IDG40320 - Sharing information outside of HMRC: lawful disclosure: legal gateways
IDG40300 describes the limited situations in which customer information may be disclosed outside HMRC.
One of these circumstances is where other legislation makes specific provision for HMRC to disclose information to another government Department, agency or public authority. This is often known as a ‘legal’ or ‘information’ gateway. Section 18(3) states HMRC’s duty of confidentiality is
‘…subject to any other enactment permitting disclosure.’
A full list of legal gateways is at IDG50000.
Why are legal gateways enacted?
HMRC possesses a large range of information about different individuals, organisations and bodies. This information is often useful to other Government Departments, Agencies and Public Bodies as it can help them achieve their organisation’s aims and carry out their functions more effectively. Parliament may then legislate to allow sharing of confidential information in this way.
If there is no legal gateway information may only be disclosed in the remaining circumstances set out in the CRCA. See IDG40120.
Procedure for disclosure through a legal gateway
The procedure to take when disclosing information through a legal gateway is often outlined in jointly agreed documents. The forms these arrangements can take are outlined below:
- a memorandum of understanding (see IDG40230)
- a protocol
- a partnership agreement
- a statement of practice
- a code of practice
Please note that these documents do not in themselves provide HMRC with lawful authority to disclose information and do not constitute ‘legal gateways’. They have no statutory force.
Each legal gateway may have its own procedures set out in one of these formats. If you are using a gateway to disclose information to another public body you must be aware of, and follow, any procedure in place. IDG50000 contains the details of the procedure for disclosure for each government organisations.
The procedure may cover the forms that must be completed, what information can be disclosed, who may disclose the information, who may receive the information, the authorisations and safeguards that need to be in place, and what restrictions are in place on the use of the information once disclosed. You must be aware of all these procedural specifications before you disclose any information.
Often the procedural documents state that a legal gateway has a centralised procedure for disclosure. In this circumstance officers who do not work in the designated central team may not disclose information and all requests should be passed on to the central point denoted.
If you receive a request for information from another government department, agency or public authority, the requesting department should state which legal gateway it is that allows you to disclose the relevant information to that organisation. In some situations requesting authorities may not be aware of the rules governing HMRC disclosures, or the appropriate gateway to use. In this case you should refer to this manual and to your Data Guardian where you need further guidance.
Devolved assemblies
Law or practice may differ across England & Wales, Northern Ireland and Scotland. Any differences are highlighted in respect of each legal gateway. In the absence of any reference to devolved assemblies assume that the law and procedure applies equally across the whole of the UK.