Driver license records are protected by a variety of federal and state laws, including the Driver’s Privacy Protection Act (DPPA). The DPPA is a federal law that restricts the disclosure of personal information obtained from motor vehicle records, including driver license records. It requires state motor vehicle departments to obtain written consent from individuals before releasing any personal information from their driver license records.

Driver’s Privacy Protection Act

The Driver’s Privacy Protection Act of 1994 (also referred to as “DPPA”), Title XXX of the Violent Crime Control and Law Enforcement Actit is a United States Federal Statute governing the privacy and disclosure of personal information collected by the state Departments of Motor Vehicles.

The law was passed in 1994. It was introduced by the Democratic Republic. Jim Moran of Virginia in 1992, following an increase in some abortion opponents using public driver’s license databases to track and harass abortion providers and patients. Among these cases, the physician Susan Wicklund, who faced protests and harassment, including picketing her home for a month. The law is currently encoded in Chapter 123 of Title 18 of the United States Code.

Substantive provisions of the law

The statute prohibits the disclosure of personal information (as defined in 18 USC § 2725) without the express consent of the person to whom this information applies, with the exception of certain circumstances provided for in 18 USC § 2721. These rules apply to the Departments of Motor Vehicles, as well as other “authorized recipients of[s] of personal information” and imposes record keeping requirements on these “authorized recipients”.

Permitted uses are:

  1. For any government agency to carry out its functions
  2. For use in connection with “matter of security and theft of motor vehicles or drivers”, including
    1. disclosure “in connection with motor vehicle or driver safety and theft issues, motor vehicle emissions, automotive product changes, recalls or warnings, performance monitoring of motor vehicles and dealerships by motor vehicle manufacturers”
    2. removal of non-owner records from the original owner records of motor vehicle manufacturers to fulfill the purposes of the Automotive information disclosure lawThe Cost Savings and Information Law on Motor VehiclesThe National Traffic and Motor Vehicle Safety Act of 1966The Car Theft Act 1992and the Clean Air Law
  3. For use in the ordinary course of business by a legitimate company or its agents, employees or contractors, but only for:
    1. verify the accuracy of personal information
    2. correct information
  4. For use in connection with any matter before a court or arbitration proceeding.
  5. To produce statistical reports and other research, as long as personal information is not published.
  6. For use by insurers.
  7. To provide notice to owners of towed vehicles.
  8. For use by licensed private investigation agencies, for use permitted by the DPPA.
  9. For use by employers to verify commercial driver information as required by US Code Title 49subtitle VI, chapter 313.
  10. For use by private toll transportation facilities.
  11. For response to requests from motor vehicle departments.
  12. For the mass distribution of surveys, marketing materials or solicitations (opt-in only).
  13. When the individual’s written consent is provided.
  14. For other uses specifically authorized by state law.

The law also makes it illegal to obtain driver information for illegal purposes or to make false statements to obtain such information. The law establishes criminal fines for non-compliance and establishes a civil procedure cause of action for drivers against those who illicitly obtain their information.

legislative history

After Rebecca Schaeffer was murdered in 1989 by Robert John Bardo who found his address through the use of DMV records by a private detective agency, the easy availability of personal information from the DMV has been questioned.

The bill was presented simultaneously during the 103rd United States Congress at the Chamber of Deputies (according to HR 3365) and the Senate (as S. 1589) on October 26, 1993. The text of the bill was incorporated into HR 3355, the Violent Crime Control and Law Enforcement Act of 1994, which was eventually signed into law by the President. Bill Clinton as part of Public Law 103-322 of September 13, 1994.

of the statute constitutionality was supported by United States Supreme Court against a tenth amendment challenge in Reno v. condom.


[citation needed]

With the rise of new age computing technology and devices in the early 2000s came the collection, processing, aggregation, correlation and dissemination of user data. Websites, third-party advertising, and tracking companies began using mechanisms that violated user privacy. While “online” data identifying the user’s computing technology was helpful, this data benefit was limited. Advertising entities had a millisecond while users were online to market their wares; additionally, to “track” consumers by obtaining computing device data, HTML cookies were added to their devices. Since most computers and users deleted all cookies when they turned off their devices, this tracking mechanism failed to provide long-term tracking. What was missing was a means of associating “online” data activities with “offline” data, referencing personal information contained in public records, (Today, the goal is to associate “online” data with “offline” data and Biometrics, the new ” holy grail” of advertising data). The most accurate source of offline data and the cheapest were motor vehicle records maintained by DMVs.

As computer technology was rapidly progressing, federal and state laws failed to be proactive, a risk to the technology-ruled society. As such, litigation for violations was relatively non-existent. A new method for litigating federal privacy cases was needed to protect the hundreds of millions of people violated by unauthorized tracking of user activities “online” and “offline” (public records). This was a formidable task, as no law firm had litigated privacy cases involving the computer technology inherent in the exchange of user data between affiliated third-party entities, so there was no case precedent, no “blueprint” to follow. . Previous cases, such as the double-click “cookie” case in 2001, were based on the use of a wiretapping statute, the Electronic Communications Privacy Law (“ECPA”). While a plausible claim, it was a weak claim, as the site user has granted such permitted use within the site’s terms of service (“TOS”).

