The Driver’s Privacy Protection act was enacted in response to a number of crimes resulting from abuse of personal information maintained in Department of Motor Vehicle records systems. Most prominent of these crimes, was the death of actress Rebecca Schaeffer. A private investigator retrieved her home address from the California Department of Motor Vehicles database. The information was the used by her stalker to follow and eventually kill her. The Driver’s Privacy Protection Act helps to prevent such crimes by creating strict rules for the disclosure of an individual’s DMV records.
Scope of the DPPA
The Driver’s Privacy Protection Act is a Federal law that regulates agencies controlled on the State level. The Supreme Court Case Reno v. Condon, challenged the Federal government’s authority to create legislation regarding issues that would otherwise be in State control. The Supreme Court ruled that the Driver’s Privacy Protection Act did not violate the Constitution. States are allowed to pass more restrictive privacy protection laws, as long as they meet the minimum level of protection outlined in the Driver’s Privacy Protection Act.
The Driver’s Privacy Protection Act protects the use of personally identifiable information maintained in DMV records. Such information may include:
- Legal name, physical address, and phone number
- Social Security number and Driver Identification number
- Photograph and finger prints
- Height, weight, gender, age
- Any medical or physical disabilities
The Act does not protect information regarding traffic violations, accidents or license status.
Consent of the individual is required prior to the use and disclosure of their information unless they meet one of the following permissible uses:
- Required for legitimate agency functions
- Required for insurance purposes
- Required to verify the accuracy of information in a transaction initiated by the customer
- Related to Motor vehicle safety including, theft, emissions and notifying customers regarding product recalls
- Related to a civil, criminal or other legal proceeding
- Motor vehicle market research and surveys
- Required for research activities and statistical reports as long as the PI is not disclosed or used to contact individuals
- Required to provide notice of towed or impounded vehicles
- Used by licensed investigators and security professionals
- Used by private toll transportation facilities
- For any requestor when they can provide express written consent of the individual
The Driver’s Privacy Protection Act also requires all Motor Vehicle offices to ensure that all resellers of data comply with the DPPA and that no reseller may use or disclose the information for anything other than the outline allowable purposes.
Enforcement of the DPPA
The Driver’s Privacy Protection Act created a minimum base of protection, which is the responsibility of each state to implement and Enforce. All states were required to enact adequate protections as outlined by the DPPA as of September 1997. It is the responsibility of State attorneys general to enforce compliance. Any individuals found to be in known violation of the Driver’s Privacy Protection Act may face civil actions and fines of up to $5,000 for each day of noncompliance.