We aim to make this site as accessible as possible and therefore have provided the settings below to use if you are finding it difficult to view this website. See the SFO Accessibility Statement for more information.

Where it is appropriate to provide a Welsh translation, you can switch to Cymraeg. See the Welsh Language Commissioner website for more information.

Use the settings button in the bottom right corner of the page to access these settings again.

We would like to use Analytics Cookies on our website. 

Turn these on below if you are happy with us collecting information on how our site is used, in order for us to improve the overall experience of our website. 

All other cookies are necessary and therefore by continuing to browse this website, you are agreeing to the usage of these cookies.

 See the SFO Privacy Policy for more information. 

Analytics Cookies

Privacy notice and cookies


The Serious Fraud Office (“SFO”) is committed to the responsible handling and security of personal data. Your privacy is important to us and protected in law.

Personal data is any data which identifies a living individual directly or indirectly, in particular by reference to an identifier such as their name, address or date of birth.

The processing of personal data can mean anything we do with personal data, including but not limited to collecting, recording, storing and sharing.

Data Controller

The Director of the Serious Fraud Office is the data controller. You can contact the SFO at:

Email: [email protected]

Address: The Serious Fraud Office, 2-4 Cockspur Street, London, SW1Y 5BS

Telephone: +44 (0)20 7239 7272 / 7152

Data Protection Officer

You can contact the SFO’s Data Protection Officer at:

Email: [email protected]

Address: Data Protection Officer, Serious Fraud Office, 2-4 Cockspur Street, London, SW1Y 5BS

How are your rights protected?

The primary purpose for processing personal data determines what law protects your rights and provides the legal basis for our processing activities.

Your rights are protected by either:

  1. The General Data Protection Regulation (“UK GDPR”) and Part 2 of the Data Protection Act 2018; or
  2. Part 3 of the Data Protection Act 2018 (“DPA 2018”).

Where the SFO processes your personal data for general purposes not relating to our casework, the UK GDPR and Part 2 of the Data Protection Act apply.

Where the SFO processes your personal data for law enforcement purposes in connection with our casework, Part 3 of the Data Protection Act applies.

What information do we collect about you?

The SFO collects personal data from a range of sources in the course of the exercise of its statutory Law Enforcement functions. Types of personal data we process under Part 3 of the DPA 2018 may include information such as:

  • Personal details including name, address, contact details, proof of ID, date of birth
  • Financial information
  • Location and communications data
  • Sound and visual images
  • Conviction data
  • Online identifiers such as IP addresses
  • Any other personal data about you or other individuals collected by the SFO which is necessary and processed lawfully for the purposes under Part 3 of the DPA 2018.

We also process personal data that is unrelated to our law enforcement processing, including in the course of our administrative functions such as staff administration, procurement, property management, media and public correspondence.

Types of personal data we process under UK GDPR and Part 2 of the DPA 2018 may include information such as:

  • Personal details including name, address, contact details, proof of ID, date of birth
  • Employment details
  • Personal data supplied in requests, complaints or correspondence
  • Job applications or applications to join an SFO Counsel Panel
  • Information relating to safeguarding or victim support services
  • Any other personal data about you or other individuals collected by the SFO which is necessary to discharge our general administrative duties

We may also need to process special categories of personal data (also referred to in Part 3 of the DPA 2018 as “sensitive processing”) for either our general or law enforcement purposes. This could include personal data revealing:

  • Racial or ethnic origin
  • Political opinions
  • Religious, cultural or philosophical beliefs
  • Trade union membership
  • Physical or mental health
  • Sex life or orientation
  • Genetic or biometric data

Whose personal data do we handle?

In order to carry out our functions we process information relating to a wide variety of individuals.

For law enforcement purposes in connection with our casework these may include:

  • People suspected of an offence
  • Victims
  • Witnesses
  • People convicted of an offence
  • Solicitors and counsel
  • Expert witnesses and interpreters
  • Members of the public
  • Colleagues from other law enforcement agencies, Government departments, regulators or international organisations
  • Former and existing members of staff

For general purposes not relating to our casework this may include:

  • Complainants, correspondents and enquirers
  • Members of the public
  • Journalists and the media
  • Suppliers and commercial partners
  • Colleagues from other law enforcement agencies, Government departments, regulators or international organisations
  • Consultants and other professional experts
  • Former, potential and existing members of staff

Why do we use personal data?

The SFO is a specialist prosecuting authority responsible for investigating and prosecuting the top level of serious or complex fraud, bribery and corruption. In addition, the SFO also pursues criminals for the financial benefit they have made from their crimes and assists overseas jurisdictions with their investigations into serious and complex fraud, bribery and corruption cases.

We will process personal data for the law enforcement purposes as outlined in Part 3 of the DPA, specifically as part of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.

The Criminal Justice Act 1987 empowers the Director of the SFO to investigate suspected offences of serious or complex fraud, and bribery and corruption. Acting in accordance with these powers provides the SFO with a basis in law to process personal data for law enforcement purposes. For data protection purposes we are a competent authority under the DPA 2018 schedule 7.