In Kehoe v. Fidelity Federal Bank and Trust, James Kehoe sued Fidelity Bank for purchasing hundreds of thousands of motor vehicle registrations from the state of Florida in violation of the Federal Motorists Privacy Protection Act. Fidelity Bank purchased 565,600 names and addresses from the Florida Department of Motor Vehicles from June 2000 to 2003. That information sold for pennies – literally, Fidelity was able to get the information for just $5,656. Fidelity used the information to target residents of Palm Beach, Martin and Broward counties for car loan applications. The US District Court for the Southern District of Florida ruled in June 2004 that James Kehoe needed to demonstrate actual damages before he could get any monetary recovery under the DPPA. The Court relied on the recent decision in Doe v. Chao and in the statutory building rules to decide that DPPA liquidated damages do not accrue to the plaintiff unless he can show actual damages. Kehoe appealed to the 11th Circuit Court of Appeals, which ruled: “…The law in question is the Driver’s Privacy Protection Act, 18 USC § 2721, et seq. (“DPPA”). Having considered the text simple rule of law, we conclude that a plaintiff need not prove actual damages to recover liquidated damages for a violation of the DPPA. Since the district court reached a contrary conclusion, we reverse and uphold the decision.” Kehoe v. Fidelity Federal Bank & Trust, 421 F. 3d 1209 (11th Cir. 2005), cert. denied.

While the Kehoe case was on appeal to the 11th Circuit, then to SCOTUS, the Law Offices of Joseph Malley PC initiated a broad freedom of information requests to all state DMVs, requesting any and all documents on persons and companies obtaining the mass DMV database, referencing obtaining all Detran records and periodic updates. The survey and follow-up with all state DMVs would take over a year. The company was able to identify 36 state DMVs that sold motor vehicle registrations in bulk. A review was then required of all persons and entities obtaining the data to determine whether they appeared to be a permissible use of the DPPA as required by the DPPA. Extensive follow-up discussions with all DMV officials were required to obtain additional information. Betting on the outcome of the SCOTUS decision, the extensive research ended up not being in vain. After SCOTUS denied the warrant in the Kehoe case, allowing the 11th Circuit’s ruling to state that actual damages were not necessary and that an individual could choose to accept actual or statutory damages, precedent was set. The Malley Firm was prepared to file a lawsuit and began filing an extensive amount of Federal Privacy Litigation. Federal Class Actions involving violations of the Motorists Privacy Protection Act (“DPPA”), 18 USC § 2721, et seq., brought by the Law Offices of Joseph H. Malley PC in Texas, Florida, Missouri and Arkansas, involving approximately from 4 -500 companies, including the following:

  1. Sharon Taylor et al. v. Acxiom Corporation et al., 2:07-cv-0001, (ED Tex. 2007)
  2. Sharon Taylor et al. v. ACS State & Local Solutions, Inc. et al., 2:07-cv-0013, (ED Tex. 2007)
  3. Sharon Taylor et al. v. Texas Farm Bureau Mutual Insurance Company et al., 2:07-cv-0014, (ED Tex. 2007)
  4. Sharon Taylor et al. v. Safeway Inc. et al., 2:07-cv-0017, (ED Tex. 2007)
  5. Sharon Taylor et al. v. Biometric Access Company et al., 2:07-cv-0018, (ED Tex. 2007)
  6. Sharon Taylor et al. v. Freeman Publishers Inc., 2:07-cv-0410, et al., (ED Tex. 2007)
  7. Richard Fresco v. RL Polk., No. 09-13344 (11th Cir. 2010), (Fresco II”- Intervention)
  8. Cook v. ACS State & Local Solutions, Inc. 663 F.3d 989 (10th Cir. 2011)
  9. Haney v. Recall Center, # 10-cv-04003 (WD Ark. May 9, 2012) (certified class action)
  10. Doe et al. v. Compact Information Systems Inc. et al., 3:13cv05013MBH, (ND Tex. 2013)
  11. Cross v. Blank, Adv. No.: 9:15ap00926FMD, (MD Fla. 2015)
  12. Arthur López v. Cross-sell and others, 3:16-cv-02009-K, (ND Tex. 2016)
  13. Laning et al. v. National Recall & Data Services Inc. et al., 3:16-cv-02358-B (ND Tex. 2016)
  14. López v. Herring, Civil Action No. 3:16-CV-02663-B, (ND Tex. 2017).


External Links

Source: Driver’s Privacy Protection Act

Video about Personal Information Obtained From Driver License Records Are Protected By:

Drivers Privacy Protection Act

Question about Personal Information Obtained From Driver License Records Are Protected By:

If you have any questions about Personal Information Obtained From Driver License Records Are Protected By:, please let us know, all your questions or suggestions will help us improve in the following articles!

The article Personal Information Obtained From Driver License Records Are Protected By: was compiled by me and my team from many sources. If you find the article Personal Information Obtained From Driver License Records Are Protected By: helpful to you, please support the team Like or Share!

Rate Articles Driver’s Privacy Protection Act

Rate: 4-5 stars
Ratings: 90 41
Views: 22191438

Search keywords Personal Information Obtained From Driver License Records Are Protected By:

1. Driver Record Privacy
2. Motor Vehicle Records
3. State DMV
4. Personal Information
5. Driver Data
6. Disclosure of Information
7. Driver License Numbers
8. Data Protection
9. Right to Privacy
10. Vehicle Registration
#Drivers #Privacy #Protection #Act