What is the Driver's Privacy Protection Act (DPPA)?
The Driver's Privacy Protection Act (DPPA) is a United States federal law designed to protect the personally identifiable information of licensed drivers from improper use or disclosure. Congress passed the DPPA in 1994 in response to complaints that state agencies were selling drivers' information to direct marketing and auto insurance companies to augment revenue.
The DPPA requires all states to safeguard the privacy of personal information in an individual's motor vehicle record, including the driver's name, address, phone number, Social Security number, driver identification number, photograph, height, weight, gender, age, certain medical or disability information, and, in some states, fingerprints.
The DPPA makes it illegal to obtain drivers' information for unlawful purposes and to make false representations to obtain such information. Under the law, criminal fines can be levied for noncompliance, and individuals have a private right of action, including actual and punitive damages, as well as attorneys' fees.
Since its enactment, the DPPA has been updated to address new privacy concerns and technological advancements in data management.
Permissible uses under the DPPA
Under the DPPA, drivers' personal information can be obtained from motor vehicle departments for certain uses, including the following:
- Legitimate government agency functions.
- Matters of auto safety, theft, emissions and product recalls.
- Insurance purposes.
- Notices for towed or impounded cars.
- Use by licensed investigators or security services.
- Use by private toll transportation facilities.
- Motor vehicle not-for-profit market research and surveys.
In addition, the law has expanded permissible uses to include compliance with federal and state regulations, and for activities related to vehicle recalls and safety notices.
Drivers' information is also available in response to requests for individuals' records if the state has received permission from the individual. Records of each additional disclosure must be kept, identifying each person or entity that has received the disclosure and for what purpose; the disclosure records must be retained for five years.
The legislation does not protect information about a driver's traffic violations, license status or accidents.
State-specific regulations and enhancements
Many states have laws to supplement the DPPA. Whether the DPPA applies to records of vehicles owned by corporations, proprietorships, partnerships, limited liability partnerships, associations, estates, lienholders or trusts varies by state.
Some states have implemented stricter regulations and additional safeguards to enhance the protection of drivers' personal information, reflecting the evolving landscape of data privacy.
Concerns about how personal data is processed and stored are leading to the passage of new privacy regulations that govern how companies handle consumer data. Explore the state of U.S. data privacy protection laws.