IDG10000 - Information disclosure: frequently asked questions
This page is a useful introduction to information use,
disclosure and confidentiality. It addresses the most commonly
asked questions about these issues, and provides an overview of
information disclosure procedures. Please read this page if you are
new to the subject. This page also provides links to other parts of
this manual where questions are addressed in more depth.
Frequently asked questions answered in this section
Who is the customer?
What is the duty of confidentiality I owe as an HMRC
officer to all HMRC customer information?
What are the sanctions for those who breach the HMRC
duty of confidentiality?
Can information be shared within the Department?
When might there be a risk of wrongfully sharing
information?
How can I disclose information outside the Department
in a lawful way?
How can I share information with other government
departments?
What are the overriding issues I must also consider
when making any disclosure?
When can I make a disclosure ‘in the public
interest’?
Where can I get further guidance?
Who can help me with information sharing policy
issues?
What is the scope of this guidance?
Who is the customer?
In this guidance ‘customer’ means all the
individuals and organisations the Department deals with in carrying
out its functions. This includes individuals, employers, employees,
sole proprietors, partnerships and legal entities such as limited
companies and trusts.
You have an equal duty of confidentiality to deceased
customers (see
IDG34050).
You have an equal duty of confidentiality to those who you
think behave legally and those who you think do not (including
suspects and offenders).
Further information on this subject is available at
IDG30500.
What is the duty of confidentiality I owe as an HMRC officer to all HMRC customer information?
The Act that established HMRC made provision for the conduct of
all staff in relation to confidentiality.
Section 18 of the Commissioners for Revenue and Customs Act
2005 (CRCA) makes it clear that you must not give
(‘disclose’) HMRC information to anyone, unless you
have lawful authority to do so. This includes other government
departments and their agencies, local authorities, the police or
any other public bodies.
All new staff must sign a declaration of confidentiality upon
entering the department. This will be provided in the
Manager’s Induction Pack. A copy can also be found at
IDG90500.
See
IDG40500 for the circumstances in which
information may be disclosed outside HMRC.
What are the sanctions for those who breach the HMRC duty of confidentiality?
Unlawful disclosure of information is a criminal offence under
Section 19 CRCA, and is punishable on conviction by a fine,
imprisonment for up to 2 years, or both. For HMRC staff it is also
a disciplinary offence which may lead to dismissal.
This section must be read in context: it may be beneficial to
the Department, or to others, to share information. However, you
must ensure you have the lawful authority to do so.
It is important to realise that confidentiality is your
personal responsibility. As such any penalties for breach of
confidentiality may fall on you personally.
The purpose of the guidance in this manual is to help you
ensure that you do not make an unlawful disclosure of information.
Please read chapters
IDG40750 and
IDG40750 (and other sections relevant to
your area) to ensure this. A more detailed explanation and account
of the criminal sanction is available at
IDG40750.
Can information be shared within the Department?
Yes. You may share information between the former Customs and
former Revenue parts of the Department, or in other ways across
HMRC, so long as there is a business need to do so. There are a
small number of exceptions whereby certain information may not be
shared internally but if you receive any such information it will
be clearly marked as such.
If you receive a request for information from another part of
HMRC for customer information you may disclose that information
provided there is a business need.
Business need means that there is a valid reason, directly
connected to HMRC’s functions, for information to be passed
from one person to another. There will
not be a business need where information is passed
from one person to another because that information may be
personally interesting.
If you are aware of information about HMRC customers that
would benefit another part of HMRC, talk to your line manager about
proactively passing this information on. Practical ways to do this
are outlined at
IDG25000 where you will find further
guidance in this area.
When might there be a risk of wrongfully sharing information?
You need to be mindful of HMRC’s duty of confidentiality in relation to its customers’ information in all contact outside the Department. For example:
- in telephone contact ensure information is only disclosed to authorised persons, whose identity you have verified (see IDG32250)
- when obtaining information from third parties be aware of any confidential information you may yourself be giving out by seeking information from the third party (see IDG32000)
- when meeting customers face to face ensure only information relating to that customer is disclosed, and that the customer consents to disclosure to any others present (see IDG32500)
- remember the need for those visiting HMRC offices to also be bound by confidentiality rules (see IDG33750)
Information generally on how to protect confidentiality when dealing with customers can be found at IDG30000.
How can I disclose information outside the Department in a lawful way?
Disclosing information to persons outside of HMRC is only permitted in the circumstances detailed below:
- For the purposes of HMRC’s functions. An example is where it is necessary to advise a bailiff of a taxpayer’s name and address in order that the bailiff can enforce collection of overdue tax, see IDG47000.
