Recent MVR breach

The Imported Motor Vehicle Industry Association, VIA, has been advised of a privacy breach by one of their member businesses while accessing the Motor Vehicle Register (MVR). The VIA’s position as a representative body relies on all members maintaining a high standard for record-keeping and security. The guidelines set out by the VIA are as follows:

• Develop a process that minimises the number of staff who access MVR information (ideally two senior staff, e.g. Sales Manager and Finance Manager).
• Ensure that all other staff who require MVR information must email their request to an authorised user, giving their reason for the request. Save all these emails in a folder on your server, along with the results of the enquiry for audit purposes.
• If the reasons for the enquiry do not comply with the requirements of the Gazette Notice of authorisation, the request should be denied.
• Implement an internal audit process by a director of the business, that will also be recorded and filed on your server.
• As part of this process, any noted breaches of privacy should be immediately notified to the Registrar of Motor Vehicles (NZTA) and the Office of the Privacy Commissioner, and appropriate corrective actions

For the full guidelines click here.