Question to the Department for Transport:

To ask the Secretary of State for Transport, what procedures the DVLA has in place to monitor or regulate the passing of information gained by private parking companies from the DVLA vehicle keepers database to third parties; and if he will make a statement.

The Driver and Vehicle Licensing Agency (DVLA) takes the protection of the data it holds very seriously and has robust measures in place to protect it. Private parking companies must be a member of an accredited trade association before they are able to request DVLA data and must abide by the relevant trade association’s code of practice.

In addition, the Government Internal Audit Agency (GIAA) inspects data users on the DVLA’s behalf to ensure that data requested is only used in accordance with strict contractual terms. The DVLA is alerted to any compliance related issues identified. These can range in severity from minor infringements (which companies are given an opportunity to address) to more serious cases of non-compliance resulting in the parking company being suspended from being able to request vehicle keeper data.

Data on the volume of non-compliance issues identified as a result of GIAA audits carried out in each of the last ten years is not readily available. The number of private parking companies which have had their ability to request DVLA data suspended in the last ten years is shown in the table below:

Companies can be suspended for various reasons, including not complying with the relevant parking industry accredited trade association’s code of practice. It is for the parking company to demonstrate that it is compliant with that code and for the trade association itself to monitor its members’ compliance with the code. Parking companies can also be suspended from requesting DVLA data for breaching the contract the company has with the DVLA for release of data or as a result of issues identified at a GIAA audit.

Where parking companies use third parties to pursue unpaid private parking charges, the parking company should have a formal contract in place to provide assurance over the use and security of DVLA data. The parking company retains overall responsibility for the use of the data by its sub-contractors.

Following its most recent audit of the DVLA’s procedures for releasing data to private parking companies, the Information Commissioner’s Office found that there was a high level of assurance that processes were in place to mitigate the risks of non-compliance with data protection requirements. The audit was published on 1 June 2016 and can be found at https://ico.org.uk/action-weve-taken/audits-advisory-visits-and-overview-reports/driver-and-vehicle-licensing-agency-dvla/.