CH203570 - How to do a compliance check: recording information: use of HMRC departmental and digital devices during compliance checks: copyright

Information

You must always keep records of all compliance checks. You need to take accurate notes of telephone calls, visits and meetings held with the person or their representative.

Original hand written notes taken at the time of the telephone call, meeting or visit must be retained as well as more formal notes. The original notes may be of use if there is a dispute about what was said and may be required if the case goes to a tribunal hearing. If this happens you must be able to demonstrate to the tribunal the validity and accuracy of your original notes.

Where Caseflow is used the original notes must be sent for scanning. You should retain a photocopy of your notes until you have checked the scanned image, see Caseflow Scanning Guidance. By sending original notes for scanning you are still retaining the original notes but in an electronic format.

Managers must put in place comprehensive management checks to make sure the process for the recording of information and retention of completed notes is followed by all caseworkers.

Guidance on making notes using a tablet laptop or by hand can be found in Notebooks for compliance checks.

Direct tax caseworkers not using notebooks must follow the Notes of meeting guidance.

 

What Information should be Recorded and Retained

The original notes taken at the visit or meeting with the person or their representative form the main record of information a caseworker obtains during a compliance check and the basis for the compliance check report. They should be capable of supporting any subsequent conclusions, recommendations and decisions made.

The notes form part of the audit trail and if any decision made by a caseworker is challenged, all records will need to be examined.

When carrying out compliance checks at business premises you must record details of any meetings with the person, their representative or any employees. You must make a detailed note of:

  • all records identified, produced and inspected
  • the risks identified
  • all checks applied to records seen, including document numbers where appropriate
  • all verbal rulings given and the nature and amount of errors identified
  • all further records and information requested at the end of your visit
  • details of any other issues discussed, including anything said by the person that you use to support a decision on penalty behaviour
  • the issue of factsheet CC/FS9 The Human Rights Act and penalties; who it was issued to and when it was issued
  • any reasonable adjustments made under the Equality Act 2010

It is important that you retain:

  • all original records of compliance checks and meetings, and
  • any information that has been recorded on sheets of paper

unless they have been scanned into a case management system such as Caseflow, using Caseflow scanning.

Note: You must remember that any notes made on or after covert activity should not be disclosed, see Disclosure of Officer's Covert Activity Notes.

 

Retaining Voicemail Messages

When you receive a voicemail in relation to a compliance check you are working on, you must record the interaction on Caseflow.

As well as receiving the voicemail in Teams, you will automatically be sent an email. The email will contain a file which is a clip of the voicemail.

Once you have listened to the recording and read the transcript in the email, you must record any relevant information as an interaction in Caseflow or the relevant case management system used in your business area. You do not need to record details of the whole message.

To comply with UK GDPR you must delete the email and voice recording on Teams once you have recorded the relevant information. You must not upload the email to the document store in Caseflow or any other document location and must not upload the voicemail file anywhere.

Use of HMRC Digital Devices During Compliance Checks

Introduction

Caseworkers in Fraud Investigation Service (FIS), Counter Avoidance and Local Compliance carrying out compliance checks using civil powers or teams using Customs and Excise Management Act (CEMA) powers must comply with this guidance when using their departmental digital devices during a compliance check.

 

Note: If you are carrying out a criminal investigation, you must follow the guidance in the FIS Handbook.

This guidance does not override existing legislation. You must comply with all relevant legislation in the course of your duties including but not limited to:

  • the Regulation of Investigatory Powers Act (RIPA)
  • the Commissioners of Revenue and Customs Act (CRCA)
  • the Copyright Act

The use of the camera on HMRC digital devices

You may use a departmental iphone, laptop or tablet to take photographs of subject matter with a Government Security Marking up to and including ‘Official’ on HMRC business if it is necessary in the course of your duties. This will include subject matter with a marking of ‘Official - Sensitive’.

It is HMRC policy that you must not take photographs of people, including people in private cars, or any part of a person’s home during a compliance check. This is because you may obtain private information and taking photographs in these circumstances could constitute surveillance activity which would require a RIPA application.

During an inspection under Schedule 36 of the Finance Act 2008 or CEMA79, you may record information relating to the premises, items and documents that have been examined or inspected.

Where possible you must always seek to have documents scanned, following the Caseflow scanning guidance.

This is to reduce the risk of potential data loss if a digital device is misplaced.

You must always explain to any person present that you are going to take a photograph as a record. This will ensure that you do not appear to be taking covert photographs which would constitute surveillance activity. Record your explanation in any meeting notes.

You may also use the camera during covert activity under CRCA 2005 s (9)(1)a, when you are making a test purchase or test eat, to take a photograph of the sales invoice you receive as a customer.

For further information on Covert Surveillance look in the Need to know section of your head of duty compliance process guide in the process guide button on your business area gateway.

You must not take any other photographs during covert activity.

During your compliance check, you may only use the camera in the following exceptional circumstances:

  • to take photographs of business assets or business premises, see Schedule 36 Inspection Powers – Carrying out an inspection
  • to take a copy of an original document in the following circumstances:
    • when the customer will not permit you to remove the original document, and
    • where there are no facilities to provide a copy and you are unlikely to have access to the documents in the future.

When taking photographs please take into consideration your surroundings and the quality of the final image to ensure text is legible.

If you are using a digital device on which Office 365 has been installed, you should use the scanning or camera function within OneDrive and save images to your OneDrive account. You can then access them directly from OneDrive to upload to Caseflow.

