector and Collective Leadership teams form part of the Cabinet Office. They bring together leadership development and network-building efforts across government and the wider public sector.

Background

The aim of the Public Sector and Collective Leadership teams is to improve systems thinking and doing, breaking down the barriers between national and local, policy and delivery, and strategy and operations to achieve better outcomes for public service delivery. To do this, we maintain a secure database of senior leaders to offer leadership programmes, events and other learning interventions, and use this data to manage all aspects of our relationship with our audience.

The processing also includes former, current, and prospective speakers for our leadership programmes, events and other learning interventions, alongside the contact information for personal assistants, private offices, and other support staff.

Your Data

Purposes

We process personal data to deliver leadership programmes, events, networks, and other learning interventions for public sector leaders.

We intend to:

  • Collect professional identifiers and contact details via online forms, direct engagement, and targeted research of public sources (such as LinkedIn) or referrals from sectoral bodies (such as the College of Policing, or the National Fire Chiefs Council). This data is used to populate our leadership database, allowing us to invite eligible senior leaders to join our active networks and programmes.
  • Maintain records of senior leader’s professional identifiers, professional interests and engagement history to organise leadership events, programmes, and networks, ensuring our outreach and content are tailored to the network’s needs.
  • We will capture ‘crowd networking’ promotional photographs at our events and programmes for publication on government digital channels and in communications. For our events you will be given the opportunity to opt out of this by emailing the team in advance. For our programmes, your preferences will be captured during the application process.
  • Seek volunteers to participate in research and impact evaluations to build the evidence base around leadership and its impact on public services.
  • Send newsletters, network updates, and track engagement with digital communications (such as monitoring email open rates) to tailor our outreach effectively.
  • Seek feedback on the effectiveness of our interventions through post-event/programme evaluation forms.
  • Collect diversity data (ethnicity and gender identity) on a strictly voluntary basis during programme applications to monitor the inclusivity of our interventions and track representation over time.
  • Process health-related data (disability and allergen information) provided voluntarily by attendees to ensure our leadership interventions are fully accessible and inclusive.
  • Manage our peer-to-peer networking programme, Coffee Connect,  to connect matched participants across different public sector boundaries
  • Use a secure, closed Cabinet Office instance of a large language model (Gemini) to assist with internal  data calculations, reporting workflows, and aggregated demographic breakdowns (such as analysis by grade or sector). Any onward reporting will be anonymised and only provide aggregate information.

The data

We will process the following personal data: name, preferred name, work email address, phone number, work address, business-facing social media account (such as LinkedIn URLs), job title, civil service grade or equivalent rank, professional interests, sector or service (e.g. civil service, police, fire & rescue, health, local government, education, armed forces),  event attendance history,  digital communication interactions, opinions, ethnicity, gender identity, disabilities and allergen information.

We will also use photographs taken at our events for promotional and digital channels to publicise the network. For development programmes, your photography preferences are captured via explicit consent during the application process. For networking events, delegates are notified in advance so they can opt out by emailing the team before the event takes place.

The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller - specifically, to ensure that senior leadership across the wider public sector is effective, collaborative, and capable of delivering public services efficiently.

The legal basis for sharing basic contact identifiers between participants within the Coffee Connect peer-networking programme is consent provided by individuals at the point of application.

The legal basis for processing group photographs for promotional communications and digital channels  is that it is in our legitimate interest to do so to promote the visibility, impact, and reach of the Public Sector Leadership and Collective Leadership Network. 

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

The legal bases for processing your sensitive personal data are:

For diversity monitoring (ethnicity and gender identity) - Processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department, and is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with a view to enabling such equality to be promoted or maintained. However we only collect this data from you when you volunteer it.

For reasonable (health) adjustments and allergen management at  events - It is necessary for the purposes of performing or exercising our obligations or rights as the controller, or the data subject’s obligations or rights, under employment law, social security law or the law relating to social protection.

Recipients

Your personal data will be shared by us with our third-party data processors who provide email, document management, and secure cloud storage services.

We host and manage your personal data using a secure cloud-based Customer Relationship Management (CRM) platform.

We will publish event photography on our promotional and digital channels to publicise the network, making these images accessible to the general public.

For research and long-term evaluation purposes, de-identified or pseudonymised datasets may be shared with external research partners procured through official government frameworks.

Your professional email address will be shared with Eventbrite for the purpose of enabling you to attend events, as well as your accessibility and dietary needs. Any other personal data collected by Eventbrite is done under their own data controllership <https://www.eventbrite.co.uk/help/en-gb/articles/460838/eventbrite-privacy-policy/>

National Security and Restricted Records

For leaders operating in sensitive national security positions or restricted roles, a strict policy of data minimisation is enforced. We store only minimal professional identifiers (such as first name, last name initial, grade, and private office contact details). We do not record qualitative relationship insights (“soft intel”), professional interests, or special category diversity data for individuals falling under these protective security categories.

Retention

We retain records across different statuses depending on your engagement with the network:

  • We hold professional identifiers and contact details for as long as an individual occupies an eligible senior role within the public sector, or serves as an active speaker or support staff member. Active engagement is not a requirement for retention, as data is held to maintain a comprehensive national leadership directory.
  • If an individual leaves their eligible role, transitions to the private sector, or retires, their record is moved to a ‘Former’ status and retained for up to 10 years to support our long-term impact research and career trajectory tracking.
  • If an individual requests to be removed from the network, their profile is marked as ‘Opted Out’ and locked into a permanent do-not-contact state. We retain their full record on our database including past attendance and demographic history, to maintain the integrity of our historical reports and research, but they are completely excluded from all future communications.
  • In the event that we are notified of a member’s death, their record is updated to a ‘Deceased’ status; all contact details are suppressed from future communication lists, and the record is held purely to maintain the accuracy of historical reporting and statistical trends.
  • Information relating to disabilities, health conditions, or dietary requirements is collected on an event-by-event basis via Eventbrite or direct email to ensure accurate accommodations are made. This data is used solely for the operational delivery of that specific event and is never transferred to or stored on our database. We delete information relating to disabilities, health conditions and dietary requirements collected via Eventbrite, from our systems and from Eventbrite three times per year.

Data records are subject to a data validation cycle every 6 months to ensure information is accurate, relevant, and updated against official sectoral notifications. All personal records held under a Former, Opted Out, or Deceased status will be permanently deleted or fully anonymised 10 years from the date their status was updated. 

Where personal data have not been obtained from you

To build and maintain a comprehensive directory of senior public sector leaders, we actively research public sources. This includes monitoring official public sector websites, reviewing professional networking platforms (such as LinkedIn), monitoring sector press releases regarding senior appointments, and directly contacting organisational private offices and leadership academies (such as the NHS Leadership Academy and the College of Policing) to verify current post-holders. We then approach individuals directly and invite them to be a member of the Leadership Network.

Your Rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data.

International Transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision or reliance on Standard Contractual Clauses.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.  The Information Commissioner can be contacted at:  Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or icocasework@ico.org.uk.  Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact Details

The data controller for your personal data is the Cabinet Office. The contact details for the data controller are: Cabinet Office, 70 Whitehall, London, SW1A 2AS, or 0207 276 1234, or https://www.gov.uk/guidance/contact-the-cabinet-office

The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk.

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.