The DVLA is a major Government operation with an income of £657m in 2010-11 and employing 6,000 people. To carry out its functions, DVLA maintains two separate databases:-
- The vehicle register which holds information about each motor vehicle (Vehicle Registration Mark – the numberplate number, the Vehicle Identification Number, make/model, emissions details, etc) together with the the name and address of the registered keeper. It also includes the dates of vehicle's acquisition and disposal and its taxation status
- The driver register holds for every licensed drivers his/her name, address, date of birth, photograph, driving entitlements, endorsements, convictions, and also medical information of relevance to the person’s ability to drive
Originally the information was held on paper and kept extremely secure. Only the Police and other Government authorities could discover the identity of the registered keeper of any particular vehicle. The Government then changed the law to enable anyone with “reasonable cause” to access the data held by the DVLA. That term reasonable cause is not adequately defined so that, within reason it can mean what you want it to mean. The DVLA then took it upon themselves interpret it very widely so that now it is not difficult for anyone, including convicted criminals to discover full details af a vehicle's keeper simply by reference to the registration number (the VRM).
The DVLA states the following on its website, under “Release of information from DVLA’s vehicle register”:
Regulations allow for the release of information from DVLA’s vehicle register to the police, to local authorities for the investigation of an offence or on-road parking contravention, and to anybody who demonstrates reasonable cause to have the information. Regulations also allow for a fee to be charged to cover the cost of processing requests, but not for a profit to be made…
As a general rule, reasonable cause for the release of data from the DVLA vehicle register relates to motoring incidents with driver or keeper liability. These can include matters of road safety, events occurring as a consequence of vehicle use, the enforcement of road traffic or other legislation and the collection of taxes…
We receive requests for information from private organisations as diverse as car parking enforcement companies, solicitors, finance houses and property managers. Each request is looked at individually to ensure that the privacy of motorists is properly safeguarded…
At DVLA we have tough safeguards in place to protect the privacy of information held within the vehicle register. One of those safeguards is that all unregulated organisations requesting information from us via a secure electronic link must be a member of a DVLA Accredited Trade Association (ATA)…[The British Parking Association is one such ATA]
Our policy of requiring companies requesting DVLA information to be members of an ATA is a positive and measured move. We believe it will promote greater self regulation and further reinforce protection of motorists’ privacy.
Roll up, roll up – citizens’ personal data for sale!
The DVLA provides details from the vehicle register to some 20 different types of organisation ranging from local authorities and their agents to private investigators. In 2011 DVLA received around 9.4 million requests of which approximately 7.8 million, came from the police and local authorities and 800,000 were from parking companies (of which the private parking company Parking Eye (which operates electronic ANPR camera systems in private car parks, made over 400,000 requests).
From the request fee of £2.50 each these enquiries generated £23.5m.
The DVLA blithely says that bailiffs, debt collectors and private parking companies must be members of the British Parking Association (which is a trade association) and follow its Code of Practice in respect of such matters as parking signage compliant with the Data Protection Act before data will be released.
The DVLA claims to examine every request individually before releasing the requested data. Anyone who believes that will believe anything – in practice the release of data is never refused – even to bailiff companies who harvest vehicle VRMs automatically by ANPR camera systems where no signing is involved.
Repeated experience – most recently with the Press Complaints Commission – has shown that self-regulation is an oxymoron which, by definition, means no meaningful regulation at all. The impermissible laxity in the ease of access to DVLA-held data – as condoned by Government is shown by a Freedom of Information Request request which revealed that during the period 2008-10 3,746 000 automated requests were made of which NOT ONE WAS REFUSED.
In DVLA-speak “reasonable cause” clearly means any cause.
A 2009 report published by the Joseph Rowntree Reform Trust Ltd “The Database State” is not impressed by the performance of DVLA; it makes the following assessment of the DVLA:
The main complaints concern its vehicle register, which is used to identify vehicle keepers not just following traffic offences but also where private parties such as car park operators wish to bring civil claims. In 2007 it was reported, for example, that DVLA will knowingly sell vehicle keepers’ names and addresses not just to wheel-clampers with criminal records, but to a company owned by two men who were actually in prison for extorting money from motorists. A code of practice was supposed to be introduced in October 2008 but the press reported in November 2008 that criminals could still buy drivers’ names and addresses without any checks. This episode raises more general questions about private access to government data. Until the governance and access problems are honestly tackled, though, we have to rate DVLA as Privacy impact: amber. Amber means “the system demonstrates significant, worrying failings, and may fall foul of a legal challenge.
Serious data errors
Every year there are 20 million register changes. The entirety of the data provided to the DVLA is accepted with no checks made and much of that data is late. As a consequence of resulting inaccurate out-of date data then issued by the DVLA many thousands of innocent people are wrongly pursued and harassed in respect of traffic enforcement penalty charges for being the keeper of vehicles which they sold and did not possess at the time of the alleged contravention.
The data system installed in the DVLA was never intended to service assorted and civil detection issues; it was intended solely to assist police in relation to criminal matters and road-side vehicle stops.
The DVLA says:
As at 30th September 2009 there were 34,395,400 licensed vehicles on the DVLA database. Our most recent estimate of the percentage of vehicle records that are correct in every respect is 88.60%
On the DVLA's own self-satisfied admission THERE WERE THEN 3,921,086 VEHICLE RECORDS WHICH ARE NOT ACCURATE!
Plainly wrongful data release
The DVLA, on its own admission, freely issues personal data relating to vehicle keepers without adequate scrutiny on the assumption that all requests for it are in proper lawful good order which extensively they are not.
Their philosophy is merely to assume that all requesters are entitled to receive the required information when they request it and will therefore be assured of receiving it until such later (usually much later) time when it is discovered that the requesters were not entitled to receive it. A better example of closing the stable door after the horse has long gone is hard to imagine. This is motorists' private personal data that the Data Protection Act is established to protect from unlawful access.
The DVLA has been obliged repeatedly to suspend the supply of vehicle keeper information and also permanently prevent the supply of it to many organisations including local authorities – all after having unlawfully supplied vehicle keeper information to them many thousands of times.
This scandal has been exposed after commendable investigation and research by Big Brother Watch, an organisation that strives to protect the public from the increasing misuse and abuse of our private personal data. In December 2012 they published a report on the staggering number of suspensions and terminations of requester organisations.
It is arguable that every penalty charge imposed on motorists consequent on this keeper information unlawfully acquired from the DVLA, innocuously or not, was accordingly unlawful.
- All incoming vehicle keeper data should be submitted through local post offices, signed for and receipts issued (as proof of deposit and when). Public mail is the current method of delivery for all hard copy legal documents.
- All vital data provided to DVLA should be from post offices via secure internal mail system
Further, the scale of Vehicle Cherished Numbers system has increased every year and now generates a revenue of £82m which includes a £67m surplus for the DVLA. However, this very lucrative operation is fraught with major deficiencies caused by long-standing administrative inadequacies at local Vehicle Licence Offices when they are conducting Cherished Number changes. All changes are finally forwarded to DVLA Swansea for completion resulting in vehicle documentation missing and unaccounted for during a period of weeks. The DVLA's administration of Cherished Numbers has caused havoc for the motor trade since it commenced. For all these extensive and long-standing defects in DVLA competence and performance NMAG recommends that:
- Its operation should be investigated either by a competent and authoritative Parliamentary Committee or the National Audit Office
Back to the top