If you are using the camera on any other digital device, you should immediately email the images as a jpeg file from your HMRC email account to your secure email address. You must delete the images from your digital device as soon as you have received the email and checked the attachment. You must always delete the images from your digital device within 24 hours of taking the photographs even if you have not been able to check you have received the email and the attachment.

Note: Make sure when emailing that you comply with the Security basics for all staff and HMRC's Acceptable Use Policy.

You should then save the jpeg file to the appropriate Case Management System or Sharepoint site.

For guidance on how long images must be retained locally, you should check the Retention and Disposal schedules for your business area.

When you take a photograph on your digital device you must record this in your notes with the date and time you took the photograph and the date and time you emailed it to your HMRC email account.

You can find information on the camera software and rules of use within HMRC on the IT help pages.

The camera software is enabled on all HMRC IPhones, tablets and some laptops.

Examples of when you can use the camera on your HMRC digital device

 

Example 1

This is an example to show how you can use the camera software on your digital device when carrying out a test eat.

You use your digital device to take a photograph of the sales invoice you receive when you pay for the meal. As soon as you leave the premises, you send the photograph as an attachment by email from your HMRC email account to your secure email address. Delete the photograph from your digital device as soon as you have received the email and checked the attachment. You must always delete the image from your digital device within 24 hours of taking the photograph even if you have not been able to check you have received the email and the attachment. You record in your notebook why you took the photograph of the invoice and the date and time you took it.

Example 2

This is an example to show how you can use your digital device to take a photograph of a document forming part of the customer’s statutory records.

You are carrying out a compliance check when you notice that one of the invoices has VAT charged but no VAT registration number. You explain to the customer that you will take this document back to the office but he insists that you leave it behind because he needs to send it when he pays for the goods. He has no facilities to copy the document so you explain that you have the power to make a copy and you will do that by photographing the document using your digital device. You send the photograph as an attachment by email from your HMRC email account to your secure email address. Delete the photograph from your digital device as soon as you have received the email and checked the attachment. You must always delete the image from your digital device within 24 hours of taking the photograph even if you have not been able to check you have received the email and the attachment. You record in your notebook why you took the photograph of the invoice and the date and time you took it.

Example of when you cannot use the camera on your HMRC digital device

Example

This is an example of when you cannot use the camera on your digital device unless you have the permission of the owner of the business.

You are a VAT caseworker inspecting business premises, documents and assets using powers under Schedule 36 of the Finance Act 2008. You want to take photographs of an electronic till for training purposes.

Schedule 36 of the Finance Act 2008 gives us the power to obtain and record information (whether electronically or otherwise) relating to the premises, items and documents that have been examined or inspected.

You do not have the power to inspect premises, assets and documents for training purposes. Therefore you must not take photographs for training purposes unless the owner of the business agrees. You should record their agreement in your notebook and the date and time you took the photograph.

The use of other recording functions on HMRC digital devices

Video recording software

You must not use the video recording software on your digital device inside or outside HMRC premises during a compliance check. This is because you may obtain private information.

Voice recognition software

You must not record information or use the voice recognition software on your digital device when on a customer’s premises. This is because you may obtain private information and this could constitute surveillance activity, which would require a RIPA application. You may use the voice recognition or recording software on your digital device in certain circumstances when you are away from the customer's premises. For example, you may use it when in your car, but not whilst driving, to record information to use as trigger notes when you cannot complete your notebook.

How you record notes will depend on which device you are using.

On your Surface pro, record your notes into the Sway app within OneDrive.

On your iphone, record your notes using the Voice memos function within Utilities and share to OneDrive. (There are no plans to introduce the Sway app for mobile phones.) Delete the file from Voice Memos immediately.

You can use your digital device to make trigger notes in situations when you are unable to use your notebook. You can do this when carrying out a test eat in a restaurant. If your device is 0365-enabled, you can type your notes into a Word document and save it to OneDrive. If your device is not 0365-enabled, you must record your trigger notes as an email and send the email to your HMRC secure email address.

Copyright

When using either civil powers or Customs and Excise Management Act (CEMA) powers you must comply with this guidance when using your:

  • departmental computer
  • IPhone
  • laptop or tablet

During the check it may become necessary for you to gather customer information from the internet.

You should be aware that the information contained on websites is subject to copyright law.

Copyright is not an absolute right and there are statutory exemptions that allow you to save information, pictures or web pages without infringement, if these are required for a compliance check.

For further information about HMRC’s copyright policy see Copyright Bites - Making use of the Internet as part of your operational duties.


Use of Personally Owned Equipment for HMRC Purposes

Information security is your personal responsibility.

You must not use personally owned equipment for HMRC business purposes.

You must not, in any circumstances, use personal electronic equipment to:

  • record any data or information
  • take pictures or videos
  • make an audio recording

during a compliance check or meeting.

For example, you must not use your own electronic device to photograph or record:

  • business premises
  • stock
  • copies of documents

Personal electronic equipment includes:

  • a personal computer or laptop
  • a tablet or Personal Digital Assistant (PDA) such as an iPad
  • an MP3 player such as an iPod
  • a personal mobile phone or smartphone such as an iPhone
  • any other device capable of capturing and storing images, videos, documents or an audio record, such as a camera or USB storage device

For further help or advice on any security matters speak to your manager, your Data Guardian or find further information on the Security and Information Zone.