My employer has decided to utilise a third party company to check their employees licenses following the abolition of the paper counterpart recently. I’m perfectly happy (obviously) to let my employer see my licence as often as they want, but I’m a little uncomfortable with signing a form that has the wording;

I authorise the company or companies listed above (my employer and the driving check company) to ask DVLA for my driver record…I understand that the company I authorise may use an intermediary company to make the enquiry on their behalf

Now, I’m aware that i can be a bit of a pain in the arse. I’m also aware that 80%plus of my colleagues have shrugged and signed. but in this world of data protection and ID theft, am I being unreasonable to say no, you can see my licence butnot other undisclosed random companies, thank you very much?

The DVLA has put in a system for license holders to generate and provide a single use key code to third parties who have reason to see your license for just this sort of thing. Can my employer compel me to release my personal data to a third party when there is another reasonable way around this?

STWhivemind, your thoughts would be appreciated; (including if I’m being a over cautious pillock, just tell me)

Sounds like a classic case of a pointless consent form. They are going to do this anyway and (probably) have a legal basis to do so – asking you to sign a consent form when you really don’t have a choice just leads to confusion around what your rights are.

If you need to drive for your work they are within their rights to verify your licence, and to contract out that work.

If you need to drive for your work they are within their rights to verify your licence,

More than happy with this bit;

and to contract out that work.

I’m unhappy with this bit. I can show my line manager my licence, or I could send an access code to anyone in the large organisation via email. I don’t like that I’m basically authorising an unknown company to access all my driving licence details. It’s the ‘unnamed third party company’ bit that really grips me.

you dont have to, i had this discussion with a manager at my work (bus driver) its not a legal requirement to sign a consent form.
however, he did also explain that if i didnt sign it, it might make him wonder if i had something to hide.
i signed it, that was years ago, ive never had any real reason to worry.

had this at my employer for at least 5 years
Not had any issues with data protection, my identity hasn’t (as far as I am aware) been cloned, I’ve not been burgled, no one has tried to add points to my license etc

I’d say your being over-cautious

Yes, these 3rd party companies are just id theft factories.

If your works legal people have done it properly the third party data processor will be under contract, making it clear that they can’t use your personal data for their own purposes. They would be in breach of DPA if they did, and your employer is in breach of DPA if they don’t have this agreement in place.

There are no issues in DPA for contracting out data processing of employees personal details as long as all the correct agreements in are place.

(and yes I know that is a gross oversimplification, but this is a biking forum)

If your works legal people have done it properly the third party data processor will be under contract, making it clear that they can’t use your personal data for their own purposes. They would be in breach of DPA if they did, and your employer is in breach of DPA if they don’t have this agreement in place.

“If.”

I’d want more details before signing something like that, to rule out exactly the concerns Hels describes here. I don’t expect for a moment that some mysterious third party are “id theft factories,” however I’d want to know that my details aren’t then being sold to ambulance chasers, market research companies, and any of the other “carefully selected partners” that they might be able to make a quick buck from.

Does the data processor have to be explicitly named in order for the consent for them to handle the information count?

I’d just ask for details of the contract regarding use of your personal information. That’s not unreasonable. Assuming they’ve properly covered that then there’s no issue. If not, it’s in their interest to do so.

This same thing was raised at work recently. H&S officer along with payroll knocked out the idea and sent out the forms to everyone. Including the dAta protection officer who knocked the idea on the head there and then as the transmission of data to said 3rd party wasn’t “secure” (plain text list sent via email!)

I don’t think you’d be unreasonable to ask your company to explain how it intends to protect your information given your concerns around breaches of security.

I get the concern OP. And you are right to restrict who gets any of your data as far as possible however if your ID is cloned or you get spammed or whatever, its nigh on impossible to pinpoint it where the data comes from and if it was indeed this specific 3rd party. Its a shame there isn’t a reverse form the employer can be asked to sign: if you or any contracted 3rd party loose my data I will sue your a55 off.

Get a grip.

If your works legal people have done it properly the third party data processor will be under contract, making it clear that they can’t use your personal data for their own purposes.

a) I have doubts that my employer is capable of doing something properly, but more to the point, b) It’s not legitimate use that i’m bothered about. The more people that get unfettered access to my personal details (which are evidently valuable and worth protecting, or they wouldn’t be subject to the DPA) the greater the risk of illigitimate use. and a little office handling thousands and thousands of peoples data is surely a juicy target for ne’er do well types. I only begrudgingly trust my employer with my data, why should i trust companies that i don’t even know?

Is it not reasonable to tell my employer that he is free to see my license whenever he wants, just keep my data within the organisation? I’ll provide access on the spot if asked.

If you mistrust them taht much do you prevent your employer having your bank details in case they fall into the wrong hands?
I suspect not, because despite your mistrust you still want to get paid 😉

Your employer would be being reasonable if they can show that they have proper data protection measures in place with the third party. If not then they’d not be reasonable to insist on you sharing it with them.

We’ve had it for years. I balked originally, but signed years ago and have suffered no ill effects to the best of my knowledge.

Showing your license to your boss is not really a reliable way of managing the situation for any large employer. What if you lose your license, decide not to tell your boss and then have an accident in a company vehicle. The company could be liable. I assume that using an external company to monitor the state of your license is a way for your employer to mitigate that legal risk.

Is it not reasonable to tell my employer that he is free to see my license whenever he wants, just keep my data within the organisation? I’ll provide access on the spot if asked.

I guess in a large organisation that might be an embuggerance. Requesting 5 one-time codes from employees to process with the DVLA isn’t that big a deal, but having to go through that rigmarole for 5,000 employees probably is.

