Author: Matt McConville

GDPR Team

Ian Kyle

Director

Matt McConville

Senior Associate

Lee Wall

Associate

Damien Gill

Senior Associate

Joseph Waters

Solicitor

DVLA Data Breaches

Numerous breaches

Over the past year, the Driver and Vehicle Licensing Agency (the DVLA), the public body that holds the records for all the drivers and vehicles in the UK, committed nearly 200 data breaches that were deemed so severe that they were reported to the Information Commissioner’s Office. Following a freedom of Information request by Apricorn EMEA, the DVLA confirmed that it submitted 181 breach notifications to the ICO across 2019-20. By comparison, the Home Office submitted just 25 during that period and NHS Digital reported only 5. The Home Office figures are by no means ideal and higher standards should be expected from any public body. Nevertheless, these figures highlight the fact that the DVLA have a serious and unique problem with regards to data protection.

Improvements required

This news comes just a year after a BBC Freedom of Information investigation found that during a 10 month period the DVLA reported 439 data breaches to the ICO, which affected around 2,018 people. These breaches included the DVLA sending important documents such as Driving Licenses, Passports and Marriage Certificates which averages out at about 7 people per day. Again, when comparisons are drawn with other public bodies it is clear that the DVLA need to get a grip of their data protection procedures. In the same period, Her Majesty’s Revenues and Customs reported just 10 data breach incidents to the ICO and Her Majesty’s Passport Office had 5 breaches reported. The fact that over a 2 year period the DVLA has been reporting data breaches at a significantly higher rate than other public bodies that store and process large amounts of the public’s data demonstrates that it has major issues in the area of data protection and that serious action needs to be taken.

What can be done to improve?

  • The DVLA said the breaches were the result of ‘human error by their staff in their HQ in Swansea – This means there needs to be a significant increase and improvement in staff training on GDPR and data protection to ensure that breaches as a result of human error are reduced as much as possible.
  • Using secure address systems (either email or postal) to try and ensure correspondence is sent to the correct address/recipient.

Has this affected you?

Has the DVLA breached or disclosed your personal data to a third party without your knowledge or consent or without any legal need to do so? If you would like to discuss any data breach incident further, do not hesitate to contact one of our team.

Go back to all news

Can I claim?

This is a question you may be asking yourself if you feel that you are entitled to some form of compensation. Why not ask us the question instead?

We offer free initial advice with absolutely no financial risk for you with our no-win-no-fee promise.

Please fill in the form with some basic details and one of our staff will be in touch to follow up your enquiry.