British Parking Association member UKPC in epic data protection failure
Yesterday members of the Money Saving Expert (MSE) forum exposed a serious data protection breech on the website of UK Parking Control Limited (UKPC) who are a parking enforcement company.
It first became apparent that thousands of photos taken by the company were on public view. We have blurred out sensitive parts of the following images.
The photos revealed many vehicles snapped with a UKPC parking invoice slapped on them, Also amongst the photos were car owners returning to their cars, tax discs and even identity cards with photos, full names along with matching signatures.
In what seems a rather sinister move, many of the photographs were of the interiors of customers vehicles, showing off the public’s personal belongings.
At least one of UKPC’s operatives seems to operate mostly from his bed, and scattered throughout the collection of photos were perhaps an inside glimpse as to how UKPC operate as this photo shows.
A UKPC operative at work taking his invoice printout machine to bed.
Other photos reveal sensitive UKPC documents scattered on a bed.
The tag line on the UKPC website is “The Parking Professionals” , with the company boasting it has G4S, KFC, Tescos, Blockbuster and Pizza Hut as its clients.
With regard to data security UKPC say on their website under the heading ‘Guarding against data misuse’;
“In 2006 we introduced strict new measures to protect vehicle keepers against misuse of their details”
UKPC go on to say they have introduced additional safeguards, stating;
“Even with our existing measures to protect data against misuse, concerns about private car parking companies and interest in the disclosure of data to them have continued. We have responded to those concerns and have introduced additional new restrictions to safeguard the information we manage.”
Or simply put, an omni-shambles approach to customers data.
Perhaps to add a touch of some kind of legitimacy to their operation UKPC display official looking badges at the bottom of most of their web pages.
Funny that, as The Institute of Parking Professionals was disbanded in November last year, which was a body set up by the British Parking Association limited (BPA).
As members of the BPA, UKPC have access to the DVLA database, to allow them to look up members of the public’s name and address details. By the looks of the photographs we’ve seen today, these DVLA looks-ups can be done from a laptop in the bedroom.
In February this year the chief executive of the DVLA said their was a case to allow trusted parties to update the DVLA database, as the president of the BPA (Anjna Patel aka Kira Fleck) asked the DVLA if their members could update the DVLA’s database.
It seems to us that once again the BPA are unable to regulate their own members, do we really want to see companies like UKPC fiddling with our records held at the DVLA?
Supposing they get distracted whilst changing your DVLA address details by their huge flat screen TV or their exotic pig in a basket.
If you have a story you think we would be interested in please email: