Data Broker On The Hook For $5 Million After Abusing Its Access To North Carolina DMV Data

from the but-why-did-it-have-access-in-the-first-place? dept

The government demands a lot of data from its citizens. In exchange for the privilege of operating a car, the government wants to know a lot about you. It then takes this data and locks it up tight, ensuring only the agency demanding the info has access to it.

Oh, wait. It does exactly the opposite of that. It shares it with tons of other government agencies that might find that information useful. Then it sells this data to whoever it wants, profiting off information citizens are obligated to give to the government.

Late last year, Karl Bode covered the state of California’s routine abuse of driver and vehicle data. The state’s DMV raked in $50 million selling this data to data brokers like LexisNexis and a host of other private entities, like Experian and an untold number of private investigators.

A lawsuit against LexisNexis filed in North Carolina has just paid off for the plaintiffs, as Joseph Cox reports for Vice.

On Tuesday the massive data broker LexisNexis reached a settlement of over $5 million in response to a class action lawsuit that alleged the company sold DMV data to law firms, which then used it for their own business purposes.

[…]

“Defendants will make payment of the amount of service awards, attorneys’ fees, and other expenses approved by the Court up to and not more than $5,150,000.00, in the aggregate, by wire transfer to the agent identified by Class Counsel,” the proposed settlement agreement reads. Law360 first reported the settlement.

LexisNexis was just taking advantage of lax privacy laws in North Carolina. So were the government agencies that sold the data to LexisNexis in the first place. The lawsuit alleged LexisNexis sold motor vehicle records in a way that violated the state’s Drivers’ Privacy Protection Act. The Act doesn’t appear to have provided much protection. LexisNexis and other customers weren’t actually following the law, which supposedly requires private entities to detail their planned use of the data before obtaining it. This doesn’t appear to have happened in this case.

And the law still allows private investigators to access the data, despite a private investigator’s careless handling of purchased data having prompted the creation of the law.

Ironically, the permissible uses also include for private investigators; the DPPA was created in the first place after a private investigator working for a stalker obtained the address of actress Rebecca Schaeffer from the DMV. The stalker then murdered Schaeffer.

This settlement is a drop in the cash flow bucket for LexisNexis, which likely won’t be deterred from misusing this information in the future. The solution isn’t lawsuits. It’s legislation that forbids state agencies from selling the data it forces residents to hand over in exchange for public goods and services. Until that happens, abusive uses of this data will still be a regular occurrence.

Filed Under: , , , ,
Companies: lexisnexis

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Data Broker On The Hook For $5 Million After Abusing Its Access To North Carolina DMV Data”

Subscribe: RSS Leave a comment
5 Comments
Koby (profile) says:

Re: As mentioned.

There are legitimate uses for the sale of this data. The North Carolina DMV did permissibly sell the data to Lexis Nexis. However, then Lexis Nexis (the data broker in this case) impermissibly resold the data to some lawyers so that the lawyers could market to people involved in vehicle crashes. That use of the data was not allowed under the federal Divers Privacy Protection Act.

Selling data is not automatically illegal. The impermissible use of the data is.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...