Guidance

DVSA intelligence and targeting: privacy notice

Updated 8 April 2024

1. About intelligence and targeting

The Driver and Vehicle Standards Agency (DVSA) is an executive agency of the Department for Transport (DfT).

We carry out activities to undertake enforcement action which are supported, where applicable, by appropriate statutory powers.

Intelligence and targeting combines the work of the Intelligence Unit, Criminal Analytics Unit (CAU) and the Strategic Traffic Management Office (STMO) to identify and take enforcement action to target seriously and serially non-compliant operators, MOT garages, illegal driving instructors and others that fail to comply with the regulatory areas, which DVSA enforces.

You can report intelligence of non-compliance, relating to the activities of DVSA by email, phone or letter.

There’s a separate privacy notice on reporting a lorry, bus or coach driver or company.

The data controller for DVSA is DfT - a data controller determines the reasons and how personal data is processed. For more information see the Information Commissioner’s Office (ICO) Data Protection Public Register. DfT’s registration number is Z7122992.

2. What data we need

The personal data we collect from parties to a criminal offence will include:

• name
• address
• phone number
• email address
• reference to whether the person providing the information is a witness – where in some cases, a witness statement may be held

The personal data we collect from suspected and convicted offenders will include:

• name
• personal and work addresses
• phone numbers
• personal and work email addresses
• vehicle details
• details of alleged and actual criminal offences
• where relevant, previous court convictions, fixed penalties, date of conviction or penalty and outline details

The personal data we collect from staff supporting and conducting intelligence investigations using our intelligence system include:

• name and user name
• date and times of use of the system
• actions taken within the system
• date and details of searches conducted
• witness statements

Sources of information prompting investigation originate from internal databases and intelligence or, occasionally, other law enforcement agencies.

Personal data processed to produce reports includes:

• vehicle registration number (number plate), operator name and licence
• prohibitions
• encounters
• roadworthiness tests

The outcome of this analysis are national target lists which contain:

• operator name
• vehicle registration number (number plate)
• prohibition numbers
• types and volume of automatic number plate recognition (ANPR) hits

ANPR cameras collect a visual image of any vehicle passing. This image will capture:

• vehicle registration number (number plate)
• make, model and colour of vehicle
• livery on the vehicle
• an image of anyone in the vehicle
• any other information that can be seen by the camera

Alerts contain:

• vehicle registration number (number plate)
• the operator compliance risk score (OCRS) - red, amber, green or blue priority status with red being the highest

OCRS is used to calculate the risk an operator not following the rules on roadworthiness (the condition of its vehicles) and traffic (for example drivers’ hours and weighing checks).

When the alert is automatically transferred from DVSA through the ANPR system to the DVSA stopping officer, it also includes information about whether the vehicle:

• is a national target
• has not paid a levy

ANPR data may be matched against the systems show in the table to generate alerts:

Input from/name of hot list	Description and details of personal data	Owner
Cabotage	Vehicle registration mark (VRM)	DVSA Intelligence Team
Check an HGV is ready to cross the border	VRM and risk ranking	DVSA and Cabinet Office
Foreign operator payment system - Red	VRM	HMRC via Northgate and DVLA
Foreign operator payment system - Amber	VRM	HMRC via Northgate and DVLA
Intelligence (intel)	VRM and operator details	DVSA Intelligence team
International vehicles	VRM	DVSA mobile compliance
National targets	VRM and previous encounter details	DVSA Intelligence team
Most serious infringement (MSI)	VRM and previous encounter details	DVSA mobile compliance
No operator licence	VRM	Traffic Commissioners of Great Britain
Non-goods operator licence (GOL)	VRM	Traffic Commissioners of Great Britain
OCRS (including DVSA earned recognition score)	Operator details and risk ranking	DVSA Intelligence team
Out of test	VRM and last test status	DVSA MOT database
Speed limiter	VRM	DVSA ANPR team
Weighing in motion sensor (WIMS) - axle overload	VRM	DVSA ANPR Team
WIMS - gross overload	VRM	DVSA ANPR team

The lawful basis for processing this data is public task.

