Skip to content

Personal information

We protect it carefully

This video has sub-titled versions in the following languages:
عربي, 中文, Nederlands, English, Français, Deutsch, Italiano, Español 
Accessible via the 'cc' button in the video player menu once the video starts.

What it's all about

None of us wants to have our privacy invaded or our identity stolen. We don’t want it to happen to the people we work with either. So, it’s in all our interests to keep personal information safe and secure, and only ever use it for the right purpose.

Serco handles all sorts of personal information about us, and our customers, colleagues, business partners, service users and their employees. Much of it is sensitive - like health details or bank account numbers.

If we let this information get into the wrong hands or do not process it properly, it can cause huge distress, damage and harm to individuals and expose them to financial scams and identity theft.

To protect us and ensure we properly protect and only use personal information for the purpose for which it was intended we have to follow a set of Data Protection Principles (you’ll find these explained in the Toolbox).

We must all follow these principles whenever we handle personal information. If we don’t, people can have their privacy invaded, we can face disciplinary action and do serious damage to Serco and any other organisation that may have been involved.

“I accidentally sent the wrong email and now there is a risk that personal data could get into the wrong hands. But I reported it immediately so we can limit any damage.”

What we all need to know and do

  • We keep and manage personal data in accordance with our Data Protection Principles, especially sensitive personal data which is high risk to data subjects.

  • If we become aware that personal data is being used outside the Data Protection Principles, we Speak Up immediately. We can notify our manager, Data Protection Officer, Data Protection Champions, or Information Security Lead.

  • We maintain the correct privacy standards when dealing with personal data. We ensure it is processed in accordance with Serco’s standards, or our customer’s requirements where those apply.

  • We take care to keep our own personal data up to date. We promptly notify our manager or Human Resources Lead of any changes.

  • We never disclose personal data to anyone who doesn’t have the right to see it or the need to know it.

  • We take great care and work with our manager, Data Protection Officer, Data Protection Champions, or Information Security Lead when we have to transfer or access personal data internationally to ensure we are following the rules for transfer in another jurisdiction.

  • We securely destroy personal data when it is no longer needed, or when required by Serco’s data retention policy.

  • When storing personal data, we ensure it is in a protected environment. We never leave personal data on a printer, shared server or publicly accessible computer or website.

Metal toolbox with open lid

Your toolbox for policies, definitions and manager guidance

View toolbox


Every day it’s the same. I get up, knowing I’ve got to go to work and feeling that I just can’t. Because they all know!

It was my life - my private life! And now it’s out there, for everyone to see - forever!

I know it was a mistake. I know the person responsible never meant to let my details be seen by others. And I know how sorry they feel. But that doesn’t change the fact that it happened. A mistake that I have to pay the price for.

I just can’t walk in knowing that everyone might know. I can’t sit at my desk thinking they’re looking at me. I can’t walk past people and look any of them in the eye. I can’t bear to think that when I’m not there they’re talking about me.

But I have to.

We must all follow the Data Protection Principles.
If we don’t we can ruin people’s lives.

Ah yes, I’d seen these signs before. My own journey with alcohol was something I continually tried to learn from and I’m now 25 years sober. But I saw it in Ruz. Then I saw him at an AA meeting, so he knew I knew, but of course I was keeping that to myself. Today though someone had left a file out on a desk. Penni found it and started talking about it in the tea room. I tried to stop her but Ruz heard. Everyone stopped and looked at him. 

He ran out and I followed. He was on the floor in the shower room, screaming into a towel. I could feel the pain and I knew what could come next. I have to help Ruz, then I have to report Penni. Finding that file was her chance to do the right thing. Close it, give it to HR, never mention it and protect her colleague. Ruz’s life was in her hands.

We should never disclose personal data to anyone
who doesn’t have the right to see it or the need to know it.

Guilt doesn’t really sum up how I feel, it’s so much bigger than that. I thought I was being cool, having fun, it was just a laugh - wasn’t it? 

My colleague had annoyed me. Little things like saying she was going to tell on me if I kept picking on her. Then I saw a file, left out on a desk in HR.  I read it - well you would, wouldn’t you? 

It said she had mental health problems, wasn’t coping and felt like a zombie most of the time. So I put a picture on social media of a zombie and tagged her in it. The stream of comments from people were funny, then they turned really nasty. 

Of course she saw all this. I can’t believe it got so out of hand. She left work, and I heard a couple of weeks later that she’d tried to take her own life.  

I wanted to say how sorry I was, that I was cruel, and that it was my actions that led to this awful situation. But she wouldn’t have anything to do with me. Why would she? Her life was in my hands and I messed it up.

We should take great care not to release personal data
unless we are authorised to do so.

My heart sank. I shut my laptop quickly and looked around. There were a few people looking at me. Sav particularly was doing that thing where she had obviously been talking about me and was looking at me while exchanging words over her shoulder to Vijay. How could I be so stupid?

I needed to go and see Accounts and left my desk for about 10 minutes. The last thing I’d done was fill in personal information about me that HR had needed, to complete my profile in the company. Clearly Sav had seen it. Of course, I should have logged out before leaving or closed my computer, but I didn’t think. And now everyone knows and I wanted to keep it quiet. It’s only my business. Who else will they tell? I’m so embarrassed. How will I recover from this?

Keep personal information safe
and only ever use it for the right purpose.

Raise a concern


Learn more

What happens if we don't follow mycode?

Learn more

Speak Up

Learn more

Discover more...

Confidential information

We never let it fall into the wrong hands.

Using our systems and keeping our information safe

Keeping the bad guys from getting in and our information from getting out.

AI technologies

Where we use AI technology we do it ethically and legally.

Social media

We think twice before we post or tweet.

External communication

We don’t speak for Serco unless we’re authorised.