Fleets are risking General Data Protection Regulation (GDPR) fines by using employee’s National Insurance (NI) numbers for driving licence checking, FleetCheck is warning.
The practice could potentially lead to prosecution if a disgruntled employee opted to make a formal complaint that their personal data – which would usually also include date of birth and home address – was being handled, said Andy Kirby, director.
He explained there were two compliant routes for fleets to check employee driving licences for penalty points. One was to ask the driver to enter their own NI number on the Driver Vehicle Licencing Authority (DVLA), web site, which generated a code the employer could use to undertake a check. The other was to use a recognised agency or product that carried out authorised checks, such as FleetCheck’s own Licence Assured.
However, FleetCheck was aware of several employers who were simply using each employee’s own NI number and accompanying data to carry out DVLA checks, essentially pretending to be the driver.
Andy said: “This is a very risky approach, leaving businesses at the risk of an investigation by the Information Commissioner’s Office (COI), which could be disruptive, expensive, and lead to reputational damage.
“All it would take is one unhappy current or former employee to reveal what you are doing. There is perhaps the possibility of mounting a defence on the basis that the employee has freely handed over their NI number and other data, but that is very much open to question.”
The practice was also known to be viewed dimly by the DVLA, he added, although was something they were believed to have found difficult to prove or disprove without a complaint by someone affected.
“Using NI numbers in this way may remain undetected for an extended period, potentially until the DVLA introduces a more secure portal, as planned for the future. Nonetheless, a single driver lodging a complaint could lead to significant complications.”
Issues over licence checking remained common at many fleets, with fundamental errors often made, Andy said.
“We encountered one fleet recently that inspects licences by looking at the standard plastic card, which has never shown points. Presumably, that fleet manager is impressed that none of his drivers have ever been penalised. These are basic and worrying risk management failures.”
