Skip to main content

Driver and Vehicle Licensing Agency

Volume 474: debated on Wednesday 26 March 2008

To ask the Secretary of State for Transport what mechanisms the Driver and Vehicle Licensing Agency uses to check the bona fides of private parking control companies before releasing personal data relating to vehicle owners and operators to them; what steps the Agency takes to assess the uses to which such data is put by such companies; and if she will make a statement. (175771)

[holding answer 7 January 2008]: In the Secretary of State for Transport's statement to Parliament on 17 December she outlined measures to improve the security of personal data in the context of the Cabinet Secretary's review of data across Government.

She also advised that, to ensure greater clarity of responsibility, the Permanent Secretary has written to senior officials in the Department, including Agency Chief Executives, drawing their attention to current guidance on the application of the Data Protection Act 1998. This includes the main principles of the Act, information on handling personal data appropriately and the role of the Information Commissioner.

New measures for companies requesting information manually were introduced on 1 November 2006, following the review of the release of information from the Driver and Vehicle Licensing Agency's (DVLA) records announced by the then Minister of State for Transport, my hon. Friend the Member for South Thanet (Dr. Ladyman). The use of company headed paper has been replaced by the introduction of two new forms—V888/2 and V888/3. All applications must be supported with a business resume outlining details of the company's operations and provide details of why they want the information and how it will be used, as well as evidence to corroborate their request.

Car park enforcement companies have to confirm that a parking charge scheme is in operation, and provide evidence that they are operating on the instruction of the landowner. All forms contain a note that reminds applicants that it is a criminal offence under Section 55 of the DPA to falsely obtain personal information.

Companies that request and receive data via a secure electronic link do so under strict contractual terms and must firstly complete a six-month probationary period making manual requests, during which time their behaviour in the use of the information is monitored. The level and nature of any complaints is taken into account before an electronic link is established. Since 1 October 2007, all organisations that do not have a statutory regulator are required to be a member of a DVLA Accredited Trade Association (ATA).

An ATA must have a clear, enforceable code of practice (COP) governing the conduct and business practices of their members and will publish that COP on their website, along with a list of their members. ATAs that fail to enforce their COP will lose their accreditation and their members will forfeit their entitlement to request and receive DVLA data electronically.

The Agency has the right to carry out ad-hoc audits on companies to ensure that inquiries are appropriate. Any evidence of abuse will be referred to the Information Commissioner for investigation and, when appropriate, prosecution.

To ask the Secretary of State for Transport under what circumstances the Driver and Vehicle Licensing Agency may release details of vehicle ownership to private companies; and if she will make a statement. (174659)

In the Secretary of State for Transport's statement to Parliament on 17 December, she outlined measures to improve the security of personal data in the context of the Cabinet Secretary’s review of data across Government.

She also advised that, to ensure greater clarity of responsibility, the Permanent Secretary had written to senior officials in the Department, including Agency Chief Executives, to draw their attention to current guidance on the application of the Data Protection Act. This includes the main principles of the Act, information on handling personal data appropriately and the role of the Information Commissioner.

Regulation 27(1)(e) of the Road Vehicles (Registration and Licensing) Regulations 2002 requires the DVLA to release information to any person who can demonstrate ‘reasonable cause’ to have that information.

The term ‘reasonable cause’ is not defined in legislation but the DVLA has always taken the view that release should normally be associated with road safety or events occurring as a direct consequence of the use of the vehicle. Everybody that applies for personal information is required to produce evidence that they have ‘reasonable cause’ for requesting the information.

A full list of the circumstances that the DVLA has, in the past, considered to meet ‘reasonable cause’ has been published on the DVLA and Direct.gov websites. The website also contains a list of bodies that it has released information to and the names of companies that have approved conditional access (ACA) which allows companies to request and receive information via an electronic link.