May 2014

BY Elizabeth Millard



The DPPA governs the disclosure of personal information at the state level, and specifically focuses on privacy at DMVs. The law was created in response to concerns about harassment, especially after the murder of actress Rebecca Schaeffer in 1989. An obsessed fan obtained her address through her motor vehicle records, and he used the information to stalk and kill the actress. Other abuses included aggressive stalking of abortion providers and patients based on license plate numbers of cars parked at clinics. 

The statute prohibits the disclosure of personal information without consent, with 14 permissible exceptions, including for “matters of motor vehicle or driver safety and theft.” Most often, this means that information can be released in the event of a car accident, or if there’s a major recall that requires an auto manufacturer to send letters to affected drivers.

But it can also mean that insurance companies, researchers (as long as personal information isn’t published), courts and other DMVs can access the information as well. The information can also be used for bulk distribution of marketing materials, as long as people have opted in.

The DPPA establishes criminal fines for noncompliance and puts a civil cause of action into place for people whose information is obtained illegally.