The IT Law Wiki
Register
Line 10: Line 10:
 
== Statutory Provisions ==
 
== Statutory Provisions ==
   
The Act prohibits state departments of motor vehicles (DMVs) and others to whom the DMVs provide information from disclosing a driver’s personal information<ref>The term "personal information" is defined as information that identifies an individual, including an individual’s photograph, Social Security number, driver identification number, name, address, telephone number, and medical or disability information, but does not include information on vehicular accidents, driving violations, and driver’s status.</ref> without the driver’s consent. DMVs that violate the Act are subject to civil penalties.
+
The Act prohibits state departments of motor vehicles (DMVs) and others to whom the DMVs provide information from disclosing a driver’s personal information<ref>The term "personal information" is defined as information that identifies an individual, including an individual’s photograph, [[Social Security number]], driver identification number, name, address, telephone number, and medical or disability information, but does not include information on vehicular accidents, driving violations, and driver’s status.</ref> without the driver’s consent. DMVs that violate the Act are subject to civil penalties.
   
 
Under the DPPA, personal information contained in a motor vehicle record may be disclosed for use by any government agency, including any court or law enforcement agency, in carrying out its functions, or to any private person or entity acting on behalf of a Federal, State, or local agency; and for use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, or pursuant to a Federal, State, or local court order.
 
Under the DPPA, personal information contained in a motor vehicle record may be disclosed for use by any government agency, including any court or law enforcement agency, in carrying out its functions, or to any private person or entity acting on behalf of a Federal, State, or local agency; and for use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, or pursuant to a Federal, State, or local court order.

Revision as of 06:11, 4 May 2008

Citation: Driver’s Privacy Protection Act of 1994, 18 U.S.C. §§ 2721-25.

Overview

Prior to 1997, in many states the easiest way for an individual to get another person’s identity information was simply to purchase the individual’s driving record from the local DMV. For a few dollars, anyone could obtain a driver’s full name, address, birth date and license number, which in many states was the same as the individual’s SSN. Thus, the DMV served as a one-stop shop for the would-be identity thief.

This practice changed with Congress's passage of the Driver’s Privacy Protection Act of 1994 (DPPA) as an amendment to the Omnibus Crime Act of 1994.

Statutory Provisions

The Act prohibits state departments of motor vehicles (DMVs) and others to whom the DMVs provide information from disclosing a driver’s personal information[1] without the driver’s consent. DMVs that violate the Act are subject to civil penalties.

Under the DPPA, personal information contained in a motor vehicle record may be disclosed for use by any government agency, including any court or law enforcement agency, in carrying out its functions, or to any private person or entity acting on behalf of a Federal, State, or local agency; and for use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, or pursuant to a Federal, State, or local court order.

The Act requires that the driver consent before the state discloses most of this information, but permits disclosure of the 5-digit zip code and “information on vehicular accidents, driving violations and driver's status.” The Act provides a number of exceptions, including information required to control emissions, driver safety, thefts, recalls, verifying personal information submitted to a business, and insurance. The private parties that receive this information are also authorized to disclose it to others for the same purposes. And “a private actor who has obtained drivers' information from DMV [Department of Motor Vehicles] records specifically for direct-marketing purposes may resell that information for other direct-marketing uses, but not otherwise.”[2]

The broadest of all the exceptions to the Act are the so-called “opt-out provisions” found in Sections 2721(b)(11) and (12). These provisions permit a state to disclose personal identification information to any individual or business so long as the state provides license holders written notice that includes a clear opportunity to opt-out.[3]

While numerous states have enacted statutes with disclosure prohibitions as strict or stricter than the DPPA’s default standard, the majority of states have enacted a variety of opt-out laws which allow drivers to choose different levels of confidentiality.[4]

2000 Amendment

In 2000, the Act was amended to create a new class of "highly restricted personal information." This includes an individual's photograph or image, social security number, and medical or disability information. This information may not be shared without the express consent of the person to whom the information applies, except for four purposes stated in the Act.

Remedies

Violation of the DPPA exposes both states and individuals that do not comply with its requirements to sanctions. One of these provides that “a state agency that maintains a ‘policy or practice of substantial noncompliance’ with the Act may be subject to a civil penalty imposed by the United States Attorney General of not more than $5,000 per day of substantial noncompliance.”[5]

Constitutionality

In 2000, the U.S. Supreme Court upheld that constitutionality of the Act in Reno v. Condon.

References

  1. The term "personal information" is defined as information that identifies an individual, including an individual’s photograph, Social Security number, driver identification number, name, address, telephone number, and medical or disability information, but does not include information on vehicular accidents, driving violations, and driver’s status.
  2. 18 U.S.C. §2721(c).
  3. Angela R. Karras, "The Constitutionality of the Driver’s Privacy Protection Act: A Fork in the Information Access Road," 52 Fed. Comm. L.J. 125, 131 (1999).
  4. Id. at 132-33.
  5. Id. §2723(b).