California Makes $50 Million Annually Selling Your DMV Data

from the dysfunction-junction dept

Earlier this year leaked data revealed that the Department of Motor Vehicles in numerous states has spent years selling citizen data to a laundry list of third parties, often without making such financial relationships or data transfers clear to patrons. Some of the data wound up being sold to the usual suspects (auto insurance and credit reporting companies being the most obvious), but much of it is routinely sold to more dubious third-party outfits and private investigators, which fairly obviously poses a risk to folks dealing with stalkers and psychotic exes.

A new report this week revealed that the California DMV alone is making $50 million annually selling this data to a laundry list of companies and third parties:

“In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18.

The document doesn’t name the commercial requesters, but some specific companies appeared frequently in Motherboard’s earlier investigation that looked at DMVs across the country. They included data broker LexisNexis and consumer credit reporting agency Experian. Motherboard also found DMVs sold information to private investigators, including those who are hired to find out if a spouse is cheating. It is unclear if the California DMV has recently sold data to these sorts of entities.”

Granted all of this is perfectly legal due to the Driver’s Privacy Protection Act (DPPA), a 90’s law that critics say is in dire need of an update. That law was created in response to a series of abuses of DMV data, including the 1989 murder of actress Rebecca Schaeffer, after her killer obtained her home address from the DMV. And while the law was intended to stop the abuse of DMV data, it contained (surprise!) plenty of intentional loopholes making it okay to sell this data to a wide variety of individuals, including PIs, bail bondsmen, and consumer credit reporting agencies.

While the data sold can vary from state to state, it generally includes names, addresses, zip codes, dates of birth, phone numbers, and email addresses. Past leaks have shown that the Wisconsin DMV, for example, has personal data sales relationships with more than 3,100 different entities, and that the sale of this data is hugely profitable. California, for its part, insisted that it was doing everything it could to ensure this data isn’t abused:

“The DMV takes its obligation to protect personal information very seriously. Information is only released pursuant to legislative direction, and the DMV continues to review its release practices to ensure information is only released to authorized persons/entities and only for authorized purposes. The DMV also audits requesters to ensure proper audit logs are maintained and that employees are trained in the protection of DMV information and anyone having access to this information sign a security document.”

But if you hadn’t noticed by now, these kinds of promises, be they coming from the DMV or Equifax, haven’t been worth all that much. And when and if the data is leaked and abused, the penalties are usually a far cry from the profit made from selling this kind of data in the first place.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “California Makes $50 Million Annually Selling Your DMV Data”

Subscribe: RSS Leave a comment
Anonymous Coward says:

California, for its part, insisted that it was doing everything it could to ensure this data isn’t abused:

Except this is trivially untrue. Once the data is out of the hands of the DMV, it’s almost inevitable it will be abused, so the only way to ensure it is not abused is to ensure it never leaves the hands of the DMV. They’re clearly not doing that, so they’re not doing everything they can to ensure it won’t be abused.

Uriel-238 (profile) says:

Re: Everything it could

Yeah, California needs to elaborate and specify what steps it takes towards discouraging abuse of our data, and then let us, the citizens, decide if that is comprehensive or even adequate.

I’d suggest we’d need a referendum to outlaw the state selling private data (or giving it away without a court warrant) but I suspect such a law, if passed, would be ignored and unenforced.

Uriel-238 (profile) says:

If this were a cyberpunk story...

We could task some supercomputer time (or some crowdsourced processing time) to automate the process of fabricating persons and filling out the forms so that they are registered in the DMV database as real persons, preferably with an associated home, automobile, medical conditions and rap sheet.

Considering the incredibly poor security chops shown by other state departments, I bet it would be entirely feasible.

Mark says:

In Texas you can request that your drivers license data be kept private and is not to be disclosed. Great… but, according a newspaper investigation, if one buys the license database it contains all records. The "private" records are flagged as such. And, of course, we all know how well everybody that buys the database will honor that flag.

bobob says:

Re: Re:

It’s worse than that in Texas and Texas is worse than California by a long shot. All you need to do is get a membership to and you have access to whatever records are sold by any state in the US. The records available in Texas vastly exceeds those in any other state. DL number? No problem. License plate info? No problem.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...