Off the Kuff Rotating Header Image

More on DPS and data protection

A followup from the DMN about that data breach involving every drivers license number you’ve ever had.

Some other states do not sell [drivers’ license] data, but Texas does. State lawmakers could change the law in their 2021 session.

I first reported this in 2015 when I learned that several state government departments sell information to outsiders. In an open records request that year, I learned that in 2014 the Department of Motor Vehicles earned $2.4 million in sales.

This year, CBS 11/KTVT reporter Brian New updated those numbers. DMV made more than $3 million in 2019 selling drivers’ names, addresses, phone numbers, email addresses and VIN information, he reported.

[…]

The buyers are data-mining companies, insurance companies, banks, police departments, car dealers, toll companies, school districts, corporations, private investigators, tax-collecting law firms, tow truck companies and electricity companies, to name a few.

Follow this — the biggest loophole. In Texas, it’s against the law for companies who buy the information to use it to sell to us. So to get around that some companies sell the lists to other marketing companies, which go ahead and use the information to sell — and annoy us.

Because our information isn’t sold directly to marketers, the state doesn’t have to give us a privacy statement when we buy a car or apply for a driver’s license. We don’t get to opt out, as residents of California are now allowed to do.

State lawmakers could fix this, giving us privacy statements and allowing us to opt out of the information sold. Or they could go one better and prohibit the sale of the databases entirely. Other states do.

If you bring this up, state departments other than DMV complain loudly about how these are open records that often can help consumers. (For example, your car is towed, and the towing company can figure out who it belongs to). Besides, selling our data makes a lot of money for the general fund.

One way to see how loosey-goosey Texas is with our information is on the paid subscription lookup site, PublicData.com.

Years ago, there were multiple states listed where you could quickly look up a person’s driver’s license information. Now there’s only Florida and Texas. The other 48 now have higher standards of privacy.

Same goes for vehicle information. Only five states are listed for searching, but four are marked “[OLD].” The fifth is up to date and active. That’s us.

If you get unwanted spam email, postal mail or phone calls and wonder how they got your information, often enough it’s because of our state’s lax laws. Thank you state leaders.

When it comes to cheap and easy data distribution that violates our privacy, we’re number one. Hoo-ray for Texas.

See here for the background. California has a data privacy law that is modeled on the European GDPR scheme. I work with GDPR quite a bit, and it gives people a lot of control over their data while putting some real teeth into enforcement. One of the main ways that GDPR works is that it requires notifications to affected individuals when their personal data is stolen, deleted, or otherwise inappropriately accessed. That’s a lot better than what we have now.

There’s some federal data privacy legislation out there, which largely has the support of the big players like Facebook and Google, which on the one hand means it has a chance to pass but on the other hand means it’s not anything those companies consider to be bad for their business models. I’d rather see something more stringent than that – to me, GDPR is a starting point. We’re not going to get anything like that in Texas, I feel confident saying that. But feel free to call your State Rep and State Senator and tell them that you would like to have the ability to opt out of having your drivers license data sold by DPS. The amount the state takes in for these sales is pennies compared to the state budget. We can very easily do with less of that.

UPDATE: This Slate story about the need for a federal data privacy law is a good read, and addresses the ways we can learn from GDPR for an American version of that law.

Related Posts:

One Comment

  1. Wade says:

    Having bought a new car this year, it was annoying with the amount of mail solicitations I received afterwards from folks trying to sell something. Many looked they were from the dealer or car manufacturer with act now or your warranty will be void scams. And these had my VIN number so I know it was data sold by the state. I didn’t fall for this, but I could see others and elderly being preyed on.