Definition

What is the Driver's Privacy Protection Act (DPPA)?

By

The Driver's Privacy Protection Act (DPPA) is a United States federal law designed to protect the personally identifiable information of licensed drivers from improper use or disclosure. Congress passed the DPPA in 1994 in response to complaints that state agencies were selling drivers' information to direct marketing and auto insurance companies to augment revenue.

The DPPA requires all states to safeguard the privacy of personal information in an individual's motor vehicle record, including the driver's name, address, phone number, Social Security number, driver identification number, photograph, height, weight, gender, age, certain medical or disability information, and, in some states, fingerprints.

The DPPA makes it illegal to obtain drivers' information for unlawful purposes and to make false representations to obtain such information. Under the law, criminal fines can be levied for noncompliance, and individuals have a private right of action, including actual and punitive damages, as well as attorneys' fees.

Since its enactment, the DPPA has been updated to address new privacy concerns and technological advancements in data management.

Permissible uses under the DPPA

Under the DPPA, drivers' personal information can be obtained from motor vehicle departments for certain uses, including the following:

Legitimate government agency functions.
Matters of auto safety, theft, emissions and product recalls.
Insurance purposes.
Notices for towed or impounded cars.
Use by licensed investigators or security services.
Use by private toll transportation facilities.
Motor vehicle not-for-profit market research and surveys.

In addition, the law has expanded permissible uses to include compliance with federal and state regulations, and for activities related to vehicle recalls and safety notices.

Drivers' information is also available in response to requests for individuals' records if the state has received permission from the individual. Records of each additional disclosure must be kept, identifying each person or entity that has received the disclosure and for what purpose; the disclosure records must be retained for five years.

The legislation does not protect information about a driver's traffic violations, license status or accidents.

State-specific regulations and enhancements

Many states have laws to supplement the DPPA. Whether the DPPA applies to records of vehicles owned by corporations, proprietorships, partnerships, limited liability partnerships, associations, estates, lienholders or trusts varies by state.

Some states have implemented stricter regulations and additional safeguards to enhance the protection of drivers' personal information, reflecting the evolving landscape of data privacy.

Map of U.S. states that have passed data privacy laws.

Concerns about how personal data is processed and stored are leading to the passage of new privacy regulations that govern how companies handle consumer data. Explore the state of U.S. data privacy protection laws.

This was last updated in July 2024

Continue Reading About What is the Driver's Privacy Protection Act (DPPA)?

Data governance framework key to analytics success

Top customer data privacy best practices

Data protection vs. security vs. privacy: Key differences

Data privacy challenges and how to fix them

How do companies protect customer data?

Search Networking

What is dynamic and static?
In general, dynamic means 'energetic or forceful,' while static means 'stationary.'
What is open networking?
Open networking describes a network that uses open standards and commodity hardware.
What is Border Gateway Protocol (BGP)?
BGP (Border Gateway Protocol) is the protocol that enables the internet's global routing system.

Search Security

What is a brute-force attack?
A brute-force attack is a trial-and-error hacking method cybercriminals use to decode login information and encryption keys to ...
What is Pretty Good Privacy and how does it work?
Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate ...
What is cloud security?
Cloud security, or cloud computing security, is a set of policies, practices and controls deployed to protect cloud-based data, ...

Search CIO

What is quantum machine learning? How it works
Quantum machine learning (QML), also called quantum-enhanced machine learning, blends the computing power of quantum systems with...
What are quantum coherence and decoherence?
Quantum coherence and decoherence are fundamental indications of how well a system of quantum objects -- atoms or other quantum ...
What is a SWOT analysis? Definition, examples and how to
SWOT analysis is a framework for identifying and analyzing an organization's strengths, weaknesses, opportunities and threats.

Search HRSoftware

What is talent management? Definition, basics and strategy
Talent management is a strategic approach organizations use to attract, develop, retain, and optimize employees.
What is employee experience?
Employee experience is a worker's perception of the organization they work for during their tenure.
What are performance appraisals? A how-to guide for managers
A performance appraisal is the structured practice of regularly reviewing an employee's job performance.

Search Customer Experience

What are customer service and support?
Customer service is the support organizations offer to customers before, during and after purchasing a product or service.
What is quality of experience (QoE or QoX)?
Quality of experience (QoE or QoX) is a measure of the overall level of a customer's satisfaction and experience with a product ...
What is voice of the customer? A guide to VOC Strategy
Voice of the customer (VOC) is the component of customer experience (CX) that focuses on customer needs, wants, expectations and ...

Close