Is it not reasonable to tell my employer that he is free to see my license whenever he wants, just keep my data within the organisation? I’ll provide access on the spot if asked.

No. If they can demonstrate that they’ve taken reasonable steps to protect your information, then I’d say any further refusal on your part is counter productive.

As an agency driver I have to give my license details to my agent who then passes it on to all and sundry who might need to check the details as well.

I am cautious when it comes to personal data security but there is not much on your driving license that cannot be found by other means (the only thing I can think of is the driver number and your license entitlements but you can hardly open a bank account with those).

And to reiterate – they likely don’t need your consent to do this lawfully – although it could be a tricky area if you do have any convictions, as then we are in sensitive personal data territory. I won’t ask you to confirm or deny that on a public forum of course !

If you don’t, what’s the impact (for you)?

http://www.staffs.ac.uk/legal/privacy/10_rules/#accuracy

10. Third party processors

Be aware that if you are using a third party data processor e.g. for bulk mailings or database management and are giving them access to personal data, then you must have a written contract in place with them to ensure that they treat such information confidentially, securely and in compliance with the Data Protection Act 1998.

This is in line with my understanding – they are perfectly allowed to share but ideally should get consent but must have proper data protection clauses/controls in place with the third party.

My employer has provided the checking company’s cert of registration with the Information Commissioners Office, and that goes some way to relieving my concerns about them, but the consent form states that I give permission for them, but ALSO unnamed third parties chosen by them to access my data. If I say yes to that I may as well say to the DVLA let any bugger have it! It’s just a bit too open for my liking. And yes I have got my tinfoil hat on!

If you don’t, what’s the impact (for you)?

Well that’s kind of what I was wondering!

Is it too much hassle to post the exact wording of this supposed consent form ? Sometimes the terminology can be quite technical. But in any case any consent form that is as vague as you say is pretty pointless, a person can’t genuinely consent to something when they don’t know what it is.

it says;

Being the person referred to in section 2 above, I authorise the company or companies listed in section 1 above to ask DVLA for my driver record information as and when they require, at a frequency they shall determine. I understand that the company I authorise to ask for my driver record information may use an intermediary company to make the enquiry on their behalf.

All spelling mistakes are models own 😉

There is a second paragraph but it just says which bits of the record that they can see, which is basically all of it, and that the authority will expire in three years. but its the ‘intermediary’ bit I don’t like.

Anyone who wants to steal my identity and be me at the moment is more than welcome….

linky
I’ve found an online copy on Tunbridge wells councils website (good old google)

wanmankylung – Member
Get a grip.

This. Surely there are more important things to worry about? Companies that deal with data have to jump through hoops to keep it secure so a “3rd party” doesn’t automatically mean your information is going to someone in a shed in Uganda to start buying stocks and shares in your name.

They aren’t asking for your permission with that second sentence, they are informing you. Also, as per previous, the third party company can’t do anything with the personal data above what your employer has directed them to do, and they can’t subcontract without your employers permission. They certainly can’t sell it to data farms.

This is fairly standard stuff, it could be said your employer is doing more than they need by even telling you. They would have plenty of legitimate interests to rely on for this data processing for the purposes of your employment and verification of your fitness to be employed.

Fair enough, thank you for your time 🙂 I shall indeed;

Get a grip.

😆

My employer uses a 3rd party for this, there is also some pointless online assessment thing – and like most online ‘training courses’ we have at work, we print the answers off and pass them round.

and normally each year they email you claiming they don’t have a copy of your latest MOT/insurance certificate etc – even though you’ve submitted it with an acknowledgement.

A dishonest member of staff at Aviva Insurance sold my personal details one day after I reported an accident. They of course denied it and the Financial Ombudsman did nothing.

Totally understand your fears.

What data are you thinking they might steal? Have you actually looked at the data available with the new online checks? No address, no full licence number, no date of birth. Just your name, vehicles you can drive and points.

Bit different CG – Aviva actually had data on you that was useful to third parties. The online driving license check does not.

I tend to go with the flow with these sorts of things, with one exception.

A couple of years ago I was working for this villainous outfit, who out of the blue one day plonked new employment contracts on our desks to sign – someone asked “do I have to sign this?” and they said “yes” so everyone did.

I didn’t it all seemed to suspect to me. It was a change in terms which basically said they could insist without notice that someone, or everyone had to work overtime – they could waltz out of their office at 4:59pm and say “right, we’re busy, you all have to work until 7pm” although it didn’t state any max hours or anything – so in theory they could ask you to work till the next morning, without pay.

You don’t have to sign anything your employer gives you after your sign your first contracts of employment – it’s a two way street, you agree to do X and they agree to provide Y (money usually, but pensions, benefits etc) if they want to change the terms of your agreement, they can ask but you don’t have to agree – if you did there wouldn’t be any point signing it, but most people will blindly sign anything they’re given to keep them sweet.

As for this though, if you don’t want to, say no politely, you’ll probably cause a big fuss over nothing, the data company will have to comply with a huge amount of regulations to deal with your data as will your employer if they balls it up they’ll be held accountable – but I wouldn’t recommend anyone just sign anything because their employer has told them they have to.

Bit different CG – Aviva actually had data on you that was useful to third parties. The online driving license check does not.

Thanks for pointing that out, I’m becoming neurotic at being treated as a cash cow.

Do you have a salary, pension, healthcare and other benefits as part of your employment?
If so, they will likely hold much more personal data – have you queried their use of the information?
If they have robust protection processes in place and are a data controller they are unable to pass any information on to anyone other than your employer and the other 3rd party your employer is using.
Some people see it as big brother watching which I get in some instances. Do you have something to hide?