The DMV and Driver’s Privacy Protection Act: Part Two


. By Jane Mundy

Buying and Selling Your Motor Vehicle Record: Privacy and Security Violations

Although the Driver’s Privacy Protection Act DPPA disallows state DMV’s from disclosing your personal information for direct marketing, without your express consent, attorney Joseph Malley has discovered that most states sell that information to companies using it for such purpose—in direct violation of the DPPA. And it’s a multi-billion dollar business from which you get nothing.

Unbeknownst to most everyone, Malley is on a privacy crusade—to protect the privacy of 145 million Americans registered with their state’s motor vehicle department. As a solo-practitioner, he is doing what the State DMVs are failing to do, single-handedly filing federal class actions against such entities, an epitome of the “David v Goliath” battle. (A summary of Malley’s court filings below support his activities.)

Have you ever received a letter that claims your vehicle warranty has expired, or a car dealership that wants to ‘buy-back” your vehicle? Ever wondered how these companies that you have never dealt with knew your name, address, make, model and year of your vehicle?

Malley says that most of the information contained within these letters are derived from your motor vehicle record. He says a company can take information from your motor vehicle record and correlate it to telephone number databases. The telemarketer will then “robo-call” prospective customers. When a person picks up their phone the computer automatically shows the person’s DMV data. The person believes the caller is legit since they know their vehicle information.

However, a handful of entities, such as courts and the police, do obtain DMVs legally and sell information to, say, insurance agencies, government agencies and prospective employers. The latter typically request background checks for criminal records such as DUI.

But companies that buy DMV information for the express purpose of marketing are doing so illegally. The DPPA federal law prohibits states from selling information that puts at risk our privacy and security. The California DMV states the following:

The DPPA limits the use of a person's motor vehicle record to certain purposes. These purposes are defined in Title 18, United States Code (USC), Section 2721:
• Carrying out government agency functions, including courts and law enforcement.
• Use in matters of motor vehicle safety, theft, emissions, product recalls.
• Motor vehicle market research and surveys.
• Legitimate business needs in transactions initiated by the individual to verify the accuracy of personal information.
• Use in connection with a civil, criminal, administrative, or arbitral proceeding.
• Insurance activities.
• Research activities and statistical reports, so long as the personal information is not redisclosed or used to contact individuals.

The DPPA permits civil damages of $2,500.00 per each violation, and states such as Texas sell 30 million DMV records to each Bulk requestor.

Malley has learned that the DMVs are violating the DPPA—perhaps indirectly—because personal information has been, and continues to be, “re-disclosed or used to contact individuals.”

Who Else is Buying Information?

That’s the multi-billion dollar question. “We know who is buying MVRs from the state,” quips Malley. “The question has always been, ‘What direct marketers are buying MVRs from these bulk requestors?’ The “Bulk Requesters” are individuals or companies that buy the entire database, then periodic updates, claiming a permissible DPPA use. Through the Freedom of Information Act, Malley knows who they are. But Malley’s mission is to find those entities who are buying from the bulk requesters and selling information to telemarketers for direct marketing.

“We know who the telemarketers are from their letters and phone calls to consumers nationwide,” Malley explains. “And those consumers contact me to complain, but it’s not just about privacy, or even the use of this data for identity theft, it’s about a person’s safety”. In one (1. below) of Malley’s lawsuits he represented an individual referenced as “Jane Doe” within the complaint. Malley explains, “A women contacted me from Florida about receiving a warranty mailer. She had seen my work in this area and was concerned. My cases note that if you receive a warranty letter, then in all probability, the DMV has not only sold your information but you could be found online in a few minutes for a cost of less than five dollars. As I confirmed this information she began to cry hysterically. She explained her boyfriend had tried to kill her, attempting to strangle her to death. She left the state and sought refuge in Florida. Within a few weeks of registering her vehicle she began receiving the warranty letters”.

So how big is this problem? After three years of extensive litigation and discovery on one case, Malley says he finally exposed the inner workings of one such group, “I was shocked, there were in excess of 1,500 companies across the US making a living off of this one Bulk Requestor for many years,” he says. “These documents also revealed a marketing plan for auto dealerships to pay in excess of $10,000 per week for this vehicle data. Malley adds that the bulk requesters and the telemarketing groups are small companies. The key is the large corporations that actually finance these operations.

“If you want to see it for yourself, put your VIN number into a Google search and you will get pages of companies that have your information illegally,” adds Malley.

Next month in Part 3, Malley discusses previous and pending litigation. And he shares information on DMVs in Texas and Florida; information he obtained through the Freedom of Information Act.

Malley’s court filings:

1. Cook v. ACS State & Local Solutions, Inc. 663 F.3d 989 (10th Cir. 2011), a Federal Class Action involving of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

2. Doe et. al. v. Compact Information Systems Inc. et al., 3:13cv05013MBH, (N.D. Tex. 2013), a Federal Class Action involving violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

3. Haney v. Recall Center,No. 10-cv-04003 (W.D. Ark. May 9, 2012) a Federal Class Action, (certified class action), involving violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

4. Richard Fresco v. R.L. Polk., No. 09-13344 (11th Cir. 2010), (Fresco II"-Intervention), a Federal Class Action involving violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

5. Sharon Taylor et al. v. Acxiom Corporation et al., 2:07-cv-0001, (E.D. Tex. 2007), a Federal Class Action involving about 50 companies, violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

6. Sharon Taylor et. al. v. ACS State & Local Solutions, Inc. et. al., 2:07-cv-0013, (E.D. Tex. 2007), a Federal Class Action involving about 50 companies, violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

7. Sharon Taylor et. al. v. Texas Farm Bureau Mutual Insurance Company et.al., 2:07-cv-0014, (E.D. Tex. 2007), a Federal Class Action involving about 50 companies, violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

8. Sharon Taylor et. al. v. Safeway Inc. et. al., 2:07-cv-0017, (E.D. Tex. 2007), a Federal Class Action involving about 50 companies, violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;


9. Sharon Taylor et. al. v. Biometric Access Company et. al., 2:07-cv-0018, (E.D. Tex. 2007), a Federal Class Action involving about 50 companies, violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;


10. Sharon Taylor et. al. v. Freeman Publishers Inc.,2:07-cv-0410, et. al., (E.D. Tex. 2007), a Federal Class Action involving about 50 companies, violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

11. Cross v. Blank, Adv. No.: 9:15ap00926FMD, (M.D. Fla. 2015), a Federal Class Action involving violations of the Driver's Privacy Protection Act ("DPPA"),18 U.S.C. § 2721, et seq.;

12. Arthur Lopez v. Cross-Sell et. al., 3:16-cv-02009-K, (N.D. Tex. 2016), a Federal Class Action involving violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

13. Laning et al v. National Recall & Data Services Inc. et. al., 3:16-cv-02358-B (N.D. Tex. 2016), a Federal Class Action involving violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

14. Lopez et al v. Don Herring. et. al., 3:16-cv-02663-B (N.D. Tex. 2016), a Federal Class Action involving violations of the Driver's Privacy Protection Act ("DPPA"), 18 U.S.C. § 2721, et seq.;

Privacy Legal Help

If you or a loved one have suffered losses in this case, please click the link below and your complaint will be sent to a media/telecom lawyer who may evaluate your Privacy claim at no cost or obligation.
READ MORE PRIVACY LEGAL NEWS