FOI request detail

TfL staff access to personal data

Request ID: FOI-0731-1718
Date published: 21 July 2017

You asked

Can you please supply me with information as to which TfL staff has access to drivers home addresses and personal data and what protections TfL have in place to protect this data from falling into the hands of unscrupulous TfL employees.

We answered

TfL Ref: FOI-0731-1718

Thank you for your email received by us on 22 June 2017 asking for information about TfL staff access to personal data.

Your request has been considered in accordance with the requirements of the Freedom of Information Act and our information access policy.  I can confirm that we hold some of the information you require. 

Access to personal data is restricted by role profiles, which are linked to the work the person is carrying out. The personnel who have access to our Taxi and Private Hire IT system, called TOLA, and who carry out work related to drivers, would have access to a driver’s name and address, which is held under the London Hackney Carriages Act 1843. Our information systems are auditable, although it is possible to view a driver’s name and address without a record being created. 

As well as our statutory obligations under the 1843 Act, we need to process drivers address details in our role as regulator. On a basic level we need a driver’s address for communication purposes and issuing licences. The address is of course added to the licence itself. We also use the address for validation and ID checking as it must match up with the information held by the DBS and DVLA.

Access to TOLA is provided to people undertaking work linked to taxi and private hire work. Primarily this will involve the taxi and private hire licensing team, complaints team and compliance team (including appeals). In addition, NSL and their subcontractors, who provide vehicle licensing, IT and fulfilment services on our behalf  also have access to TOLA in relation to these activities.  They are bound contractually to meet our privacy requirements which include standards such as PCI DSS for financial information and the relevant ISO 27001 industry recognised standards.

We have controls in place for those who have access to TOLA. We have processes to add or remove system access for people joining, moving and leaving roles where TOLA access is required, and we conduct background checks and provide training for new employees. The department is also subject to audit by our internal audit team.

You also asked us to provide TfL's computer records, show which TfL staff have accessed your records over the last 18 months, and you have asked for your TfL file under a subject access request. In order for us to take forward these requests we need you to complete the taxi and private hire subject access request form, which is available here -
If this is not the information you are looking for, please do not hesitate to contact me.

Please see the attached information sheet for details of your right to appeal as well as information on copyright and what to do if you would like to re-use any of the information we have disclosed.

Yours sincerely

Paulina Tuffour
FOI Case Officer

FOI Case Management Team
General Counsel
Transport for London


Back to top

Want to make a request?

We'll email you the response within 20 working days.

We'll publish the response online without disclosing any personal information.