Privacy, Technology and Perspective
Texas Consumer Privacy Act Phase I: Restricting Sale of DMV and DPS Data. Without a single vote in opposition, the Legislature has enacted the “Texas Consumer Privacy Act Phase I,” restricting the ability of Texas state agencies to sell DMV, DPS and other personal information except for very limited purposes.
You can read the text of the new Act by clicking on the following link:
Brief Summary – Texas Consumer Privacy Act Phase I: The Act expands existing restrictions on sales of information in drivers’ and other licenses in these significant ways:
· criminalizing such sales or disclosures to anyone except “authorized recipients,” adding a private right of action with damages of at least $2,500;
· removing agencies’ authority to sell personal information in licenses for “motor vehicle market research activities, including survey research” in general, restricting it except for use by motor vehicle manufacturers, dealerships, or distributors or their agents (or persons providing services to them);
· tightening restrictions on other “authorized recipients” of such information;
· requiring agencies which provide such information to “seed” the data with some false entries so that its misuse can be tracked and proven, and to designate a compliance person to advise on the eligibility of people who want to receive personal information;
· requiring authorized recipients to post a $1 million performance bond, to show proof of at least $3 million in both general liability and cyber insurance coverage, and to report annually on disclosures and their purposes;
· requiring both disclosers and recipients to use “appropriate and accepted industry standard security measures” and to report any breach within forty-eight hours;
· closing some “side doors” reaching the same personal information, such as subscription lists to “Texas Highways” magazine or personal information of people who have bought products, hunting or fishing licenses, or services from the Parks and Wildlife Department; and
· specifically prohibiting any sale or redisclosure of personal information for the purpose of marketing extended warranties by phone.
More context: The federal Driver’s Privacy Protection Act of 1994 (“DPPA”) – passed in response to a famous “stalking” incident in the early 1990’s, when a deranged fan got an actress’s address from the California DMV – already sets a “floor,” prohibiting states from releasing personal information from DMV records except where one or more of fourteen exceptions applies.
You may see the DPPA by clicking on the following link:
States are free to add additional restrictions as to information contained in their own DMV records, however, and many do.
Texas now joins the list of states which add restrictive overlays to the DPPA requirements. Evidently, the 181 members of the Texas Legislature are fed up with robocalls offering to extend their car warranties.
Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.