Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content


Corporate Governance Framework

Our corporate governance framework sets out the necessary responsibilities and procedures that guarantee we operate properly.

Information security

32. You must comply with public sector guidance around the classification and handling of information. The majority of information the Commission handles is classified as ‘Official’ which means it should be handled with routine security.

33. Some information, however, is particularly sensitive. This means that loss or insecure handling could lead to damaging consequences for the organisation or for individuals, or might lead to action by third parties if release of this information has impacts on them.

34. To highlight these risks, we use the classification ‘Official Sensitive’ in email headers and on documents. This means that the information should be handled with particular care, such as not forwarding an email inappropriately or reading a document where it can easily be seen by others.

35. In addition, there are restrictions on the use of private email accounts and devices. Where information is stored in private email accounts, it is on servers that are outside of our control. We do not know where or how it is kept, or who has access to it. Commercial cloud storage services and private email accounts are prone to attack by cyber criminals and others. Commission email accounts and equipment have layers of security and active monitoring which may not be present in other services.

36. All documents, email messages, social media posts and texts can be subject to Data Protection and Freedom of Information legislation where they relate to Commission business and fall in scope of a request. Full details of these legislative requirements can be provided by the Information Security Team.

Previous section
Next section
Openness and responsiveness
Is this page useful?
Back to top