1. NaVCIS PNC LoS Submissions – Internal Review Request

A Freedom of Information Act request for ‘NaVCIS PNC LoS Submissions‘.

A request made of the NPCC, FOI Ref: 2233/2025
Refused citing s.14 – vexatious
An attempt was made to amend the request, to assist and avoid an Internal Review, the detail this would require or, in the alternative, to have the refusal explained to enable a targeted response (IR) to be made – NPCC FoIA Follow-Up

The below and associated links are submitted to support an Internal Review request.

INTERNAL REVIEW

There’s no doubt that NaVCIS serves a purpose. But its role, while housed within policing, feels increasingly ‘private’, funded by industry, operating behind closed doors.

Despite NaVCIS’ use of public police powers and infrastructure, like PNC access, port enforcement, and international coordination, its assistance appears ringfenced for a select few, victims of FRAUD : finance companies, not the wider public or other victims of vehicle THEFT.

This raises a question: Why should a police-backed unit, benefiting from national law enforcement resources, operate in a bubble simply because it’s privately funded?

I have no issue with NaVCIS’s existence – on the contrary, I support efforts to tackle vehicle crime. But transparency matters. Sharing best practices, methodology, and insights could uplift national policing and benefit all victims. Yet there is seemingly a reluctance to disseminate – in the absence of payment to secure ‘policing+‘. A lack of openness can distort crime data, skews recovery rates, and shields operations from scrutiny.

“Policing-plus” should serve the many, not the few.

This information request stemmed from receipt of the DVLA’s LoS reports, the ‘stolen’ records submitted by constabularies for 2023 & 2024. Analysis revealed NaVCIS placed ‘Lost of Stolen’ (LoS) markers against Vehicle registration Marks (VRMs) on the Police National Computer (PNC).

Introduction and Rationale for Request

Are these “LOST or STOLEN” (LoS) records truly reflective of stolen vehicles? Or, more accurately, do many arise from fraudulent acquisition, not conventional theft? This distinction matters.

If vehicles obtained through fraud, typically via finance agreements, are being classified and interpreted as stolen, there is a risk of data distortion. This could result in skewed vehicle crime statistics, inaccurate recovery rate reporting, and flawed public or parliamentary understanding of vehicle theft trends.

As examples, the Association of British Insurers (ABI) and Office for National Statistics (ONS) crime data rely on police classifications. If NaVCIS, tasked with representing private finance interests, contributes data without a clear distinction between theft and fraud, it undermines efforts to understand and tackle vehicle crime holistically.

Why is the Distinction Relevant, Crucial?

Theft and fraud are distinct offences, with different criminal, civil, and insurance consequences. Yet police records and public discourse often blur them, coining misleading phrases like “theft by fraud”, an offence that does not exist in UK law.

This misclassification may also affect title issues. Under Nemo Dat quod non habet, a bona fide purchaser cannot acquire title from a thief. But where fraud is involved, civil proceedings are often the remedy, not criminal enforcement. Innocent purchasers are left vulnerable, often criminalised, when no crime has technically been committed.

This is not the forum to engage in a detailed legal analysis of title law, and I do not claim to be legally qualified to provide definitive conclusions. However, there are clear ambiguities in how vehicle title is understood and applied in matters involving NaVCIS, particularly when vehicles are acquired through fraud or contractual default.

For example, NaVCIS appears to become involved in cases where vehicles have been obtained:

Through a mistake as to the identity of the purchaser, which may constitute theft by deception or fraud; or
Without such a mistake, but where the purchaser later defaults, breaches contract terms, or fails to return the vehicle, these situations are often treated as civil matters (‘1’ below).

These scenarios raise distinct legal implications in terms of title transfer:

In cases involving mistaken identity, courts have held that title may not pass at all, as there was no true intention to contract with the fraudster (‘2’ below).
In contrast, where a contract is entered into knowingly and a default arises later, title may pass, and disputes are typically civil, not criminal (‘3’ below).

