California Makes $50 Million Annually Selling Your DMV Data

from the dysfunction-junction dept

Earlier this year leaked data revealed that the Department of Motor Vehicles in numerous states has spent years selling citizen data to a laundry list of third parties, often without making such financial relationships or data transfers clear to patrons. Some of the data wound up being sold to the usual suspects (auto insurance and credit reporting companies being the most obvious), but much of it is routinely sold to more dubious third-party outfits and private investigators, which fairly obviously poses a risk to folks dealing with stalkers and psychotic exes.

A new report this week revealed that the California DMV alone is making $50 million annually selling this data to a laundry list of companies and third parties:

"In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18.

The document doesn't name the commercial requesters, but some specific companies appeared frequently in Motherboard's earlier investigation that looked at DMVs across the country. They included data broker LexisNexis and consumer credit reporting agency Experian. Motherboard also found DMVs sold information to private investigators, including those who are hired to find out if a spouse is cheating. It is unclear if the California DMV has recently sold data to these sorts of entities."

Granted all of this is perfectly legal due to the Driver's Privacy Protection Act (DPPA), a 90's law that critics say is in dire need of an update. That law was created in response to a series of abuses of DMV data, including the 1989 murder of actress Rebecca Schaeffer, after her killer obtained her home address from the DMV. And while the law was intended to stop the abuse of DMV data, it contained (surprise!) plenty of intentional loopholes making it okay to sell this data to a wide variety of individuals, including PIs, bail bondsmen, and consumer credit reporting agencies.

While the data sold can vary from state to state, it generally includes names, addresses, zip codes, dates of birth, phone numbers, and email addresses. Past leaks have shown that the Wisconsin DMV, for example, has personal data sales relationships with more than 3,100 different entities, and that the sale of this data is hugely profitable. California, for its part, insisted that it was doing everything it could to ensure this data isn't abused:

"The DMV takes its obligation to protect personal information very seriously. Information is only released pursuant to legislative direction, and the DMV continues to review its release practices to ensure information is only released to authorized persons/entities and only for authorized purposes. The DMV also audits requesters to ensure proper audit logs are maintained and that employees are trained in the protection of DMV information and anyone having access to this information sign a security document."

But if you hadn't noticed by now, these kinds of promises, be they coming from the DMV or Equifax, haven't been worth all that much. And when and if the data is leaked and abused, the penalties are usually a far cry from the profit made from selling this kind of data in the first place.

Filed Under: california, dmv, privacy, profit, selling information


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 26 Nov 2019 @ 4:22pm

    California, for its part, insisted that it was doing everything it could to ensure this data isn't abused:

    Except this is trivially untrue. Once the data is out of the hands of the DMV, it's almost inevitable it will be abused, so the only way to ensure it is not abused is to ensure it never leaves the hands of the DMV. They're clearly not doing that, so they're not doing everything they can to ensure it won't be abused.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 26 Nov 2019 @ 4:46pm

      Everything it could

      Yeah, California needs to elaborate and specify what steps it takes towards discouraging abuse of our data, and then let us, the citizens, decide if that is comprehensive or even adequate.

      I'd suggest we'd need a referendum to outlaw the state selling private data (or giving it away without a court warrant) but I suspect such a law, if passed, would be ignored and unenforced.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Nov 2019 @ 5:32pm

      Re:

      Dirty commies with the flag that reads don't tread on us.

      reply to this | link to this | view in chronology ]

  • icon
    OA (profile), 26 Nov 2019 @ 4:29pm

    I blame Facebook.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 26 Nov 2019 @ 4:53pm

    If this were a cyberpunk story...

    We could task some supercomputer time (or some crowdsourced processing time) to automate the process of fabricating persons and filling out the forms so that they are registered in the DMV database as real persons, preferably with an associated home, automobile, medical conditions and rap sheet.

    Considering the incredibly poor security chops shown by other state departments, I bet it would be entirely feasible.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 26 Nov 2019 @ 7:15pm

    Ha ha!

    California DMV is selling snake oil. My data isn't worth shit.

    reply to this | link to this | view in chronology ]

  • identicon
    Mark, 26 Nov 2019 @ 8:32pm

    In Texas you can request that your drivers license data be kept private and is not to be disclosed. Great... but, according a newspaper investigation, if one buys the license database it contains all records. The "private" records are flagged as such. And, of course, we all know how well everybody that buys the database will honor that flag.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Nov 2019 @ 11:18pm

      Re:

      Sure, the flags indicate there was reason to hide your data so it has to be opened by those assholes who wring their hands at unearthing your secrets.

      reply to this | link to this | view in chronology ]

    • identicon
      bobob, 27 Nov 2019 @ 11:13am

      Re:

      It's worse than that in Texas and Texas is worse than California by a long shot. All you need to do is get a membership to publicdata.com and you have access to whatever records are sold by any state in the US. The records available in Texas vastly exceeds those in any other state. DL number? No problem. License plate info? No problem.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.