© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/corresponding-with-hmrc-by-email-ccfs72/corresponding-with-hmrc-by-email
Use the following information to decide whether you want to deal with us by email. We take the security of personal information very seriously. Email is not secure, so it’s very important that you understand the risks before you email us. We will not deal with you by email unless you tell us you accept the risks of doing so.
About the risks
The main risks associated with using email that concern HMRC are:
- confidentiality and privacy — there’s a risk that emails sent over the internet may be intercepted
- confirming your identity — it’s crucial that we only communicate with established contacts at their correct email addresses
- there’s no guarantee that an email received over an insecure network, like the internet, has not been altered during transit
- attachments could contain a virus or malicious code
How we can reduce the risks
We’ll desensitise information, for example by only quoting part of any unique reference numbers. We can also use encryption. We’re happy to discuss how you may do the same but still give the information we need.
If you do not want to use email
You may prefer that we do not respond by email, for example because other people have access to your email account. If so, we’re happy to respond by another method. We’ll agree this with you either by telephone or in writing by post.
If you do want to use email
If you would like to use email as one of the ways HMRC will contact you, we’ll need you to confirm in writing by post or email:
- that you understand and accept the risks of using email
- that you’re content for financial information to be sent by email
- that attachments can be used
If you are the authorised agent or representative we’ll need you to confirm in writing by post or email that your client understands and accepts the risks.
Also:
- send us the names and email addresses of all people you would like us to use email with — you, your staff, your representative, your agent, for example
- confirm you have ensured that your junk mail filters are not set to reject and/or automatically delete HMRC emails
How we use your agreement
Your confirmation will be held on file and will apply to future email correspondence. We’ll review the agreement at regular intervals to make sure there are no changes.
Opting out
You may opt out of using email at any time by letting us know.
More information
You can find more information on HMRC’s privacy policy. Go to www.gov.uk and search for ‘HMRC Privacy Notice’.
As an expert in government communication and data security, I can attest to the significance of the information provided in the document titled "Corresponding with HMRC by Email." The document, published under the Open Government Licence v3.0, outlines the terms and conditions for engaging with Her Majesty's Revenue and Customs (HMRC) via email. The depth of my knowledge in this field allows me to elucidate the critical concepts embedded in this publication.
The document underscores the paramount importance of safeguarding personal information, acknowledging the inherent risks associated with using email for communication. These risks, as highlighted by HMRC, revolve around issues of confidentiality, privacy, and the potential for email interception during transmission over insecure networks like the internet.
One key concept emphasized is the need for individuals to explicitly accept the risks associated with email communication if they choose to engage with HMRC through this channel. This acceptance involves an understanding of the potential vulnerabilities in email transmission, such as the risk of alteration during transit or the presence of viruses or malicious code in attachments.
To mitigate these risks, HMRC proposes various measures. Desensitizing information, for instance, involves only quoting part of any unique reference numbers in correspondence. Encryption is also presented as a viable option to enhance the security of email exchanges. This demonstrates HMRC's commitment to finding ways to maintain the confidentiality and integrity of information shared through email.
The document further outlines the process for those who prefer not to use email, either due to security concerns or other reasons. HMRC offers alternative methods of communication, such as telephone or written correspondence by post. This flexibility reflects HMRC's commitment to accommodating varying preferences and security considerations.
For those opting to use email, the document specifies the necessary steps to formalize this choice. Confirmation in writing, either by post or email, is required, indicating the understanding and acceptance of the associated risks. Additionally, if the communication involves an authorized agent or representative, their client must also confirm their understanding and acceptance of these risks.
Practical considerations are addressed, such as providing names and email addresses of individuals authorized to communicate via email. Ensuring that junk mail filters do not automatically reject or delete HMRC emails is also highlighted as a crucial step to facilitate smooth communication.
The agreement to use email is not a one-time occurrence but an ongoing commitment. HMRC maintains a record of the confirmation, subject to periodic reviews to ensure its continued relevance. Importantly, individuals are given the option to opt out of email communication at any time, underscoring the respect for individual preferences and the dynamic nature of communication preferences.
For those seeking more detailed information on how HMRC handles privacy, the document directs readers to the HMRC Privacy Notice available on www.gov.uk. This additional resource provides a comprehensive overview of HMRC's privacy policy, complementing the information provided in the document and offering transparency regarding the organization's data handling practices.
