Driver's Privacy Protection Act
The Driver's Privacy Protection Act of 1994 (also referred to as the "DPPA"), Title XXX of the Violent Crime Control and Law Enforcement Act, is a United States federal statute governing the privacy and disclosure of personal information gathered by state Departments of Motor Vehicles.
The law was passed in 1994. It was introduced by Rep. Jim Moran of Virginia in 1992, after an increase in opponents of abortion rights using public driving license databases to track down and harass abortion providers and patients. Prominent among such cases was physician Susan Wicklund, who faced protests and harassment including her house being picketed for a month. The law is currently codified at Chapter 123 of Title 18 of the United States Code.
Substantive provisions of the act
The statute prohibits the disclosure of personal information (as defined in 18 U.S.C. § 2725) without the express consent of the person to whom such information applies, with the exception of certain circumstances set forth in 18 U.S.C. § 2721. These rules apply to Departments of Motor Vehicles as well as other "authorized recipient[s] of personal information", and imposes record-keeping requirements on those "authorized recipients".
The permissible uses are:
- For any government agency to carry out its functions
- For use in connection with "matters of motor vehicle or driver safety and theft", including
- disclosure "in connection with matters of motor vehicle or driver safety and theft, motor vehicle emissions, motor vehicle product alterations, recalls, or advisories, performance monitoring of motor vehicles and dealers by motor vehicle manufacturers"
- removal of non-owner records from the original owner records of motor vehicle manufacturers to carry out the purposes of the Automobile Information Disclosure Act, the Motor Vehicle Information and Cost Saving Act, the National Traffic and Motor Vehicle Safety Act of 1966, the Anti-Car Theft Act of 1992, and the Clean Air Act
- For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only to:
- verify the accuracy of personal information
- correct information
- For use in connection with any matter before a court or arbitration proceeding.
- For producing statistical reports and other research, provided that personal information is not published.
- For use by insurance companies.
- For providing notice to owners of towed vehicles.
- For use by licensed private investigation agencies, for a permitted DPPA use.
- For use by employers to verify commercial driver information as required by U.S. Code Title 49, subtitle VI, chapter 313.
- For use by private toll transportation facilities.
- For response to requests from motor vehicle departments.
- For the bulk distribution of surveys, marketing materials, or solicitations (opt-in only).
- When written consent of the individual is provided.
- For other uses specifically authorized by state laws.
The act also makes it illegal to obtain drivers' information for unlawful purposes or to make false representations to obtain such information. The act establishes criminal fines for noncompliance, and establishes a civil cause of action for drivers against those who unlawfully obtain their information.
After Rebecca Schaeffer was murdered in 1989 by a deranged fan who located her through DMV records, laws were changed drastically, regarding the release of such records.
The bill was introduced simultaneously during the 103rd United States Congress in the House of Representatives (as H.R. 3365) and the Senate (as S. 1589 on 26 October 1993. It was eventually signed by President Bill Clinton as part of Public Law 103-322 on 13 September 1994.
The statute's constitutionality was upheld by the U.S. Supreme Court against a Tenth Amendment challenge in Reno v. Condon. In Maracich v. Spears, 570 U.S. ___ (2013), the Supreme Court ruled that the Act's litigation exception did not extend to attorneys' solicitation of new clients.
United States Court of Appeals,Eleventh Circuit.James KEHOE, Plaintiff-Appellant, v. FIDELITY FEDERAL BANK & TRUST, Defendant-Appellee. No. 04-13306, writ denied by SCOTUS in 2006, is considered the "grandfather" of all DPPA litigation. A decision involving the meaning of a comma within the statutory language, permitting the option of actual damages, or liquidated damages of $2500.00 per violation, citing the comma as providing the option. As the Kehoe case was being litigated to various lower levels of court for many years, unbeknownst to Attorney Joseph H. Malley,(Law Offices of Joseph H. Malley, PC, Dallas Texas) he had begun to research the unauthorized access to a client's motor vehicle records in 2004, requesting open records request to the Texas DMV and about 35 other state DMVs. Within days of the kehoe ruling by SCOTUS, now knowing he had SCOTUS precedent Attorney Malley began filing Driver Privacy Protection Act ("DPPA") class actions, a law related to the unauthorized access to DMV records and permitted statutory damages for privacy violations, IE., $2500.00 damage award "per person-per violation, (per company)". Initially filing federal class actions against 3-400+ companies starting in 2006, and continuing to date:
http://www.fox13news.com/news/local-news/216818850-story Tampa Florida Fox 13 news-5 part series talking about DPPA cases. the investigation caught the attention of US Senator, who then requested Federal Investigation by US Attorney General Lynch: http://www.fox10tv.com/story/36851521/drivers-license-info-sold-fox-news-investigation-finds
- Miller, Michael W. (August 25, 1992). "Information Age: Debate Mounts Over Disclosure Of Driver Data". Wall Street Journal.
- 18 U.S.C. §§ 2721–2725
- 18 U.S.C. § 2721
- 18 U.S.C. § 2722
- 18 U.S.C. § 2723
- 18 U.S.C. § 2724
- Bill details of H.R. 3365 from THOMAS
- Bill details of S. 1589 from THOMAS
- Legislative notes on the Driver's Privacy Protection Act, courtesy of the Legal Information Institute
- 528 U.S. 141 (2000)