Yet both categories of cases appear to be operationally treated in the same way; vehicles are marked as “Lost or Stolen” (LoS) on the Police National Computer (PNC). This conflation of theft and fraud has potential significant implications:

It can misrepresent crime statistics by inflating theft rates with vehicles not stolen in the criminal sense;
It risks criminalising innocent purchasers who may have lawfully acquired the vehicle;
It creates legal uncertainty around third-party rights and title transfer.
It enables NaVCIS to exert significant influence, using police systems and powers, despite being funded by private interests (FLA – ‘4’ below).

The concern is not with NaVCIS as a concept, but with the lack of transparency surrounding:

Their operational standards,
The criteria for PNC LoS registration, and
The legal thresholds being applied.

Given their hybrid public-private nature, NaVCIS should operate with full accountability, especially where police databases and criminal designations are being applied to cases with potentially civil origins.

Footnotes:

See Shogun Finance Ltd v Hudson [2003] UKHL 62 – distinguishing fraud by impersonation (no contract) from straightforward misrepresentation (contract formed).
Cundy v Lindsay (1878) 3 App Cas 459 – where the seller intended to contract with someone else, no contract was formed.
Lewis v Averay [1972] 1 QB 198 – a face-to-face transaction involving misrepresentation upheld as a valid contract, with title passing.
The Finance and Leasing Association (FLA) funds NaVCIS to assist in the recovery of vehicles subject to finance fraud.

The Role of Security Bypass Technology

Though seemingly unrelated, the availability and increasing criminal use of electronic security bypass tools is pertinent to this request. In 2019, the Vehicle Crime Taskforce (VCT) flagged this very issue (known to be prevalent in 2010) as a threat requiring attention. Five years on:

Vehicle theft has increased substantially.
Security-bypass devices remain easily accessible.
Only now, in 2024–2025, is legislation being proposed to restrict their use, a substantial legislative lag.

In contrast, criminals engaging in fraud to acquire financed vehicles do not need bypass tools. They are handed the keys, the documents, and the delay in reporting makes detection and interception difficult. Fraud, in this context, becomes the lower-risk option—yet appears to be hidden under misleading “theft” figures.

The government’s decision to criminalise the possession of vehicle security-bypass equipment is long overdue. This technology, used to steal modern cars silently, has been known to law enforcement and industry for over a decade. Yet simplistic/confused legislative action is only arriving now, ironically, as vehicle theft by this means is understood to be on the decrease. It raises an uncomfortable question: why act decisively only when the worst may have already passed?

The delay has undoubtedly allowed organised crime to flourish, and the timing now smacks more of optics than substance, though possibly such situations arise because those who wish to make a difference are ignored, kept from pertinent information.

I have written on the subject:

Why This Information Matters

The data sought will enable:

A clearer understanding of NaVCIS operations and remit, especially regarding LoS markers.
Insight into the prevalence of fraud-based vehicle acquisition, currently under-reported and misunderstood.
Evaluation of how NaVCIS activity may be skewing
- Theft figures – in particular newer (<3year old) vehicles (I have been asked to look in more detail at the data for less-than-three-year-old car thefts – is there a reduction across premium brands or key models with both the DVLA and Home Office data sets?) – more information concerning my association with vehicle crime matters can be read on the ‘About’ page.
- Recovery statistics, given that their recovery rate (60%+) vastly outperforms most forces (~40% or less).
Consideration of whether PNC annotations are adequate to inform officers encountering flagged vehicles, particularly where civil, not criminal, liability may apply.

The DVLA data on stolen vehicle markers only reflects what NaVCIS chooses to disclose. There is no audit trail for:

How many VRMs NaVCIS investigates that do not make it to the PNC;
How NaVCIS records the method of acquisition (e.g. fraud vs. theft);
What happens to recovered vehicles—how recovery is defined and recorded.

This information has implications for:

Transparency;
Police resource allocation;
Public confidence in crime data;
Innocent third parties caught in dispute over vehicle ownership.

