Personal details of thousands of drivers in Northern Ireland have gone astray after two CDs sent by courier failed to arrive at their destination.
An internal inquiry has been launched after staff at Northern Ireland's Driver and Vehicle Agency (DVA) admitted losing data on a total of 7,685 vehicle owners and their vehicles. The missing information consists of the owner's name and address, and details of the vehicle, including its make, model, colour, registration and chassis number.
The data, which was contained on two CDs, was being sent from the DVA in Coleraine to the DVLA (Driver and Vehicle Licensing Agency) in Swansea in response to vehicle manufacturers needing to contact owners about potential faults with vehicles. The CDs went missing in transit after being sent via a Parcelforce Worldwide tracked courier service.
In a statement about the breach to the Northern Ireland Assembly, Department of the Environment minister Arlene Foster said the CDs had been tracked at every stage of the handling until they reached the company's central hub in Coventry, but said there is no record of the packages leaving the depot.
Foster said: "Parcelforce believe they were dispatched to their Swansea depot but did not arrive there. In spite of extensive searches at the depot, they have not yet been found."
The data has already been resent to the DVLA via a different method, but Foster said courier delivery has been used for sending "this type of data… without incident for many years".
Foster said: "Due to the nature of the data on the disks, encryption was not used. It is ironic that an internal review instigated by the agency after the child-benefit disks went missing in Great Britain identified this method as a systemic weakness a week after the disks had been sent."
The DVA has written to every vehicle owner involved and each record has been flagged to alert staff in the event of any misuse of the data, according to Foster. A helpline has also been set up for customers to call with any concerns. But "in view of the limited nature of the data on the disks", it is not likely any of the people involved would need to take any action, she said.
Foster added: "I sincerely regret that this error has occurred and any inconvenience or concern caused to the keepers of the vehicles involved. As well as the internal review carried out by the Driver and Vehicle Agency, all issues regarding the handling and transmission of data are being examined urgently as part of the review across all departments… on the security of personal data."
Data-protection watchdog the Information Commissioner's Office has been informed and has agreed to carry out an audit of data security in the DVA.
In related news, a consultation has been launched into how personal information is used and shared in the public and private sectors, as part of an independent review of data use announced by the UK government back in October.