Beta This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Debt Management and Banking Manual

Customer contact and data security: contact with third parties: how to handle calls from third parties: introduction

When taking a call from a third party you need to be careful not to unwittingly disclose anything unless you have consent (DMBM511620).

You should be very careful whist establishing the identity of the caller and whether or we have consent to speak to them to not disclose anything, for example whilst verifying the customers record you should not

  • confirm if they have passed or failed our verification checks or
  • which ones they have passed or failed.


If you have written consent or verbal consent to speak to the third party you should take the call as if speaking to the customer and verify their identity in the normal way, see DMBM512800.

Non authorised

Although you cannot enter into a discussion with a third party without authority, you can however receive information from a third party for example

  • to set up a TTP or
  • to be informed of an update to the customers the circumstances for example they may

    • have moved
    • changed their telephone number
    • have passed away
    • be ill or
    • away (e.g. holiday, armed forces, prison).
  • to take payment.

For more information on receiving information from third parties, see DMBM512150 & DMBM511645.

If the third party is not authorised to enter in to a two way conversation with you about the tax affairs of the customer and the customer is not incapacitated for example elderly, deaf, infirm or deceased (see DMBM510430) then you should say

“I’m unable to discuss the customers tax affairs in this situation, please can you ask the customer to ring us to discuss the situation or give signed written consent for us to discuss their tax affairs with you.’’

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)