In response to a FoIA request for NaVCIS PNC LOS submissions, the NPCC cited ‘vexatious’ to refuse disclosure of the information. They wrote, wishing to explain further, that Section 14(1) may be used in a variety of circumstances where a request, or its impact on a public authority, cannot be justified.

The arguments presented are as follows: the text set against a blue background. The commentary and associated links (below) comprise the grounds for seeking an Internal Review of the decision:

The term ‘vexatious’ is not defined in the legislation in ICO vs Devon County Council & Dransfield the Upper Tribunal defined the purpose of Section 14 as ‘…must be to protect the resources (in the broadest sense of that word) of the public authority from being squandered on disproportionate use of FOIA….’.

The Tribunal commented that vexatious could be defined as the ‘manifestly unjustified, inappropriate or improper use of a formal procedure’. The Tribunal’s definition clearly establishes that the concepts of proportionality and justification are relevant to any consideration of whether a request is vexatious.

There was no intention to make manifestly unjustified, inappropriate or improper use of a formal procedure. My request neither satisfies such a definition nor was it ever intended to. I respectfully challenge the engagement of section 14 ‘vexatious’, here.

To identify and deal with a vexatious request the ICO suggests that there are some typical key features of a vexatious request and four broad themes:

The burden (on the public authority and its staff);

It is not accepted that the request would cause a burden. I respectfully challenge the reference to ‘burden’ here.

The motive (of the requester);

I understand a request is ‘motive blind’. However, motive is important, and I need to explain this. My legitimate public interest, my motive, is explained here.

The value or serious purpose (of the request); and

While some information relating to ‘value &/or serious purpose’ is set out under ‘motive’ above, further information is here.

Any harassment or distress (of and to staff).

There has been no intention to distress or harass, and I question the appropriateness of this, the motive. I respectfully challenge the accusation here.

When considering the amount of work that would be involved in dealing with a request and whether it would impose an unreasonable burden, the NPCC and the Information Commissioner’s Office (ICO) takes into account the level of resources available. There are two NPCC FOI Decision Makers and the threshold at which the burden becomes grossly oppressive is lower than for a larger public authority with many staff.

I am unfamiliar with the staffing of the NPCC’s FoIA unit. I am aware, for example, a constabulary (Staffordshire) appears to require a team of 4 to address disclosure requests – FoiA, SAR and police reports (crime & RTC). It appears the NPCC has at least 4 employees associated with FoIA disclosures.

Whilst it is difficult to compare Authroties for the purpose of FoIA, an enquiry of WhatDoTheyKnow.com states:

On the 22^nd of November 2018 the National Police Chiefs’ Council became formally subject to the Freedom of Information Act via the The Freedom of Information (Designation as Public Authority and Amendment) Order 2018. The site states 419 requests have been made (via the site)

The issue appears to be a repeat of ‘burden’ – see above – however, I make further comment with regard to ‘resourcing’ here.

It is common for a potentially vexatious request to be the latest in a series of requests submitted. The greater the number of requests received, the more likely it is that the latest request is vexatious. This is because the collective burden of dealing with the previous requests, combined with the burden imposed by the latest request, becomes a tipping point, rendering the latest request vexatious.

In addition, the pattern of request is overwhelming with numerous requests made in quick succession.

Requests are submitted before the NPCC has had the opportunity to respond to previous requests.

The Upper Tribunal in Dransfield said:

“A requester who consistently submits multiple FOIA requests or associated correspondence within days of each other, or relentlessly bombards the public authority with e-mail traffic, is more likely to be found to have made a vexatious request” (paragraph 32).

I would anticipate it being relatively easy for an Authroity citing vexatious, in particular a succession or reliance upon timing, to provide the chronology, the dates. This pertinent information is absent.

I am concerned that there is a lack of detail accompanying the accusations and challenge this here.

The ICO provides advice on Duration. Where requests have been submitted over a long period, possibly years, this may indicate that requests will continue to be made in the future. Therefore, even if the latest request appears entirely reasonable, when viewed in isolation, you may take into account the anticipated burden of those future request when assessing burden.

