Fleet managers have been assured that no offence under the Data Protection Act will be committed by their employers when accessing employees’ driving licence records held by the Driver Vehicle and Licensing Agency (DVLA).
The Information Commissioner’s Office (ICO) has given the green light to ACFO, the UK representative body for fleet decision-makers, amid concerns raised by some fleet managers over the interpretation of Section 56 of the Data Protection Act 1998.
The issue was raised by ACFO members as the Government pushes ahead with its decision to abolish from June 8, 2015 the counterpart to the driving licence.
In its place the DVLA is introducing its own online system enabling employers to check comprehensive driving licence data held on individual employees.
While some employers already require employees to sign a mandate allowing the checking of their driving record with the DVLA via a third party provider, other organisations physically check driving licence documents, including the counterpart, which contains vital information including penalty points and offences.
As a result of the imminent counterpart abolition, some ACFO members have questioned their ability to not only check driving licence validation and details of convictions but, critically, suggested they could be breaking the Data Protection Act in insisting that employees agree to sign a mandate allowing access to their driving records.
Now the ICO, which is the UK’s independent body set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals including specific responsibilities set out in the Data Protection Act as well as other legislation, has given clear guidance to fleet chiefs and their employers.
The ICO told ACFO: “ACFO members should continue to access DVLA records to ensure that employees are entitled to drive. ACFO members will not be committing an offence under Section 56 of the Data Protection Act if they use the process recommended by the DVLA.”
The ICO called the driving licence record checks made by employers to ensure their employees are entitled to drive as “legitimate and important”.
It added in its response to the inquiry by Philip Somarakis, ACFO company secretary and a partner in London-based Gordon Dadds Solicitors: “We have held discussions with DVLA about the changes being introduced as a result of the abolition of the counterpart and are satisfied that these are proportionate.”
Somarakis, who is also a member of the DVLA’s Consumer Forum, which discusses access to its data, said: “The ICO interpretation of the legislation is now clear following ACFO’s intervention. Employers need have no fears of breaking the Data Protection Act when insisting that employees sign a mandate allowing access to their driving records.
“It was not totally clear whether employers could even ask employees to disclose their driving licences where they contained details of convictions
“ACFO has now asked the ICO to include a statement to that effect in its official guidance in respect of Section 56 of the Data Protection Act. We await the ICO’s decision.”
Driver licence validation and the checking of penalty points is a critical part of employers’ duty of care under health and safety legislation and an essential feature of all occupational road risk management policies.
Somarakis said: “The checking of driving records has been a lawful activity to date in the context that employers can insist that employees agree to it or it could become a disciplinary matter. This is not about punitive measures being taken by employers against employees, but a good approach to managing on-road risk.”
Richard Brown - Licence Check Ltd - 21/04/2015 21:14
This recent Fleet news article has been discussed at length at Licence Check. We are aware of the Information Commissioner’s view, which is to the effect that employers wishing to make checks on their drivers’ records would not fall foul of section 56 of the Data Protection Act. We understand that this does not affect the basis upon which employers would make such enquiries – and consent from the licence holder still remains. It also doesn’t change the position with regard to the use of View Driver Licence (VDL) facility, which is still restricted to the data-subject only according to the DVLA It is a fact that VDL is clearly marked within the VDL log in pages that it is a criminal offence to obtain someone else’s information without their permission. It has been reported to the DVLA of numerous instances where driving licence records are being accessed without the informed consent of the data-subject. DVLA state as a data controller, registered with the Information Commissioners Office, the Department for Transport will investigate any abuse of VDL service. However, in order to do this they need clear evidence of misuse including the offending details of the companies who are alleged to be misusing the service and when the DVLA are in receipt of this information they will ensure that all cases are investigated. Richard Brown MD Licence Check is a founder member of the ADLV who are said to be collating evidence on behalf of its members for submission to the DVLA It has also been raised with the DVLA concerns over the authentication of those accessing the VDL service using the National Insurance Number, driving licence number or personal details. The DVLA state that they are satisfied that the authentication process is proportionate having taken into account the level and type of information that is provided via the VDL service. DVLA again state that the credentials used to authenticate the identity of the user are considered consistent with Level 2 of the current requirements for the secure delivery of online public services. It is also known to Licence Check that the DVLA have plans in place to use the GOV.UK Verify service for Identity Assurance. They are currently conducting development work with a view to integrating VDL with GOV.UK Verify, alongside the option to access via the National Insurance Number, by the middle of May. This will still be subject to the findings of the beta implementation of this service and the Agency being satisfied that GOV.UK Verify is fit for purpose and is suitable for the customer journey. Only time will tell.