Sharing information outside of HMRC: procedural guidance: Memoranda of Understanding
It is mandatory for all ongoing information exchanges with other public sector bodies to be covered by a process level Memorandum of Understanding (pMOU) and for one-off exchanges to be covered by a Data Usage Agreement (DUA).
A MOU or a DUA should not be completed until it has been established that legislation is in place which permits the disclosure of the information. If you are unsure you should contact your Data Guardian for advice.
MoUs and DUAs do not create a lawful means for exchange of information. They are not legally binding and are not contracts. They simply document the processes and procedures agreed between the two public sector bodies when information is being passed from one to the other.
MoUs and DUAs are agreed and signed by the HMRC line of business to which the information belongs and the body with whom information is exchanged. They set out clearly the procedures that the information exchange needs to follow and perform a number of useful functions such as:
- confirming the agreed legal understanding of what the lawful authority is for sharing the information (the only permitted lawful authorities are described at IDG40320);
- setting out administrative arrangements for the disclosure of information, including commitments to meet the relevant costs, persons involved, timescales, frequency of disclosure etc;
- agreeing the terms under which the data may be disclosed beyond the receiving body, if at all.
There are two types of MoU:
- the high level or Umbrella.MoU sets out generic requirements covering all information sharing between HMRC and the receiving department (e.g. DWP); and
- the Process MoU sits under the umbrella MoU and sets out the detailed requirements for a specific information exchange (or group of exchanges) between HMRC and the third party.
Typically, there will be a number of process level MoUs sitting below each Umbrella MOU.
(This content has been withheld because of exemptions in the Freedom of Information Act 2000) Security Zone
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)
All MoUs should be reviewed on a regular basis to ensure they remain up to date and continue to reflect the “as is” position.
(This content has been withheld because of exemptions in the Freedom of Information Act 2000) Commercial Directorate Policy Team(This content has been withheld because of exemptions in the Freedom of Information Act 2000)