DMV Sale of Personal Information and TrueDialog Text Message Leak

Part I: DMV Sale of Personal Information

A group has investigated and allegedly found that the California Department of Motor Vehicles has earned more than $50 million by selling personal information of drivers to third parties without consent. This data may include names, addresses, and registration information. The DMV claims on its website that it does not sell information to advertisers or marketers for advertising or direct marketing purposes. It also claims that:

Most information acquired by the DMV is subject to public inspection under Vehicle Code Section 1808. Other statutes, regulations or laws governing subpoenas, discovery for litigation, Public Records Act requests, and commercial requestor requester accounts also apply to information gathered at this website. However, various provisions of law do prohibit or restrict the disclosure of certain electronically transmitted information such as social security numbers, residence addresses, and credit card accounts numbers. DMV also uses the information gathered on this website to help improve this website. For example, by tracking the number of website visitors, the date of visit, and the pages visited, DMV can balance resources so that the maximum number of visitors can obtain needed information. Additionally, by tracking what visitor software is being used (e.g. browser) DMV can avoid using features that visitors can not view or use.

However, the report indicates that the DMV may be selling personal information to insurance companies, vehicle manufacturers, and potential employers. It may also be selling information to third parties, including, but not limited to, LexisNexis and consumer reporting agencies (e.g., Equifax, Experian, TransUnion).

Part II: TrueDialog Text Message Leak

A recent report indicates that TrueDialog may be responsible for a massive text message leak that has exposed millions of text messages. The report indicates that “millions of Americans are at risk” of having their personal data exposed towards third parties. The researchers have reported that the data logs – which contained the text messages – were unsecured and unencrypted. The database that was allegedly breached contained access information to online medical services and usernames/passwords to social media websites.

TrueDialog provides text messaging solutions for businesses. As a result of the recent breach, it has taken the data logs offline but the information has probably been accessed by nefarious third parties. This breach will probably result in identity theft, fraud, or other unlawful actions. In general, “fraud” means an intentional misrepresentation, deceit, or concealment of a material fact known to the defendant with the intention on the part of the defendant of thereby depriving a person of property or legal rights or otherwise causing injury. Therefore, it is important to take certain protective measures.

What does this mean to the consumer?

Well, the unauthorized sale of personal information is unlawful. The California Consumer Privacy Act prohibits these types of actions and grants the following rights:

  1. The right to know, through a general privacy policy and with more specifics available upon request, what personal information a business has collected, its source, its usage, whether it’s being disclosed or sold, and to whom it’s being disclosed or sold;
  2. The right to “opt out” of allowing a business to sell personal information to third parties;
  3. The right to have a business delete personal information; and
  4. The right to receive equal service and pricing from a business even if they exercise their privacy rights under the laws.

Therefore, the consumers have certain enumerated rights that are granted by state or federal laws. For example, the Federal Identity Theft and Assumption Deterrence Act of 1998 (codified under 18 U.S.C. 1028) makes it a federal crime to produce or possess false or unauthorized identification documents or to use another’s identity to commit an activity that violates Federal law or that is a felony under state or local law. Also, the Driver’s Privacy Protection Act of 1994 (codified under 18 U.S.C. 2721) imposes limits on disclosures of personal information in records maintained by State departments of motor vehicles.

The judicial system is complicated when it comes to these cases. As such, it’s important to consult with a qualified attorney about your rights and responsibilities. Please contact our law firm to speak with a knowledgeable internet and technology lawyer at your convenience.