California Makes $50 Million Annually Selling Your DMV Data
from the dysfunction-junction dept
Earlier this year leaked data revealed that the Department of Motor Vehicles in numerous states has spent years selling citizen data to a laundry list of third parties, often without making such financial relationships or data transfers clear to patrons. Some of the data wound up being sold to the usual suspects (auto insurance and credit reporting companies being the most obvious), but much of it is routinely sold to more dubious third-party outfits and private investigators, which fairly obviously poses a risk to folks dealing with stalkers and psychotic exes.
A new report this week revealed that the California DMV alone is making $50 million annually selling this data to a laundry list of companies and third parties:
"In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18.
The document doesn't name the commercial requesters, but some specific companies appeared frequently in Motherboard's earlier investigation that looked at DMVs across the country. They included data broker LexisNexis and consumer credit reporting agency Experian. Motherboard also found DMVs sold information to private investigators, including those who are hired to find out if a spouse is cheating. It is unclear if the California DMV has recently sold data to these sorts of entities."
Granted all of this is perfectly legal due to the Driver's Privacy Protection Act (DPPA), a 90's law that critics say is in dire need of an update. That law was created in response to a series of abuses of DMV data, including the 1989 murder of actress Rebecca Schaeffer, after her killer obtained her home address from the DMV. And while the law was intended to stop the abuse of DMV data, it contained (surprise!) plenty of intentional loopholes making it okay to sell this data to a wide variety of individuals, including PIs, bail bondsmen, and consumer credit reporting agencies.
While the data sold can vary from state to state, it generally includes names, addresses, zip codes, dates of birth, phone numbers, and email addresses. Past leaks have shown that the Wisconsin DMV, for example, has personal data sales relationships with more than 3,100 different entities, and that the sale of this data is hugely profitable. California, for its part, insisted that it was doing everything it could to ensure this data isn't abused:
"The DMV takes its obligation to protect personal information very seriously. Information is only released pursuant to legislative direction, and the DMV continues to review its release practices to ensure information is only released to authorized persons/entities and only for authorized purposes. The DMV also audits requesters to ensure proper audit logs are maintained and that employees are trained in the protection of DMV information and anyone having access to this information sign a security document."
But if you hadn't noticed by now, these kinds of promises, be they coming from the DMV or Equifax, haven't been worth all that much. And when and if the data is leaked and abused, the penalties are usually a far cry from the profit made from selling this kind of data in the first place.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: california, dmv, privacy, profit, selling information
Reader Comments
Subscribe: RSS
View by: Time | Thread
Except this is trivially untrue. Once the data is out of the hands of the DMV, it's almost inevitable it will be abused, so the only way to ensure it is not abused is to ensure it never leaves the hands of the DMV. They're clearly not doing that, so they're not doing everything they can to ensure it won't be abused.
[ link to this | view in chronology ]
Everything it could
Yeah, California needs to elaborate and specify what steps it takes towards discouraging abuse of our data, and then let us, the citizens, decide if that is comprehensive or even adequate.
I'd suggest we'd need a referendum to outlaw the state selling private data (or giving it away without a court warrant) but I suspect such a law, if passed, would be ignored and unenforced.
[ link to this | view in chronology ]
Re:
Dirty commies with the flag that reads don't tread on us.
[ link to this | view in chronology ]
I blame Facebook.
[ link to this | view in chronology ]
Re:
Facebook is a great place to put the blame always.
[ link to this | view in chronology ]
Re: Re:
Yeah, why blame the actual culprits when you've got a big scapegoat to wave at /s
[ link to this | view in chronology ]
Re: Re: Re:
Fuck Facebook.
[ link to this | view in chronology ]
If this were a cyberpunk story...
We could task some supercomputer time (or some crowdsourced processing time) to automate the process of fabricating persons and filling out the forms so that they are registered in the DMV database as real persons, preferably with an associated home, automobile, medical conditions and rap sheet.
Considering the incredibly poor security chops shown by other state departments, I bet it would be entirely feasible.
[ link to this | view in chronology ]
Ha ha!
California DMV is selling snake oil. My data isn't worth shit.
[ link to this | view in chronology ]
In Texas you can request that your drivers license data be kept private and is not to be disclosed. Great... but, according a newspaper investigation, if one buys the license database it contains all records. The "private" records are flagged as such. And, of course, we all know how well everybody that buys the database will honor that flag.
[ link to this | view in chronology ]
Re:
Sure, the flags indicate there was reason to hide your data so it has to be opened by those assholes who wring their hands at unearthing your secrets.
[ link to this | view in chronology ]
Re:
It's worse than that in Texas and Texas is worse than California by a long shot. All you need to do is get a membership to publicdata.com and you have access to whatever records are sold by any state in the US. The records available in Texas vastly exceeds those in any other state. DL number? No problem. License plate info? No problem.
[ link to this | view in chronology ]