The Watchdog’s revelation
last week that personal information on 27 million past and present
Texas driver’s license holders is for sale on the dark web leaves many
Texan incensed.
Texas state government
sells its data sets to outside parties who are not allowed to use them
for marketing purposes. But some of these companies then re-sell to
companies who do use it to sell and annoy us.
A Denver company, Vertafore, works with the insurance industry and
accepts blame for the data heist. A statement said it was caused by
“human error.”
The FBI and the Texas Attorney General’s office are investigating.
If you get a boatload of calls, for example, like I do, trying to sell me an extended car warranty, you can thank the state.
In
the breach, stolen information includes your name, address, date of
birth, driver’s license number, VIN, make, model, color and year of car
and the lending institution to whom you make car payments.
Some other states do not sell this data, but Texas does. State lawmakers could change the law in their 2021 session.
I
first reported this in 2015 when I learned that several state
government departments sell information to outsiders. In an open records
request that year, I learned that in 2014 the Department of Motor
Vehicles earned $2.4 million in sales.
This year, CBS 11/KTVT reporter Brian New updated those numbers.
DMV made more than $3 million in 2019 selling drivers’ names,
addresses, phone numbers, email addresses and VIN information, he
reported.
Before I show you how these
sales march through what is possibly the biggest loophole in state
government, here’s what you’re saying to The Watchdog about the data
theft:
Jimmy M.: “Well, if the state is making money from our personal data I want my share.”
Tom W.: “The state of Texas is responsible directly for this data breach.”
Ted
K.: “Why is the state allowed to sell data in the first place,
especially since they obviously have no idea as to what happens to that
information once it leaves their control? Let’s fix this and prevent
future instances by prohibiting any government entity from selling its
citizens’ data.”
Deborah B.: “Why is the state allowed to sell this information? Can we opt out?”
Mike
C.: “Our state should be forbidden from selling our personal
information. Nowhere in the process are we given the option to opt out
of sharing this information.”
Fred M.: “This is an outrage which needs to continue to be spotlighted.”
Cheryl
S.: “Honestly, this sale by various governments of private citizens’
personal information sounds like something that a corrupt country would
do.”
Who buys it?
The
buyers are data-mining companies, insurance companies, banks, police
departments, car dealers, toll companies, school districts,
corporations, private investigators, tax-collecting law firms, tow truck
companies and electricity companies, to name a few.
Follow
this -- the biggest loophole. In Texas, it’s against the law for
companies who buy the information to use it to sell to us. So to get
around that some companies sell the lists to other marketing companies,
which go ahead and use the information to sell -- and annoy us.
Because
our information isn’t sold directly to marketers, the state doesn’t
have to give us a privacy statement when we buy a car or apply for a
driver’s license. We don’t get to opt out, as residents of California are now allowed to do.
The solution
State
lawmakers could fix this, giving us privacy statements and allowing us
to opt out of the information sold. Or they could go one better and
prohibit the sale of the databases entirely. Other states do.
If
you bring this up, state departments other than DMV complain loudly
about how these are open records that often can help consumers. (For
example, your car is towed, and the towing company can figure out who it
belongs to). Besides, selling our data makes a lot of money for the
general fund.
One way to see how loosey-goosey Texas is with our information is on the paid subscription lookup site, PublicData.com.
Years
ago, there were multiple states listed where you could quickly look up a
person’s driver’s license information. Now there’s only Florida and
Texas. The other 48 now have higher standards of privacy.
Same
goes for vehicle information. Only five states are listed for
searching, but four are marked “[OLD].” The fifth is up to date and
active. That’s us.
If
you get unwanted spam email, postal mail or phone calls and wonder how
they got your information, often enough it’s because of our state’s lax
laws. Thank you state leaders.
When it comes to cheap and easy data distribution that violates our privacy, we’re number one. Hoo-ray for Texas.
Protect yourself in the latest breach
First, note that Experian was the first alert here. My identity theft service has yet to inform me.
Second, keep an eye on your credit report, which you can get free. Go only to www.AnnualCreditReport.com or call 1-877-322-8228.
Third,
Vertafore is offering one year of free credit monitoring and identity
restoration services. You can check in with Vertafore at 888-479-3560.
Their website for this is www.vertafore.kroll.com.
Fourth, put a fraud alert on your credit accounts. I’ve shown how to do that before with Experian, Equifax and TransUnion.
