Data Вroker LexisNexis Selling DMV Data

From Privacy Wiki
Jump to navigation Jump to search
Data Вroker LexisNexis Selling DMV Data
Short Title DMV Selling Drivers Information Via Huge Data Вroker LexisNexis
Location United States
Date November 2020

Solove Harm Secondary Use
Information Location, Behavioral, Identifying, Ownership, Transactional
Threat Actors Department of Motor Vehicles

Individuals
Affected Car drivers
High Risk Groups Driver
Tangible Harms

Department of Motor Vehicles sold personal information of drivers to law firms via a data broker, and then faced a lawsuit for that.

Description

In November 2020 a massive data broker LexisNexis was found to have personal information of drivers (their motor vehicle records) from Departments of Motor Vehicles and resell it to other organizations that did not have a legally permissible use for the information.

A class action lawsuit was filed in 2016 and alleged the company sold Departments of Motor Vehicles data to law firms, which then used it for their own business purposes.Secondary Use that violated the Drivers' Privacy Protection Act (DPPA).

This is an example of how data from state DMVs can be abused and can be leveraged for financial gain instead of legitimate purposes, like administering vehicle registration and driver licensing. The second defendant in the class action was PoliceReports.US, a company that LexisNexis acquired in 2014 and which made vehicle accident or crash reports available on its website. The data purchased from DMV potentially included crash reports by report date, location, or driver name and payment by credit card, prepaid bulk accounts or monthly accounts.

The class action was filed in 2016. In 2020 LexisNexis reached a settlement of over $5 million.

Breakdown

Threat: DMV selling the drivers data for financial gain via data brokers, when they are supposed to use it for administrative purposes like driver licensing and vehicle registration
At-Risk group: Drivers
Harm: Secondary Use
Secondary Consequences: not known