IDG30230 - Confidentiality when dealing with the customer: customer confidentiality: disclosure over the telephone
Information about a customer should never be provided to a third party unless you are sure that there is lawful authority to disclose that information. See IDG40300 for more information about lawful authority. When speaking on the telephone you must take every step to ensure that you do not disclose any HMRC information until you are wholly satisfied that the person you are speaking to is the person they claim to be.
When using the telephone, contact can come from:
- other parts of the department (IDG20000);
- customers themselves (IDG30100);
- customers’ agents (for more details see IDG30410)
- other government departments (IDG40320); and
- other third parties (IDG40000)
Bogus calls
You must be alert to individuals or organisations attempting to gain confidential information by deception. Any security incidents must be reported more information on reporting can be found here.
You should also familiarise yourself with the Caller Verification guidance (internal users please look up online), which provides the procedure to follow to verify the caller’s identity. It also provides advice on how to ensure that confidential information is not unintentionally disclosed. This guidance must be read by all staff who use the telephone and have access to any HMRC information. If you have any doubt about the identity of the caller having followed the procedures in the guidance you must not disclose confidential information to the caller. If, after making the checks, you are satisfied that the caller is genuine you should make a record of the checks that you made to verify the caller and make a note of what was discussed. (see IDG40210).