Disclosure of information: Data Protection Act; requests for information
The Data Protection Act (NMWM16110) does not itself provide a legal gateway for the disclosure of information.
Third Party Requests
If a third party (that is, not the customer and not HM Revenue & Customs) (NMWM02030) makes a request for confidential information solely citing the Data Protection Act, we must refuse them (NMWM16160). You should explain that HM Revenue & Customs may only disclose information if it is allowed by the Commissioners for Revenue and Customs, as well as the Data Protection Act (NMWM16110).
The Data Protection Act does provide a number of exemptions from some of the 8 Principles. This means, so long as our disclosure is allowed by the Commissioners for Revenue and Customs Act, the exemptions enable the officers of HM Revenue & Customs to make disclosures of some personal data in specified circumstances. These exemptions relate to specific functions and the most appropriate for HM Revenue & Customs are:
- Section 29 ‘crime and taxation’
- Section 35 ‘disclosures required by law or in connection with legal proceedings’.
Individual’s Subject Access Requests
The Data Protection Act provides a right of access to individuals (called Data Subjects in the Act) to their personal data. They exercise this right by submitting a Subject Access Request (SAR) and unless certain exemptions apply we must provide their personal data within a specified time. When such a request is received it should be referred to the appropriate Local Compliance contact.