Email
Password
Remember meForgot password?
    Log in with Twitter

article imageDMVs found to be selling driver data to 1000s of companies Special

By Tim Sandle     Sep 8, 2019 in Internet
Departments of Motor Vehicles in various U.S. states are selling drivers' personal information to businesses. Some sales are pre-approved, but in some cases data has been sold to more nefarious businesses as well. Eve Maler provides some insight.
A new report by Motherboard finds that Departments of Motor Vehicles in many states in the U.S. are taking drivers' personal information and selling it to thousands of businesses for an array of approved purposes, such as to insurance or tow companies, but some of them have sold to more nefarious businesses as well. https://www.vice.com/en_us/article/43kxzq/dmvs-selling-data-private-investigators-making-millions-of-dollars, multiple states have made tens of millions of dollars a year selling data.
Although legal under the Driver's Privacy Protection Act, many drivers are apparently unaware that the state-level government agencies regularly sell their information to private parties. Newsweek reports that the sold data included names, addresses, dates of birth, phone numbers, email addresses, vehicle and other personal information.
To uncover more about the data selling issue, Eve Maler, vice president of innovation and emerging technology at ForgeRock provides Digital Journal with an insight as to the reasons for the data breach. A strategist and innovator in security and privacy, Maler leads the User Managed Access Work Group, she co-created the Extensible Markup Language (XML) and she is known for her role in the invention of the Security Assertion markup Language standard
Maler has considered what lessons other organizations can take from this event, as well as the implications that these DMVs could potentially face for selling minors’ data, an issue that Google recently agreed to a fine of $170 million. She notes: "This news is disturbing since there are millions of drivers under the age of 18 in the U.S., meaning that DMVs were more than likely benefiting from the sale of minors’ personally identifiable information (PII)."
This leads to a complex legal area, as Maler explains: "Minors don’t have the full legal capacity of adults, for example, they cannot vote, consent to medical treatment, sue or be sued, or enter into certain types of contracts until they reach the age of 18, although the age varies from state to state."
Placing the DMV issue in context with Google. Maler considers: "Google just agreed to a $170 million fine for violating children’s privacy on YouTube, so it will be interesting to see what repercussions the DMV may face for doing the same. The privacy conundrum impacts all organizations that process and benefit from consumers’ PII, even government agencies."
In terms of the wider lessons for other businesses., Maler says: "This news should teach other organizations that increasing data transparency and control can lead to a competitive edge, especially as 87 percent of consumers will take their business elsewhere if they do not trust how a company is handling their PII." With this she makes reference to a report issued by PwC ("How consumers see cybersecurity and privacy risks and what to do about it"), which expires how concerned consumers are about cybersecurity and privacy risks.
In terms of the actions that need to be take, Maler says that "by putting comprehensive identity management and robust consent management systems in place, we can ensure that there are not only mechanisms that advocate on behalf of children and act as their first line of defense for protecting their data, but also strengthen the bonds of digital trust for all service users.”
More about driver data, Data, Cybersecurity, Privacy
More news from
Latest News
Top News