DVLA admits 439 data breaches affecting 2,000+ drivers | Agency blames “human error” for data blunder It has been reported that the UK’s Driver and Vehicle Licensing Agency (DVLA) mishandled the personal information of over 2,000 drivers. During a period of just 10 months between 2018 and 2019, the agency reported 439 data breach incidents, which affected 2,018 people, according to a BBC Freedom of Information investigation. The DVLA sent important documents, including driving licenses, marriage certificates and passports to incorrect addresses, affecting an average of approximately 7 people each day. As a comparison, HM Revenue & Customs had 10 data breaches over the same period of time, while the Passport Office experience 5.
DVLA admits 439 data breaches
All of these 439 data breaches, were reported to the Information Commissioner’s Office (ICO), between 25 May 2018 and 18 March 2019, following the introduction of the General Data Protection Regulation (GDPR). Royal Mail strongly advises senders of important or sensitive documents to use a tracked special delivery service. The DVLA said the data breaches were the result of “human error” by staff at their headquarters in Swansea. A spokesperson for the agency said:
Last year, we dealt with more than one billion customer interactions. We received more than 16 million items of mail and sent out more than 93 million, including 10.6 million driving licences. However, we take our duties to protect data extremely seriously and have an open and transparent culture where staff report any potential breaches. We ensure we review all reports to identify what more can be done. While these figures are a very small percentage of our overall transaction volumes, we take these seriously and have apologised to those concerned.
UK government departments and agencies found to be in violation of data privacy laws in the last 14 days include; HM Revenue & Customs, the Home Office, DVLA and The Passport Office. Encyclopedia website, Wikipedia, lists reported instances of the loss of personal data by UK central and local government, agencies, non-departmental public bodies, etc., whether directly or indirectly because of the actions of private-sector contractors. According to the site, UK government data losses involved the Home Office, Ministry of Defence, the Foreign Office, Heathrow Airport, Serious Fraud Office, Department for Work and Pensions and the Ministry of Justice. However, as stated on the Wikipedia page, this list is incomplete. Sources & credits: Auto Express, Wikipedia