Data protection

This notice tells you what to expect when we collect information about individuals (called 'personal data')

Under the Data Protection Act 1998, we are required to notify our use of personal data to the Information Commissioner’s Office (ICO). You can see our current notification on the ICO website.

We collect personal data about a range of people:

  • visitors to our websites
  • people we regulate
  • the clients of the firms we regulate (who we call consumers)
  • people who pose risks to the UK’s financial markets
  • people who use our services, eg who subscribe to our RSS feeds or e-newsletters
  • people who contact us
  • people who respond to our consultations
  • job applicants and our current and former employees

This privacy notice also provides information about:

  • processing personal data for regulatory functions
  • disclosure of personal information
  • access to personal information
  • how to contact us

Visitors to our website  

For more detail about the information collected when you use our website, including the use of Cookies, see our website privacy notice.

Regulatory Functions  

Parliament has given us a wide range of functions (things we have to do or may decide to do) to help us achieve the objectives they have set for us. The objectives include protecting consumers and the ‘integrity’ of the UK’s financial system.

In order to carry out our functions effectively, we have to ‘process’ personal data. Processing includes obtaining, keeping, altering, disclosing and deleting personal data. The reasons why we process personal data include (but are not limited to) the development of regulatory rules and guidance to protect the interests of consumers, and monitoring and investigating the activities of regulated and unregulated persons.

Our processing may include the use of data analytics, where required.


Regulated firms must provide information to us regularly or in particular situations. Most of the information has to be provided to us under the Financial Services and Markets Act 2000 through our reporting systems Gabriel and Connect, or from specific information requests made to regulated firms. Much of this information will be about a firm’s business, such as how it is structured and how it operates, but some of this information will be personal data about their employees or their clients.

The Financial Services Register

The Financial Services Register is a public record that shows details of firms, individuals and other bodies that are, or have been, regulated by the Prudential Regulation Authority and/or the Financial Conduct Authority. It also has information on firms regulated by the Financial Services Authority that had cancelled or stopped being regulated before April 2013. Some of the information on the Register will be personal data.

We are required by law to make this information publicly available and extracts of the Register can also be purchased for a fee. As the register is publicly available, we cannot give any guarantees as to how the information contained on the register will be used by those accessing it.

Responding to our consultations  

We make all responses to formal consultations available for public inspection, including responses from individuals, unless the respondent requests otherwise. We will not regard a standard confidentiality statement in an email message as a request for non-disclosure.

Despite this, we may be asked to disclose a confidential response under the Freedom of Information Act 2000. We may consult you if we receive such a request. Any decision we make not to disclose the response is reviewable by the Information Commissioner and the Information Rights Tribunal.

People who contact us 

We use a case management system to record details about our contact with you. This information is held securely and in line with our retention policy.

We will use your personal information to provide you with any information or services that you ask for, or to reply to any correspondence. We will also use it to analyse information, such as where in the country users of our helpline come from, what type of questions they are asking, and whether the service was able to give them useful information or guidance.

We also want your views on the service and any improvements you think are necessary. If this is something you agree to help us with, we would need to pass your contact details on to an independent research agency commissioned by us, so that they can get in touch with you.

Neither we nor our appointed agency will try to sell you anything. If we would like to use your information for any other purpose than those stated above, we will contact you to ask for your consent.

Contacting us by telephone

All calls to our Firm Contact Centre and Consumer Helpline are recorded for quality, evaluation and training purposes.

When you contact us we ask for some personal information. You are under no obligation to provide this information to us, but it enables us to provide a better quality of service when you contact us again. As a minimum, we will hold your name and phone number for the purposes specified above unless you inform us that you wish to remain anonymous.

We offer a translation service for customers when English is not their first language, this is provided by a third party company. The company that provides this service does not retain any information from the calls or record them.

Monitoring of emails

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.


For more detail about how we handle information provided by Whistleblowers see our page about how we use Whistleblower information.

Job applicants, current and former FCA employees  

As part of our recruitment process, personal information will be shared with our nominated agent (Resource Solutions). When individuals apply to work at FCA, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for one year after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical data about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Personal information may be shared with third parties only as required for their employment, including, but not limited to:

  • HMRC
  • the administrator of the FCA’s pension plan (Towers Watson)
  • the administrator of the FCA’s flexible benefits plan (Aon) and providers of services offered as part of that plan
  • the administrator of FCA Payroll (CGI)
  • the FCA’s travel bookings provider

Once their employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule.

Disclosure of personal information  

The Financial Services and Markets Act 2000 places restrictions on the information (including personal data) that we can and can’t share. Further detail about this is available on our Freedom of Information pages.

There are circumstances in which we may need to share personal data. We may need to do this in order to help us carry out our own functions. We may also share information with other bodies acting in the public interest, for example, other financial regulators or the police, to help them carry out their functions. Consistent with the UK being a major international financial centre, some of these bodies may be based in other countries (including those outside the European Economic Area).

When you contact us, in order to ensure we handle your correspondence effectively, we may contact relevant third parties to obtain further, relevant information. This may include, for example, the Financial Ombudsman Service, the Financial Services Compensation Scheme and regulated firms that may be relevant to your correspondence. If you do not want us to contact third parties in these circumstances, please let us know.

For more details about agreements we have with other organisations for sharing information or the circumstances when we can pass on personal information without consent, please view our registration with the ICO, or contact us.

Access to personal information  

Under the Act you have the right to access your personal information (subject to certain exemptions). If you wish to find out what information, if any, we hold that relates to you, you must make your request in writing. To ensure you provide everything we need to process your request, you may find it helpful to complete our Subject Access Request Form and send this to us using the contact details available below. A charge of £10 is made for these requests.

How to contact us  

This privacy notice does not provide exhaustive detail of all aspects of the FCA’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you want to request information about our privacy policy you can email us or write to:

Information Disclosure Team, Financial Conduct Authority, 25 The North Colonnade, London E14 5HS

FCA Switchboard: 020 7066 1000

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 25 February 2016.