IDG55360 - Information disclosure Gateways with other government departments: Part 5 of the Digital Economy Act 2017- chapter 3 (debt)- procedure for disclosure

Requests to HMRC for access to information under Section 48 of the Digital Economy Act must be passed to the Data Directorate Data Sharing Service ;Front Door’ (This content has been withheld because of exemptions in the Freedom of Information Act 2000)

The ‘Front Door’ team will ask the requesting department/ organisation to complete a Business Case Template. The requesting department must have regard to the Code of Practice and must complete the Template as well as a data protection impact assessment and security plan as required by the Code of Practice. The Business case should reflect the fairness principles, the success/ failure criteria for the pilot and the outcomes of any public consultation or decisions as to why a public consultation did not take place.

The Front Door Service will then ensure that an impact analysis (including the cost) is carried out and that security arrangements have been met. At the same time the Data and Information Policy and Disclosure team will confirm (or otherwise) that the request falls within the parameters and purpose of the legislation.

Once all the requirements have been met and the information share has been agreed in principle the requesting department must submit a single business case which is agreed by all participating bodies and a data protection impact assessment to the Secretariat to the Review Board (email: DEA-data-sharing-fraud-and-debt@cabinetoffice.gov.uk(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

The Secretariat to the Review Board will inform the parties of the outcome of their proposal. If the pilot proposal is approved the Front Door team will liaise with the Secretariat to the Review Board and will include the information share on the searchable electronic register as required by the Code of Practice.

The relevant Security and Information Business Partner (SIBP) Team of the Directorate that holds the information will then work with the requesting department to agree an information sharing agreement (Memorandum of Understanding) and will help draw up a Data Protection Impact Assessment (DPIA) for HMRC. Once this has been done and the information share has commenced, the requesting department must report metrics data to the central review Board at regular intervals as required by the Code. The Review Board will publish relevant information about the pilot online.

If the information share is for a defined period of time only, when concluded, the requesting department will ensure that all information which does not need to be retained is destroyed.

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)