The Dark History Behind the Driver’s Privacy Protection Act and Why It Matters


If you work with motor vehicle records, you’ve heard about the Driver’s Privacy Protection Act (DPPA), a United States federal statute designed to protect licensed drivers’ personal identifiable information from improper use or disclosure. But what is the DPPA exactly, and what makes it so important?

How Did the DPPA Come to Exist?

The history of the DPPA is a dark one. Many of the reasons this statute was necessary involved the sale of personal information, stalking, robbery, and multiple cases of murder. The most notable case was the murder of 21-year-old actress Rebecca Schaeffer.

Shaeffer was the victim of Robert John Bardo, a serial stalker who targeted multiple young women in the late ’80s. Bardo hired a private investigator who provided him Schaeffer’s home address, which the investigator found via the California DMV. On July 18, 1989, Bardo used this information to murder Schaeffer in her home.

As a result of this incident, and many others like it, federal law regarding the release of personal information through the DMV was changed to provide more safety to individuals. The bill was incorporated into the Violent Crime Control and Law Enforcement Act of 1994, and signed into law in September 1994.

What Protected Information Is Covered Under the DPPA?

Under the DPPA, all states are required to safeguard personal information in an individual’s motor vehicle record, such as:

  • Name
  • Address
  • Phone number
  • Social Security number
  • Driver license or identification card number
  • Disability information

Information on vehicular accidents, driving violations, and driver’s status are matters of public record, so they’re not protected under the DPPA.

What Are the Permissible Uses of Protected Information?

DPPA rules apply to DMVs as well as other authorized recipients of personal information. The act also imposes standards for recordkeeping on those authorized recipients. There are 14 permissible uses for this information:

  • A legitimate government agency carrying out its functions
  • In matters of auto safety and theft, including motor vehicle emissions and recalls
  • For use in the normal course of business by a legitimate business or its agents, only to verify the accuracy of personal information
  • In connection with any matter before a court or arbitration
  • For producing statistical reports and other research, provided the information is not published
  • For use by an insurer or insurance support organization, a self-insured entity, its agents, employees, or contractors in connection with claims investigation activities, antifraud activities, rating, or underwriting
  • In providing notice for towed or impounded vehicles
  • For use by licensed private investigative agency or security service
  • For use by employers to verify commercial driver information
  • In connection with the operation of private toll transportation facilities
  • When written consent of the individual is provided
  • For bulk distribution for surveys, marketing, or solicitations if the consent of the individual is provided
  • For use by any requester, if the requester has written consent of the individual
  • For other uses specifically authorized by state laws

Using personal information outside of these permissible uses can result in criminal fines, civil penalties, and civil action against the offender.

How Does ADD Ensure DPPA Compliance?

As a company that deals with sensitive information, we make it our mission to ensure that every customer adheres to DPPA-permissible uses. Maintaining our integrity as a reliable and state-compliant source of sensitive information is paramount to our daily operations.

So how do we make sure our users are DPPA compliant?

  • Performing audits to ensure information is not being used improperly
  • Verifying the reason for each information pull
  • Checking which permissible use applies when a customer requests information
  • Reviewing which entity pulled information
  • Occasionally inquiring about the reason for an information request

If a user violates the DPPA, their ADD account will be terminated.

The DPPA is a crucial federal statute designed to safeguard individuals' personal information, and its history is rooted in the need to prevent misuse and protect public safety. As a company, we prioritize DPPA compliance to ensure that personal information is used only for authorized purposes, and we take violations very seriously.

If you suspect a violation of the DPPA, you may contact your state DMV or the appropriate law enforcement agency to report the incident.