Dear Sir or Madam,
the Vehicle Licensing Online website (www.direct.gov.uk/taxdisk) is both a useful and well thought-out site. However, because of other civil service data protection blunders it is important for us, the public, to know how secure the information we submit is. In this light:

1) Does the DVLA retain information submitted on the site and if so for how long?
a) For card details.
b) For email addresses.
c) For phone numbers.

2) For all information please enumerate the current and envisaged purposes to which they are/will be put.

3) If the card details are retained by DVLA (and not passed directly to a third-party card processor)
a) are they kept in encrypted form on the DVLA database?
b) what encryption scheme is used?
c) approximately how many people in DVLA have access to these records?
d) what protection is in place to prevent wholesale downloading of the database?
e) is this database available to anyone outside of DVLA (including hired-in consultants)?

4) If the card details are passed directly to a card processor
a) Who are they?
b) Are they regulated by the FSA?
c) Does all information remain on UK soil (if not, why not)?
d) How long do they retain the information?

Yours faithfully,

Tom Finnie

Ack 1064.doc

Mr Finnie,

1. Please see attached document.

2. We will be in touch with you in due course.

Stuart Martinson
DVLA Agency Records Manager
Corporate Management Services
C3 East
Tel: 01792 782459

email: [email address]

show quoted sections

Reply #1 1064.doc

Mr Finnie,

1. Please see attached document.

2. We will be in touch with you in due course.

Stuart Martinson
DVLA Agency Records Manager
Corporate Management Services
C3 East
Tel: 01792 782459

email: [email address]

show quoted sections

Dear Stuart Martinson,
I note that the allotted 20 days have passed. Have you had any sucess with my information request?

many thanks

Dear Mr Finnie

The response to your enquiry was emailed yesterday to:

[FOI #384 email]

Regards

Claire J Fuge

Freedom of Information Best Practice Team
DVLA

show quoted sections

11:23 >>>
Dear Stuart Martinson, I note that the allotted 20 days have
passed. Have you had any sucess with my information request?

many thanks

show quoted sections

Dear Stuart Martinson,

Apologies for my email from earlier today, I missed your enlightening 17 June reply. I look forward to the outcome of your deliberations on parts B and D of section 3 of my request.

In respect of 1 B and C (retention of telephone and email addresses) I note that the site does ask for these pieces of information are these then not retained?

Yours sincerely,

Dear Mr Finnie

Thank you for your enquiry.

I have investigated the answer that was provided to question 1(b) and
(c).

I apologise for any confusion caused. The answer provided was made in
relation to an EVL Transaction.

Entry of an email address or a telephone number are not required to
complete a relicensing or Statutory off Road Notification (SORN)
transaction using EVL. Therefore, this information does not form part of
the EVL transaction.

Customers are invited to enter their email address if they would like
to receive an email confirmation when the transaction has completed.

Beneath the field for the entry of an email address, there is the
following statement:

"The e-mail address supplied by you, may be used by the DVLA (and other
Government Motoring agencies) to inform you of other services that may
be of interest to you."

The customer can tick a box below this statement if they do NOT wish to
be sent the information.

Beneath this email information, the customer is invited to enter their
mobile number, again being advised that this information may be used to
inform them of other services that may be of interest. The customer can
tick a box if they do NOT wish to be sent the information.

The email or mobile telephone number given by a customer to register
for the communication of other services, is held until the customer
informs DVLA that they no longer wish to be registered for
communication.

Hope this helps

Regards

Claire J Fuge
Freedom of Information Best Practice Team
DVLA

show quoted sections

13:01 >>>
Dear Stuart Martinson,

Apologies for my email from earlier today, I missed your
enlightening 17 June reply. I look forward to the outcome of your
deliberations on parts B and D of section 3 of my request.

In respect of 1 B and C (retention of telephone and email
addresses) I note that the site does ask for these pieces of
information are these then not retained?

Yours sincerely,

show quoted sections

Reply #2 1064.doc

Mr Finnie,

1. Please see attached document.

2. If you have any queries regarding this response, please get back to me.

Stuart Martinson
DVLA Agency Records Manager
Information Assurance Group
C3 East
Tel: 01792 782459

email: [email address]

show quoted sections