Browse Definitions:
Definition

Driver's Privacy Protection Act (DPPA)

Contributor(s): Corinne Bernstein

The Driver's Privacy Protection Act (DPPA) is a United States federal law designed to protect the personal identifiable information (PII) of licensed drivers from improper use or disclosure. Congress passed the DPPA in 1994 in response to complaints that state agencies were selling drivers’ information to direct marketing and auto insurance companies to augment revenue.

The DPPA requires all states to safeguard the privacy of personal information in an individual's motor vehicle record, including the driver's name, address, phone number, Social Security number, driver identification number, photograph, height, weight, gender, age, certain medical or disability information and, in some states, fingerprints. The DPPA makes it illegal to obtain driver information for unlawful purposes or to make false representations to obtain such information. Under the law, criminal fines can be levied for non-compliance and individuals have a private right of action, including actual and punitive damages, as well as attorneys’ fees. 

Under the DPPA, drivers’ personal information may be obtained from motor vehicle departments for certain uses, including:

  • Legitimate government agency functions
  • Matters of auto safety, theft, emissions and product recalls
  • Insurance purposes
  • Notices for towed or impounded cars
  • Use by licensed investigators or security services
  • Use by private toll transportation facilities
  • Motor vehicle not-for-profit market research and surveys

Drivers’ information is also available in response to requests for individuals’ records if the state has received permission from the individual. Records of each additional disclosure must be kept identifying each person or entity that is receiving the disclosure and for what purpose, and the disclosure records must be retained for five years. The legislation does not protect information a driver's traffic violations, license status or accidents.

Many states have laws to supplement the DPPA. Whether DPPA applies to records of vehicles owned by corporations, proprietorships, partnerships, limited liability partnerships, associations, estates, lienholders or trusts varies by state.

This was last updated in October 2017

Continue Reading About Driver's Privacy Protection Act (DPPA)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • phishing

    Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication ...

  • vulnerability disclosure

    Vulnerability disclosure is the practice of publishing information about a computer security problem, and a type of policy that ...

  • incident response

    Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

  • flash memory

    Flash memory, also known as flash storage, is a type of nonvolatile memory that erases data in units called blocks.

  • NAND flash memory

    NAND flash memory is a type of nonvolatile storage technology that does not require power to retain data.

  • NOR flash memory

    NOR flash memory is one of two types of nonvolatile storage technologies.

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close