Can Florida legally sell your DMV information to third party companies?

ORLANDO, Fla. — The State of Florida is making hundreds of millions of dollars by selling your DMV information, according to our sister station Action News Jax.

WATCH CHANNEL 9 EYEWITNESS NEWS

This includes your name, address and date of birth. Action News Jax Investigator Ben Becker looked into why it’s allowed and how it potentially could compromise your financial safety.

Becker discovered the State of Florida sells your personal DMV information to dozens of private companies, mainly data brokers, who can request it or pay for unlimited electronic access.

Your name, address, date of birth and even your driver’s license number are available for as little as a penny per file to send you junk mail, and it adds up. From 2021 to 2023, the state made $263 million, and you can’t opt-out.

Read: DeSantis quietly passes gender identity policy change for driver’s licenses

The biggest bulk buyers of your information are data brokers like LexisNexis at more than $90 million, followed by $53 million from Tessera Data and $40 million from safety holdings.

James Lee is the CEO of the ID Theft Resource Center, and he said that selling personal data is legal under the 1994 federal law known as the Driver Privacy Protection Act. The DPPA outlines exceptions as long as it’s considered a “legitimate” entity, like insurance companies, unsolicited offers for extended warranties or even private investigators.

“It’s a way for state governments to raise revenue without having to raise taxes,” Lee explained. “There are ways you may take that data that would be legitimate and use it in an illegitimate way and get in trouble.”

Read: Leaked financial documents show OnePULSE fundraising shortfalls

This happens because once your information has been sold to a third party, it can be sold again and again.

An updated federal privacy bill with significant bipartisan support was introduced in 2022. It would have provided a national standard on what data companies can gather from individuals and how they can use it, but it never made it out of committee.

In 2023, a Russian-linked cyber attack targeting the Louisiana and Oregon DMVs leaked the sensitive data of nearly 10 million drivers.

In 2020, LexisNexis agreed to pay about $5 million to settle a class action lawsuit in North Carolina. It alleged the company sold DMV crash reports to law firms, which used it to get more business.

Read: ‘He had $500,000 cash’: FBI says more common criminals now turning to cybercrime

Becker emailed the Florida Department of Highway Safety and Motor Vehicles. The agency said it’s following statutory law saying in part, “Entities receiving electronic public record must sign a memorandum of understanding (MOU) … The MOU requires an audit by an independent party to ensure controls are in place to adequately protect information.”

Driver Pete Petitt feels helpless.

“It’s definitely upsetting, but it’s the way everything is now. Anybody can get anything on anybody,” he said.

So, where does all that $263 million go? The state said it deposited into the Highway Safety Operating Trust Fund.

The state told Becker that only 2 companies have been banned from buying data: Mala Group, Inc. and Nationwide Vehicle Recall Services.

How can you protect yourself? One way is to create a separate email account for your license or registration paperwork. The good news is the DMV does not provide driver’s license pictures to these data companies, which considering how unflattering many people think those pictures can be, that is at least something to smile about.

Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.