Our statutory powers are contained within:

• Police and Criminal Evidence Act 1984
• Criminal Procedure and Investigations Act 1996
• Regulation of Investigatory Powers Act 2000
• Fraud Act 2006
• Road Traffic Act 1988, including sections 66A, 99 123

We are seeking to ensure compliance of operators, drivers and vehicles with the following statutory requirements:

• Regulations EC 1071/2009, EC 1072/2009 and EC 1073/2009
• Road Traffic Act 1988
• The Goods Vehicles (Licensing of Operators) Act 199
• The Public Passenger Vehicles Act 1981
• Motor Vehicles Test Regulations 1981
• The Motor Cars (Driving Instruction) Regulations 2005.

We follow the:

• Update to Surveillance Camera Code of Practice
• National ANPR Standards
• National Intelligence Model code of practice
• National Police Chief’s Council

The source of personal data captured will be from the informant and additional information will be extracted from DVSA systems or HMRC systems holding data relevant to the allegation. We also review publicly available information where relevant to our inquiries.

ANPR data is captured from a number of strategically placed cameras across Great Britain. Information is fed into our system which matches the data against a number of hotlists.

3. Why we need it

We need the personal data we collect from you to:

• allow our intelligence unit to collect, conduct analysis on and issue intelligence to support DVSA enforcement work and support the licensing and regulatory work of the Traffic Commissioners of Great Britain
• allow our CAU to use the data alongside data from other sources to highlight trends in non-compliance of lorries, buses, coaches and MOT and to support targeted enforcement work
• manage operator compliance risk scoring where trends are used to develop our targeting strategy
• perform analysis on mobile compliance data, vehicle operating licensing data, ANPR and referrals from the intelligence unit
• allow our STMO to use our ANPR equipment by matching this information against “hot lists” to target inspections of high-risk vehicles and operators
• audit records of system activity

4. What we do with it

We collect, use, and store the data you give us for the reasons set out in this policy.

We will not:

• sell or rent your data to third parties
• share your data with third parties for marketing purposes

We share data with the police, the Traffic Commissioners for Great Britain, the European Commissioner through a system called European Register of Road Transport Undertakings and other law enforcement agencies.

We will share your data if required to do so by law – for example, by court order, or to prevent fraud or other crime.

We do not carry out any automated decision making on any of our intelligence or targeting activities.

5. How long we keep your data

We will only keep your personal data for as long as it is needed for the reasons set out in this policy or as long as is required by law.

We will hold your personal data for:

• no longer than 7 years after the end of an investigation
• no longer than 7 years after any court sentence has expired
• 90 days for VRM plate patch images (NAS guidelines)
• 2 years for text data (NAS guidelines)
• the length in which a case is open where a member of staff has marked the data as potential evidence to a case (NAS guidelines)
• as long as staff have a profile

Most staff with permission to access ANPR data only have access to it for up to 90 days from the date it was collected.

After 90 days, staff can only access relevant ANPR data with special permission if it’s for a serious investigation.

After 12 months, staff can only access relevant ANPR data with special permission if it’s for a major investigation.

6. Where it might go

All investigation data is held on DVSA servers based in the UK or hosted within cloud services based in the European Economic Area (EEA) and as such meets security safeguards equivalent to those required by Data Protection Legislation.

ANPR data is stored by an external company called Atos.

7. Protecting your data and your rights

The DVSA personal information charter sets out what steps are taken to protect your data and the rights you have over your data.

8. Automated decision making and profiling

Your data is not subject to automated decision making or profiling as defined in data protection legislation.

9. Changes to this notice

We may change this privacy notice at its discretion at any time.

When we change this notice, the date on the page will be updated. Any changes to this privacy notice will be applied to you and your data as of the revision date.

We encourage you to periodically review this privacy notice to be informed about how your data is protected.

10. How to contact us

If you have any questions about anything in this document or if you consider that your personal data has been misused or mishandled, you can contact the DVSA data protection manager.

DVSA data protection manager

Data Protection Manager
DVSA
1 Unity Square
Nottingham
NG2 1AY

Email information.handling@dvsa.gov.uk

Contact DVSA customer services if you have a query that is not about how your personal data is used.

You may also make a complaint to the Information Commissioner, who is an independent regulator.