Utah yesterday started prohibiting the sale of motor vehicle lists to direct marketers and other groups.
Utah is the first state to prohibit these lists since the U.S. Supreme Court affirmed the amended Driver's Privacy Protection Act in January.
The new DPPA takes effect June 1, but some states — including Utah — are implementing the law earlier because of their legislative schedules. Utah’s law went into effect May 1 because all bills were to be implemented two months after the legislative session ended March 1.
The DPPA mandates that states require drivers to give specific permission before their information is released for any purpose except law enforcement. States must implement provisions that allow consumers to “opt in” to state programs that market their personal information, a change from the current “opt out” provision. In most cases, states are not choosing to run an opt-in program and are opting not to make their lists available for commercial purposes.
The act was introduced last year by Sen. Richard Shelby, R-AL, chairman of the Senate Transportation Appropriations Committee, and signed into law as part of a $49 billion federal transportation bill by President Clinton in October. Earlier this year, the Court ruled unanimously to allow Congress to uphold the new version of the DPPA.
The ruling means that marketers will have to use alternative data sources such as credit bureaus, the U.S. Postal Service’s change-of-address data, voter registration and land ownership documents for information needed to target buyers, but the motor vehicle and driver’s license data are considered the most up-to-date and accurate.
Specifically, motor vehicle data includes type of car purchased; and driver’s license data includes telephone number, address, gender, date of birth, weight, height, eyeglass use and sometimes medical information.
While Utah is the first state to put into effect a formal law prohibiting the sale of driver license data, other states, including Idaho, Iowa, Wisconsin and Washington, have all passed laws or executive orders that address privacy issues and the DPPA. For example, Washington Gov. Gary Locke and State Attorney General Christine Gregoire issued an executive order April 25 to ensure that private information collected by state agencies isn’t used to compromise the privacy of Washington citizens.
In particular, the order prohibits public agencies “from giving, selling or allowing the inspection of lists of individuals, unless specifically authorized or directed by law, if the requester intends to use the information for commercial purposes.”
Utah state Senator Karen Hale from Salt Lake City said the state's measure — SB-174 — guarantees Utah residents their personal information is protected. Previously, data about Utah's 1.8 million licensed drivers and vehicle owners could be obtained for about $2 per registration.
Utah also passed HB-243, a law that prevents accident reports from getting into the hands of virtually everyone but the people actually involved in the accident, law enforcement authorities, researchers and, under vaguely defined circumstances, the news media. This law was sponsored by Utah state Representative Glenn Way of Spanish Fork, UT.
Way said his bill was designed to protect the privacy of people involved in auto accidents and to keep their personal information — including their insurance policy numbers — from being improperly disclosed to third parties.
“We’ve had a serious problem with chiropractors using accident reports for personal gain,” said Way.