Beta This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Debt Management and Banking Manual

Customer contact and data security: confidentiality: introduction

The Information Disclosure Guide (IDG) states that:

‘’The Act that established HMRC made provision for the conduct of staff in relation to confidentiality.

Section 18 of the Commissioners for Revenue and Customs Act 2005 (CRCA) makes it clear that you must not give (‘disclose’) HMRC information to anyone, unless you have lawful authority to do so. This includes other government departments and their agencies, local authorities, the police or any other public bodies’’. For more information, see DMBM513180.


All new staff must sign a declaration of confidentiality upon entering the department, as stipulated in section 3 CRCA. This is provided in the Induction HR guidance. A copy can also be found in the Information Disclosure Guide.

HMRC handles and holds a lot of confidential information and we have a duty to protect that information

During your work for HMRC you will handle a great deal of that personal and confidential information about your customers. You are under a very strict legal duty to maintain the confidentiality of this information. If you breach this legal duty you are committing a criminal offence.

In addition, under Section 18 Commissioners for Revenue & Customs Act 2005, any breach of confidentiality is a criminal offence.

The penalty on conviction may be a fine, imprisonment for up to two years, or both.

You need to be aware that confidentiality covers ALL aspects of the work carried out by HMRC.