MONTPELIER — Top Department of Motor Vehicles representatives on Tuesday appeared before the House Judiciary Committee and said that the agency has been acting within the law regarding the handling of drivers’ personal information.
They also said they are conducting a policy review to ensure no violations exist, and that some temporary changes have already been implemented.
The state agency’s use of personal data came under fire when VTDigger reported in November that more than 700 organizations, companies and agencies have been obtaining personal information from the DMV for years. The agency made last least $15 million from data sales in the past four years. The report prompted Gov. Phil Scott to halt allowing private investigators to obtain records through the agency.
The committee is discussing a bill, H.591, which relates to restricting the release of personal information by state agencies and departments, including the DMV. The bill is sponsored by Rep. Thomas Burditt, R-West Rutland, and Rep. Barbara Rachelson, D-Burlington.
The DMV’s director of operations, Michael Smith, along with Commissioner Wanda Minoli, offered joint testimony defending the agency’s actions.
Smith told True North he thinks the agency got a bad rap based on critical media reports.
“I think that everyone got led to believe that we’re just selling everybody’s data and giving it away like it’s just the right thing to do, and that’s just not the case,” he told said. “I mean, we follow the Driver Privacy Protection Act — we believe that what we are doing is in compliance with the DPPA.”
He continued that the DMV is nevertheless responding to these criticisms proactively, including an investigation into how data is used and shared.
“As Wanda pointed out in here and in another committee, when these issues or items come up, it gives you the opportunity to look at what you are doing,” he said.
Minoli testified that an internal investigation is happening.
“We’ve started to look at what the process is, how do the requests come in, what types of requests come in, how are we approving those requests, how are they verifying or validating the information they are requesting, is it permissible under the Drivers’ Privacy Protection Act,” she explained.
One initial change is while this investigation is ongoing, the public can no longer simply go online to gather certain information about individuals. For now, individuals must appear at the DMV and speak to someone at the counter if they wish to obtain information.
Minoli explained the new change: “[Formerly], there [was] a form so you would be identified and approved as an eligible user of the terminal, and through that terminal you were able to do some of your searches on your own,” she said. “. .. That we have ceased — we have paused the terminals.”
Smith said there are areas where the DMV is required to provide data, such as for providing ownership information to manufacturers when there is a recall issued for a vehicle.
Then there are optional scenarios, Smith said: “We may allow private eyes to have access to your records. We may allow anybody who has anticipated litigation to have access. We may allow toll operations to access it.”
He added that 12 different criteria can lead to information being shared. He said each of the 12 is being reviewed thoroughly to determine if the current policy will continue or not.
On providing information to lien holders of towed vehicles, this practice could be modified or discontinued.
“At the end of the day, [the state has] an abandoned vehicle process that already does that,” he said.
Some other information that is regularly sought after includes accident reports. For instance, if an insurance company is looking to change insurance rates, that’s when someone might want to see an accident report to clarify whether rates should go up or not. Minoli said that information was important for insurers.
“It’s how they set their rates, it’s how someone is determined what their rate is going to be,” she said. “There are many aggregates that actually capture this information from us.”
Smith was adamant to the committee that some personal data is never shared.
“[Here is] something that I think everybody should understand: You cannot get somebody’s photo, you cannot get medical information, you cannot get disability information, and you cannot get social security numbers,” he said.