The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, January 06, 2006
I blogged briefly about the proposal recently put forward by the Attorney General of Minnesota to stop the bulk sale of access to the state's DMV records (see: The Canadian Privacy Law Blog: Minnesota AG seeks end to bulk sales of drivers' license data). The release on the AG's website is very interesting, as it points out that such data is very useful to fraudsters.
Minnesota Attorney Generals OfficeSTATE SENATOR ANN REST, STATE REPRESENTATIVE JIM DAVNIE, AND ATTORNEY GENERAL HATCH WANT THE MINNESOTA DEPARTMENT OF PUBLIC SAFETY TO QUIT SELLING DRIVER’S LICENSE DATA
Assistant Senate Majority Leader Ann Rest (DFL-New Hope), Representative Jim Davnie (DFL-Mpls.), and Attorney General Mike Hatch today called upon the legislature to order the Minnesota Department of Public Safety to quit selling driver's license data to commercial companies. They also announced legislation to restrict the commercial distribution of Minnesotans' driver's license information by the Department of Public Safety.
History. In 1991, the State of California stopped selling drivers license data to commercial firms after actress Rebecca Schaeffer was murdered by a stalker who obtained her home address from the state driver’s license bureau. In 1997 the federal government forbade states from selling drivers data, but a federal judge in 1998 ruled that federal law could not order state governments how they classify their own data. The court essentially held that if a state government wanted to ban the sale of driver’s license data, it should adopt its own laws. In 1999 Attorney General Hatch proposed legislation in Minnesota to stop the sale of driver’s license data, and in 2000, the Ventura Administration publicly stated that it was administratively making driver’s license data private unless the licensee expressly waived the right to privacy.
Current Status of Driver’s License Data. At the press conference, Detective Jack Talbot of the South Lake Minnetonka Police Department, who is on assignment to the Minnesota Financial Crimes Task Force, said that identity theft and financial fraud in Minnesota is greatly enhanced because thieves get driver’s license data on Minnesotans from a website, publicdata.com. According to Officer Talbot the website obtains the information from the Department of Public Safety (“DPS”).
“I find driver’s license printouts from publicdata.com when executing a large number of search warrants on identity thieves and financial scam artists,” said Officer Talbot.Talbot stated that the website sells such data on citizens from about nine states. He asked DPS officials to find out why this data is being distributed by DPS to such websites. Officer Talbot stated that he was told by DPS that it has sold the data to hundreds of companies at varying prices. None of the purchasers appeared to have bought the data at $.50 per name, as was required by the statute in 1999, but subsequently repealed.
“I am surprised that the State of Minnesota imposes fees on virtually every aspect of our lives, but then gives away valuable data to commercial interests that are not even located in this state,” said Representative Davnie. “The result is more identity theft and less protection for our citizens.”Proposal. Under the Rest-Davnie proposal, DPS would be prohibited from distributing driver’s license data in bulk quantity unless it was to a government agency (i.e. for law enforcement purposes) without a licensee’s express written consent.
“These are obvious loopholes in our driver’s license data laws that need to be changed,” said Senator Rest. “The privacy of our citizens will be greatly enhanced by these proposed policy changes.”The bill would further limit the circumstances under which DPS could distribute individual licensee data. In most cases, DPS would only be able to disclose individual licensee data if the consumer “opts in” to such sale (e.g., gives written permission), and the State would charge a $5.00 fee per consumer name accessed. When the Department did disclose a consumer’s name, it would report the name of the requester to the citizen whose data has been disclosed. The fees collected would be used to pay for the administration of the driver’s license bureau and fund the budget of the Financial Crimes Task Force. Hatch noted that, while some courts have limited the application of state laws in certain circumstances, they have all permitted the state to charge a fee for the sale of such data.
Thanks to Chris Hoofnagle at EPIC West for the link.
Labels: identity theft, information breaches
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.