Beta This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Debt Management and Banking Manual

Customer contact and data security: confidentiality: Subject Access Request (SAR) made under the DPA 1998.

The Data Protection Act (DPA) covers the use (processing) of personal data and is intended to protect the privacy of information HMRC holds about individuals, see DMBM513170.

Occasionally you will receive a call or a letter in which a customer asks for access to the information we hold about them. This is called a ‘Subject Access Request’ (SAR).

Sometimes the customer will refer to a ‘Freedom of Information request’, but any request a customer makes for information about themselves from our records is actually a SAR. All SARs must be in writing; this can be by letter, fax or email.

SARs relating to DMTC should be sent to:

Business Support Unit, Room B.38
Debt Management Telephony Centre
HM Revenue and Customs
St. Mungo’s Road
G67 1YZ

SARs relating to other areas of DM should be sent to the appropriate campaign office, see DMBM510230. SARS received by Banking should be dealt within their own area. These SARs should be handled in accordance with the DMB SARS guidance.

You should always bear in mind when writing notes on the record that a customer may at any time submit a SAR.