Data Broker On The Hook For $5 Million After Abusing Its Access To North Carolina DMV Data

from the but-why-did-it-have-access-in-the-first-place? dept

The government demands a lot of data from its citizens. In exchange for the privilege of operating a car, the government wants to know a lot about you. It then takes this data and locks it up tight, ensuring only the agency demanding the info has access to it.

Oh, wait. It does exactly the opposite of that. It shares it with tons of other government agencies that might find that information useful. Then it sells this data to whoever it wants, profiting off information citizens are obligated to give to the government.

Late last year, Karl Bode covered the state of California's routine abuse of driver and vehicle data. The state's DMV raked in $50 million selling this data to data brokers like LexisNexis and a host of other private entities, like Experian and an untold number of private investigators.

A lawsuit against LexisNexis filed in North Carolina has just paid off for the plaintiffs, as Joseph Cox reports for Vice.

On Tuesday the massive data broker LexisNexis reached a settlement of over $5 million in response to a class action lawsuit that alleged the company sold DMV data to law firms, which then used it for their own business purposes.

[...]

"Defendants will make payment of the amount of service awards, attorneys' fees, and other expenses approved by the Court up to and not more than $5,150,000.00, in the aggregate, by wire transfer to the agent identified by Class Counsel," the proposed settlement agreement reads. Law360 first reported the settlement.

LexisNexis was just taking advantage of lax privacy laws in North Carolina. So were the government agencies that sold the data to LexisNexis in the first place. The lawsuit alleged LexisNexis sold motor vehicle records in a way that violated the state's Drivers' Privacy Protection Act. The Act doesn't appear to have provided much protection. LexisNexis and other customers weren't actually following the law, which supposedly requires private entities to detail their planned use of the data before obtaining it. This doesn't appear to have happened in this case.

And the law still allows private investigators to access the data, despite a private investigator's careless handling of purchased data having prompted the creation of the law.

Ironically, the permissible uses also include for private investigators; the DPPA was created in the first place after a private investigator working for a stalker obtained the address of actress Rebecca Schaeffer from the DMV. The stalker then murdered Schaeffer.

This settlement is a drop in the cash flow bucket for LexisNexis, which likely won't be deterred from misusing this information in the future. The solution isn't lawsuits. It's legislation that forbids state agencies from selling the data it forces residents to hand over in exchange for public goods and services. Until that happens, abusive uses of this data will still be a regular occurrence.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data brokers, dmv, north carolina, privacy, selling data
Companies: lexisnexis


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ECA (profile), 10 Nov 2020 @ 11:58am

    As mentioned.

    Where is the Gov. agency in all this, that didnt follow the rules inteh first palce?

    link to this | view in chronology ]

    • icon
      Koby (profile), 10 Nov 2020 @ 1:54pm

      Re: As mentioned.

      There are legitimate uses for the sale of this data. The North Carolina DMV did permissibly sell the data to Lexis Nexis. However, then Lexis Nexis (the data broker in this case) impermissibly resold the data to some lawyers so that the lawyers could market to people involved in vehicle crashes. That use of the data was not allowed under the federal Divers Privacy Protection Act.

      Selling data is not automatically illegal. The impermissible use of the data is.

      link to this | view in chronology ]

      • icon
        ECA (profile), 10 Nov 2020 @ 3:21pm

        Re: Re: As mentioned.

        And??
        What about the police knowing you dont have Insurance. Being connected OUTSIDE of the system, in the first palce.

        link to this | view in chronology ]

  • icon
    Avantare (profile), 10 Nov 2020 @ 12:44pm

    TL;DR

    In a bad mood so I'll just leave this here.

    $5 million is no where near enough.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Nov 2020 @ 4:05pm

    You guys do a good job. Stick with it.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.