Skip to main content

Data protection

How to ensure your form meets data protection requirements and keep your users' data secure

Protecting your users’ information
Privacy notices
Session duration

Protecting your users’ information

You have a legal duty to protect any user information that you collect with your forms.

We are responsible for the security of the MoJ Forms platform and take every precaution with user data as users enter it. We encrypt all user data and do not retain any of it after the form has been submitted.

You are responsible for:

  • ensuring that you collect the minimum amount of information necessary
  • making it as easy as possible for users to understand why you are collecting information and how you will use it
  • the security of user information after it has been submitted

This includes producing a privacy notice.

For more guidance on this topic, see the Service Manual guidelines on collecting personal information.

Back to top

Privacy notices

All forms are created with a privacy page in the footer section which comes pre-populated with a template privacy notice. There are sections in the notice that you must fill in with details specific to your team and form. These are indicated in square brackets - [like this].

If you are updating an existing form, you will need to check your privacy notice against the latest version of the template as some sections may have changed.

Privacy notice - template (PDF, 0.49MB)
Last updated: 11 May 2021

We recommend you consult your information assurance lead or the data privacy team (privacy@justice.gov.uk) for help completing the template.

Back to top

Session duration

To help protect users’ privacy, if they are inactive on a form for 30 minutes the form will reset and any information they have entered up to that point will be cleared. Users are shown a warning and countdown 5 minutes before this happens.

Back to top