Data Вroker LexisNexis Selling DMV Data
Data Вroker LexisNexis Selling DMV Data | |
---|---|
Short Title | DMV Selling Drivers Information Via Huge Data Вroker LexisNexis |
Location | United States |
Date | November 2020 |
Solove Harm | Secondary Use |
Information | Location, Behavioral, Identifying, Ownership, Transactional |
Threat Actors | Department of Motor Vehicles |
Individuals | |
Affected | Car drivers |
High Risk Groups | Driver |
Tangible Harms |
Department of Motor Vehicles sold personal information of drivers to law firms via a data broker, and then faced a lawsuit for that.
Description
In November 2020 a massive data broker LexisNexis was found to have personal information of drivers (their motor vehicle records) from Departments of Motor Vehicles and resell it to other organizations that did not have a legally permissible use for the information.
A class action lawsuit was filed in 2016 and alleged the company sold Departments of Motor Vehicles data to law firms, which then used it for their own business purposes.Secondary Use that violated the Drivers' Privacy Protection Act (DPPA).
This is an example of how data from state DMVs can be abused and can be leveraged for financial gain instead of legitimate purposes, like administering vehicle registration and driver licensing. The second defendant in the class action was PoliceReports.US, a company that LexisNexis acquired in 2014 and which made vehicle accident or crash reports available on its website. The data purchased from DMV potentially included crash reports by report date, location, or driver name and payment by credit card, prepaid bulk accounts or monthly accounts.
The class action was filed in 2016. In 2020 LexisNexis reached a settlement of over $5 million.
Breakdown
Threat: DMV selling the drivers data for financial gain via data brokers, when they are supposed to use it for administrative purposes like driver licensing and vehicle registration
At-Risk group: Drivers
Harm: Secondary Use
Secondary Consequences: not known