The SFO also processes personal data for non-law enforcement purposes. This includes for recruitment, staff administration, responding to enquiries, requests or complaints, and maintaining our accounts and records. Depending on the nature of the data and why we need to process it, there may be a number of different legal bases that apply, including where:

  • the processing is necessary to perform a task in the public interest or for official functions, such as where we make referrals to victim and witness support services or share information for regulatory purposes
  • the processing is necessary for a contract or to take specific steps before entering into a contract, such as where we vet and recruit employees or procure goods and services
  • the processing is necessary in order to comply with a legal obligation, such as where we are required to respond to Freedom of Information Act 2000 or other statutory requests
  • there is legitimate interest to do so, and it is necessary and balanced against your own interests, rights and freedoms
  • on the rare occasions where processing data becomes necessary to protect your vital interests (or someone else’s vital interests), such as in line with our safeguarding policy

Who will we share data with?

During the course of our casework the SFO may share personal data either internally or with other individuals or organisations. This may be for the purposes of furthering the SFO’s investigations and prosecutions, as part of joint investigations, responding to requests for assistance, or as part of complying with our statutory duties to disclose information.

These recipients will include, but are not limited to:

  • Other UK or overseas law enforcement agencies
  • UK or overseas Government departments
  • The Court
  • Witnesses or interviewees
  • Expert witnesses, interpreters and other professional experts
  • Counsel
  • Financial institutions and regulatory bodies
  • Administrators and Liquidators
  • Other third party data holders in context of an investigation

We may also need to share data for non-law enforcement purposes, including to:

  • Service providers
  • Current, past and prospective employers
  • Local authorities or victim and witness support services
  • Government departments
  • Regulatory bodies

How long do we keep personal data?

Whilst held on SFO systems your personal data is subject to internal data retention policies.

The appropriate retention period for law enforcement data will be determined by the lifecycle of the investigation and prosecution, along with any outstanding actions or orders following its conclusion.

Where data is held for general purposes the SFO will only retain your personal information for as long as necessary. We will securely dispose of your data when it is no longer necessary to retain it.

How do we keep your data secure?

The SFO has put in place appropriate technical and organisational measures to safeguard and secure the information we collect about you. We have strict technical security standards and all our staff get regular training about how to keep information safe. In addition we limit access to your personal information to those employees, contractors and other third parties who have a business need to know.

Your rights as a data subject

Under the UK GDPR and DPA 2018 you have a number of rights in relation to the data we process about you. Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”)
  • Request rectification of the personal information that we hold about you
  • Request erasure of your personal information
  • Object to processing of your personal information
  • Request the restriction of processing of your personal information
  • Request the transfer of your personal information to another party

Please note that some of the rights listed above may be restricted. More information about your rights can be found on the Information Commissioner’s Office website.

We also sometimes need to request specific information from you to help us confirm your identity. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If you wish to exercise any of your rights please email the SFO using the following email address: [email protected]


If you wish to make a complaint about the way your personal data has been processed you should contact the SFO’s Data Protection Officer using the contact details on this page.

You also have the right to lodge a complaint with the Information Commissioner. You can contact the Information Commissioner’s Office at:


Address: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: +44 (0)303 123 1113


To make this site simpler, we sometimes place small data files on your computer. These are known as cookies. Most big websites do this too. They improve things by measuring how you use the website so we can make sure it meets your needs. Our cookies are not used to identify you personally. They are just here to make the site work better for you.

Indeed, you can manage and/or delete these small files as you wish. To learn more about cookies and how to manage them, visit AboutCookies.org or Direct.Gov.uk; or please read on to find out more about how and where we use cookies.

How we use cookies

We use cookies in several places. We have listed each of them below with more details about why we use them and how long they will last.

Strictly necessary cookies

Most of our cookies are strictly necessary and do not store your personal data. These are used to enable core functionality such as security, network management, and accessibility.

The following cookies are strictly necessary in order for the website to function correctly.

Cookie Name Purpose
PHP Session ID PHPSESSID The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. On the Action website it is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.
Load Balancing Cookie ROUTEID Used by load balancing.
SFO Cookie sfo_cookie Used to track if the user has been shown the cookie banner.

Measuring website usage (Google & Twitter Analytics)

We use Google Analytics and Twitter analytics to collect information about how people use this site. We do this to make sure it is meeting its users’ needs and to understand how we could make it better. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on.

We do not collect or store your personal information (for example, your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data.

The following cookies are set by Google Analytics:

Name Typical content Expires
_utma randomly generated number used by Google Analytics to identify unique visitors 2 years
_utmb randomly generated number used by Google Analytics for general visitor tracking 30 minutes
_utmc randomly generated number used by Google Analytics to identify unique visitors when you close your browser
_utmz randomly generated number used by Google Anaytics to identify how our site was reached (for example, directly or through a link or organic search) 6 months

For further details on the cookies set by Google Analytics, please visit the Google Code website. Please see here for the Social Media Policy.

How do I change my cookie settings?

You can change your cookie preferences at any time by clicking on the ‘Settings’ tab. You can then adjust the available sliders to ‘On’ or ‘Off’, then clicking ‘Save and close’. You may need to refresh your page for your settings to take effect.

Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.