- Where the person or organisation that the information is about has given their consent, see IDG43000. An example could be a taxpayer who provides authorisation for an agent, accountant or other third party to receive confidential information.
- Where the duty of confidentiality is specifically overridden by legislation that permits the disclosure of information to a particular third party. These are often known as ‘legal’ or ‘information’ ‘gateways’. See IDG44000.
- Where HMRC receives a court order that is binding on the Crown which instructs HMRC to disclose information. See IDG45050.
- Where disclosure is made for the purposes of a prosecution being pursued by HMRC. See IDG67750.
- Where disclosure is in the public interest. See IDG46050.
- Disclosure to the relevant prosecuting authorities. See IDG67750.
See IDG40500 for more information on disclosing information with lawful authority.
How can I share information with other government departments?
One of the circumstances in which it is lawful to disclose
information outside HMRC is where legislation makes specific
provision for HMRC to disclose information to another government
Department, agency or public authority. These provisions, known as
‘legal’ or ‘information’
‘gateways’, allow HMRC to disclose to specific people
for specific reasons.
Many gateways have administrative procedures which must be
adhered to, so it is important that when considering use of any
legal gateway you refer to the guidance in this manual
first. These procedures are often set out in jointly
agreed documents such as memoranda of understanding or other
protocols
.
IDG60000 sets out most of the legal
gateways and the procedure to be followed. If you receive a request
from a public body not covered in
IDG60000, or under legislation not
referred to in that chapter, then seek further guidance.
What are the overriding issues I must also consider when making any disclosure?
There is general legislation that protects the privacy of
individuals’ information. As well as considering whether a
disclosure is made with lawful authority, as outlined above, it is
also necessary to consider the following legislation when
disclosing HMRC information:
Data Protection Act (1998) – This covers the way that
personal data (information relating to a living individual) is
handled. The Act lays down principles which specify requirements
for how personal data is processed and imposes a series of
safeguards to protect that data. For example, to be compliant,
personal data must be disclosed lawfully and fairly. For more
guidance see
IDG41400.
Human Rights Act (1998) – In its broadest sense, this
aims to protect the fundamental rights and freedoms of people.
These are expressed in a series of ‘Articles’ and it is
the eighth one that is most important in relation to protecting
information. This states that everyone has the right to respect for
their private and family life, their home and their correspondence.
Decisions about disclosing information, therefore, have to take
account of the need to balance these rights against the wider
public interest in delivering effective tax administration. For
more guidance see
IDG41050.
When can I make a disclosure ‘in the public interest’?
HMRC has a statutory authority to disclose information in
certain prescribed circumstances, where such a disclosure would be
in the public interest. HMRC’s authority to make public
interest disclosures is narrowly drawn and very specific in what it
covers.
HMRC must only use the public interest disclosure power where
no other gateway exists, and then only where the disclosure matches
one of the specific circumstances covered. Generally, only certain
parts of the Department (mainly those engaged in law enforcement)
would be likely to make public interest disclosures. Detailed
guidance has been written for those who may make public interest
disclosures, see
IDG46050.
Where can I get further guidance?
The remainder of this guidance sets out, in greater detail,
guidance in relation to information disclosure.
IDG20000 is
a quick guide, intended to be retained as a handy desk aid, for
those who may receive requests for information from others, or who
may wish to provide confidential information to others.
Information Strategy are available to help with any questions
or uncertainties regarding this guidance or any confidentiality
questions you encounter. You should always contact them about a
query concerning information disclosure and confidentiality before
contacting solicitors. See
IDG90100 for contact details.
Who can help me with information sharing policy issues?
The Information Strategy team in Central Policy deals with information sharing policy issues, being the use of and disclosure of HMRC information. The team is in regular contact with HMRC colleagues and other Government departments to ensure the department’s legal obligations of confidentiality are fulfilled. The team also supports Ministers in amending or creating legislation that governs information sharing. The team is also responsible for HMRC’s policy regarding the Freedom of Information Act for high profile or sensitive cases and is closely involved in providing technical advice on the department’s responsibilities under this Act. See IDG90100 for details of how to contact the Central Policy Information Strategy team.
What is the scope of this guidance?
This guidance applies only to domestic disclosures i.e. those
made predominantly to UK bodies under UK law and practice.
Disclosures outside the UK are commonly made under a variety of
international agreements and treaties. These disclosures are
outside the scope of this guidance.
This guidance does not cover disclosures made under the
provisions of the Criminal Procedure and Investigations Act 1996.
Further guidance on CPIA matters can be found in the Enforcement
Handbook, see
IDG90150 for a link to this
guidance.
