Open consultation

Ransomware consultation privacy notice

Published 14 January 2025

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/consultations/ransomware-proposals-to-increase-incident-reporting-and-reduce-payments-to-criminals/ransomware-consultation-privacy-notice

How and why your data is being used

The Home Office has developed three new ransomware-focused measures, aiming to tackle the issue of ransomware. This consultation is seeking feedback on these three proposals. The Home Office will collate and analyse responses on respondents’ views on new proposed measures. The Home Office will use the responses to develop understanding and impact of the suggested proposals and to develop legislation if necessary. We will summarise all responses and publish this summary on GOV.UK.

The Home Office collects and processes personal information to fulfil its legal and official statutory functions. We will only use personal information when the law allows us to and where it is necessary and proportionate to do so.

The Home Office is only allowed to process your data where there is a lawful basis for doing so. We have systems and policies in place to limit access to your information and prevent unauthorised disclosure. Staff who access personal information must have appropriate security clearance and a business need for accessing the information, and their activity is subject to audit and review. The lawful basis for the collection and processing of this data is Article 6(1)(e) of the UK GDPR processing is necessary for a performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller.

More information about the ways in which the Home Office may use your personal information, including the purposes for which we use it, the legal basis, and who your information may be shared with can be found at Information rights privacy information notice.

Storing your information

Your personal information will be held for as long as necessary for the purpose for which it is being processed and in line with departmental retention policy. For a consultation data will be destroyed 5 years after the project has closed.

More details of this policy can be found at What to keep: Home Office retention and disposal standards.

Confidentiality

Information provided in response to this consultation, including personal information, may be published or disclosed in accordance with the access to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act 2018 (DPA), the General Data Protection Regulation (GDPR) and the Environmental Information Regulations 2004).

If you want the information that you provide to be treated as confidential, please be aware that, under the FOIA, there is a statutory Code of Practice with which public authorities must comply and which deals, amongst other things, with obligations of confidence. In view of this it would be helpful if you could explain to us why you regard the information you have provided as confidential. If we receive a request for disclosure of the information we will take full account of your explanation, but we cannot give an assurance that confidentiality can be maintained in all circumstances. An automatic confidentiality disclaimer generated by your IT system will not, of itself, be regarded as binding on the Home Office.

The Home Office will process your personal data in accordance with the Data Protection Act 2018.

Requesting access to your personal data

You have the right to request access to the personal information the Home Office holds about you. Details of how to make the request can be found at Personal information charter - Home Office.

Your personal information, supplied for the purposes of this consultation, will be held and processed by the Home Office. The Home Office is the controller of this information. Contact the Ransomware Legislative Proposals Consultation Team for questions relating to the consultation:

Ransomware Legislative Proposals Consultation
Homeland Security Group
Home Office
6th Floor, Peel Building
2 Marsham Street
London
SW1P 4DF

Email Address: ransomwareconsultation@homeoffice.gov.uk

Questions or concerns about personal data

The Home Office has a data protection officer who can be contacted if you wish to complain how the Home Office has managed and used your personal data. Details of the department’s data protection officer can be found at dpo@homeoffice.gov.uk 

Or write to:

Office of the DPO Home Office
Peel Building
2 Marsham Street London
SW1P 4DF

You have the right to complain to the Information Commissioner’s Office (ICO) about the way the Home Office is handling your personal information. Details on how you do this can be found at Make a complaint.

Back to top