beta This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Compliance Handbook

How to do a compliance check: using the internet for risk assessment and research: safeguards and Human Rights Act

Before you carry out any internet research you must make sure you have considered a person’s right to private and family life under Article 8 of the Human Rights Act 1998, see CH21340.

You must also consider the effect of any collateral intrusion on the private and family life of other people.

Collateral intrusion

Collateral intrusion occurs when you obtain information about people who are not the target of your enquiries. This means that you must avoid gathering information about other people who are not the focus of your compliance check. However, there will be occasions when your compliance checks focuses on persons other than the customer (for example where the other person is involved in the business run by the customer).

You can only search the internet when it is reasonable and proportionate to do so for the purpose of a function of HMRC, such as the assessment and collection of tax.

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

Private Information

There is a partial definition of ‘private information’ in Section 26 (10) of RIPA which states that:

‘… ‘private information’, in relation to a person, includes any information relating to his private or family life.’

This partial definition is supplemented by Chapter 2 of the Covert Surveillance and Property Interference issued by the Home Office.

Just because information has been posted on the internet and can be accessed by other people does not necessarily mean that a person has no legitimate expectation of privacy in relation to the information posted.

Where information about an individual is placed on a publicly accessible database, (such as the telephone directory or Companies House), there is unlikely to be any reasonable expectation of privacy over that information and people might legitimately expect that such information will be monitored by public authorities. Such information in unlikely to be private information.

Individuals who post information on social media networks and other websites whose purpose is to communicate messages to a wide audience are also less likely to hold a reasonable expectation of privacy in relation to that information. However, where individuals post information on personal social networking sites which are normally accessed by a smaller circle of personal contacts, they are likely to retain a legitimate expectation of some privacy despite the absence of security settings, as they may legitimately expect that posted content is not being monitored and recorded by public authorities.

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

Retention of Information Recorded

You must make sure that all information recorded and retained follows standard retention policy for compliance in the Customer Compliance Group.