Guidance

Single Network Analytics Platform (SNAP) Privacy Notice

Updated 1 April 2025

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/single-network-analytics-platform-snap-privacy-notice/single-network-analytics-platform-snap-privacy-notice

The Cabinet Office (CO) is committed to protecting the privacy and security of your personal information. This notice describes how we collect, process and use personal information about you in accordance with data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

We are required under data protection law to notify you of the information contained in this privacy notice.

1. Your data

1.1 Purpose

We use your personal data to identify legal entities such as companies that pose a high risk of public sector fraud. 

The Cabinet Office’s Public Sector Fraud Authority (PSFA) does this to support the Government’s plan to combat fraud and economic crime as stated in the Economic Crime Plan 2.0 (PDF, 1,638KB). Under action 35 “Review and improve data sharing to support the response to public sector fraud”, a key objective to disrupt fraud and economic crime is to improve the flow of intelligence between public and private organisations. This function is consistent with the PSFA’s Mandate (PDF, 3.4MB).

1.2 How your data will be used

The PSFA has built and deployed a Single Network Analytics Platform (SNAP) hosted on the secure cross-government cloud to prevent and detect fraud and economic crime in the public and UK’s financial services sector. As part of the project, there is a requirement to understand how UK-registered companies are linked using entity resolution and network analytics. These analytical processes are reliant upon Companies House data – which use your personal data (the non-public Companies House information) to help improve the accuracy of the entity resolution model. This enables the Cabinet Office to understand accurately the relationship between companies, company officers and persons with significant control for all UK-registered companies (past and present). 

The data will be used for entity resolution, network analysis and to create detection models to identify potential fraud involving limited companies.

Your data will be used in the following ways:

  • Entity resolution: To create a single view of an entity across all data within the platform. This involves comparing sets of data, such as the director and ‘persons with significant control’ data, against other records held by the same or another body to see how far they match. The data is personal and company information. 
  • Network generation: To link businesses and individuals in order to establish and visualise connections that were not previously understood.
  • Advanced analytics: To apply and design of detection models aimed at surfacing suspicious behaviour that may indicate suspected fraud of companies.
  • Visualisation and exploration: To allow an authorised user to search and explore suspected fraudulent entities and networks generated.

1.3 The data

The following personal data is used within SNAP:

  • Companies House register (including the full names, DOBs and usual residential addresses of company officers and persons with significant control).
  • Companies House payments data for statutory fees;
  • The UK Sanctions List from the Foreign, Commonwealth & Development Office (FCDO).
  • US Sanctions List from the US Department of the Treasury (OFAC);
  • World Bank Listing of Ineligible Firms and Individuals.
  • Offshore Leaks Database from the International Consortium of Investigative Journalists (ICIJ).
  • Financial Services Register of firms, individuals and other bodies that are Prudential Regulation Authority (PRA) and/or Financial Conduct Authority (FCA) authorised.
  • Serious and organised crime flags from the National Crime Agency relating to UK Registered Companies, company officers and persons with  significant control.
  • Insolvency notices from The Gazette relating to UK-registered companies, company officers and persons with significant control.

The legal basis for data processing is UK GDPR 6.1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case it is for the purpose of assisting in the prevention and detection of fraud against the public sector and the provision of economic crime data partnerships (per the Government’s Economic Crime Plan 2.0).

Our use of this data is authorised by Schedule 9 to the Local Audit and Accountability Act 2014, and we have had regard to the Code of Practice on Data Matching

1.5 Recipients

Your personal data will be shared by us with other government bodies (SNAP users), which will include UK Government Departments, Executive Agencies and Arm’s Length Bodies, and regulated UK banks participating in counter fraud data pilots with the Cabinet Office.

It will also be shared with our data processors who provide IT services to us.

1.6 Retention

Your personal data will be kept by us for a period of up to 5 years, or for as long as required by law, or for the duration of any active investigation.

1.7 Where personal data have not been obtained from you

Your personal data was obtained by us from a public body, agency or from providers of official open source data, such as, but not limited to Companies House, World Bank, Government Sanction Lists, FCA/PRA, London Gazette, and ICIJ. We may also obtain data from Experian about whether companies trade and their creditworthiness. 

1.8 Automated Decision Making 

We will not be making automated decisions leading to legal or significant effects for individuals. All information drawn from SNAP will be considered by authorised individuals (human agents).

2. Your rights

  • You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
  • You have the right to request that any inaccuracies in your personal data are rectified without delay.
  • You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
  • You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
  • You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
  • You have the right to object to the processing of your personal data.

3. International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through  adequacy regulations , reliance on the international data transfer agreement (IDTA) or the international data transfer addendum. 

4. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Email: icocasework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

5. Contact details

The lead data controller for SNAP is the Cabinet Office. In cases where an end user department/agency uses SNAP to risk organisations they are joint controllers with the Cabinet Office. In such cases the Cabinet Office is the lead data controller and all requests should be directed to the Cabinet Office. 

The following government departments and agencies are currently joint data controllers:

  • The Insolvency Service; 
  • Companies House.
  • Department for Culture, Media & Sport (DCMS); including the following ALBs;
    • British Film Institute
    • The National Lottery Community Fund; and 
    • Arts Council England 
  • Environment Agency

This means that we are jointly responsible for deciding how we hold and use personal information about you.

The contact details for the data controller / lead data controller are:

Cabinet Office
70 Whitehall, London
SW1A 2AS

Public Enquiries: Online Contact Form

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk

Back to top