It is also recognised that a request which is the latest in a series demonstrating obsessive behaviour can have the effect of harassing staff due to the collective burden they place on staff.

In Rod Cooke vs IC EA/2018/0028 23 July 2018 the Tribunal considered requests made to Kirby Cane and Ellingham Parish Council regarding a dispute over the ownership of a certain piece of land. When looking at any harassment or distress caused to the parish council the Tribunal stated that:

“We do not find that the appellant has deliberately harassed or caused distress to the Council members or clerk. Nonetheless, we note that there has been a considerable volume of correspondence over a number of years directed at a single issue. In the context of a small council run by volunteers and a part time clerk, we find that the burden of dealing with this matter would potentially cause a feeling of harassment and distress to the individuals involved.” (paragraph 26).

There appears to be a difference between

Overwhelming – I comment upon prior requests here.
Distressful and
Burden.

There are also the issues of

Obsession
Harassment

‘Vexatious’ is an easy accusation to make, but takes effort to counter. I have tried to address the above under ‘Burden‘, with the compiled links listed below.

But the burden is also undermined by reference to the listed ‘similar’ requests (below), which appear to have been embellished by including appeals that necessarily double the entries. No context/subject is provided for each, and this is telling – these are not, bar one, similar requests, as explained here.

Your request relates to similar requests previously received by you:
2202/2025 Initial Request 0093/2025 Initial Request
0044/2025 ICO Appeal of 426/2024 (subject to IR 450/2024)
0039/2025 Internal Review
0014/2025 Initial Request
0012/2025 Internal Review IR of 425/2024
0450/2024 Internal Review IR of 426/2024
0426/2024 Initial Request
0425/2024 Initial Request
0254/2024 Initial Request

For example, 3 of the above entries refer to the same request, have the common reference ‘426’.

‘Similarity of Requests’ is an aspect that I would expect an Authority to demonstrate with relative ease.

Yet the NPCC simply lists references which cross-reference to one another without any context – why? No data is provided, no request subject and no explanation of the similarity. This gives rise to immediate suspicion and is considered further here.

Of those requests, the emails generated in processing each of the above totals 191 which includes internal emails relating to the request in retrieval efforts and request for clarification with you. This does not include the time taken to retrieve, review and consider information held.

Simply conveying ‘191 emails’ does not enable me to make an informed comment; however, I provide the following concerns & observations here. I await the records being relied upon.

In addition to the above, the time taken to discuss progress with your request(s) with Senior Management is disproportionate to progressing other requests.

This statement is unsupported, and I respectfully challenge the situation and seek more details/information here. I await evidence of the statement, the evidence being relied upon.

It is unreasonable to expect that within minutes of us providing a response to you, you are then seeking clarification on information provided, further queries or appeal. This is causing unnecessary distress and prohibiting daily activities and making our daily working environment stressful.

This is an odd stance to take. I respectfully challenge your conduct and position here.

I believe the detailed response this document provides (links below) will convince all that this request is clearly set apart from any other, is standalone. Indeed, that it is so individual to cause a question; is NaVCIS acting appropriately insofar as seizures/recoveries are concerned?

Why This Request Is Not Vexatious

To label such a request vexatious under Section 14 FOIA is not only disproportionate but raises concerns about transparency.

The Information Commissioner’s Office (ICO) guidance is clear:

“A request which may be irritating or burdensome to deal with is not necessarily vexatious if it has a serious purpose and raises matters of public interest.”
(ICO Guidance, Section 14(1) FOIA)

In Dransfield, the leading case on Section 14, the Upper Tribunal noted:

“Vexatiousness must not be used to avoid scrutiny or accountability.”

This request strikes at the heart of how policing interacts with private interests and how public databases are used in the service of those interests. If anything, the NPCC’s response—avoiding these questions—suggests the issue is worth further scrutiny.

NEXT PAGE – FoIA & ‘Vexatious’

The Request & Refusal:

The Internal Review (IR) submissions are provided on the associated pages: