HOUSE BILL REPORT
SSB 5467
This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent. |
As Reported by House Committee On:
Transportation
Title: An act relating to vehicle owner list furnishment requirements.
Brief Description: Concerning vehicle owner list furnishment requirements.
Sponsors: Senate Committee on Transportation (originally sponsored by Senators King, Eide, Litzow and Harper).
Brief History:
Committee Activity:
Transportation: 2/27/14 [DPA].
Brief Summary of Substitute Bill (As Amended by Committee) |
|
HOUSE COMMITTEE ON TRANSPORTATION |
Majority Report: Do pass as amended. Signed by 21 members: Representatives Clibborn, Chair; Farrell, Vice Chair; Fey, Vice Chair; Moscoso, Vice Chair; Orcutt, Ranking Minority Member; Bergquist, Fitzgibbon, Freeman, Habib, Johnson, Moeller, Morris, Muri, Ortiz-Self, Riccelli, Ryu, Sells, Takko, Tarleton, Walkinshaw and Zeiger.
Minority Report: Do not pass. Signed by 10 members: Representatives Hargrove, Assistant Ranking Minority Member; Overstreet, Assistant Ranking Minority Member; Hawkins, Hayes, Klippert, Kochmar, Pike, Rodne, Shea and Young.
Staff: Jerry Long (786-7306).
Background:
The Driver Privacy Protection Act (DPPA), enacted by Congress in 1994, regulates state governments' release of personal information contained in an individual's motor vehicle record. The DPPA defines personal information as information that identifies an individual, including an individual's photograph, social security number, driver identification number, name, and address - but not zip code, telephone number, and medical or disability information. There are 14 specified allowable uses of personal information by different entities listed in the DPPA.
Regarding the disclosure of lists of registered motored vehicle owners, current Washington law is more restrictive than the DPPA in that there are less permissible uses and entities identified. The Department of Licensing (DOL) may furnish lists of registered and legal owners of motor vehicles to the following entities for the specified purposes: (1) motor vehicle manufacturers, for safety recalls; (2) United States and Canadian governmental agencies, for use in enforcement of vehicle or traffic laws; (3) commercial parking companies, to notify owners of outstanding parking violations; (4) the DOL agents, to provide certain information to motor vehicle dealers; (5) businesses making loans for the purchase of motor vehicles, to assist in determining whether to provide financing; and (6) the operator of a toll facility, to identify toll violators.
If a list of registered and legal owners of motor vehicles is used for any purpose other than authorized, the entity or any authorized agent, or contractor responsible for the unauthorized disclosure or use will be denied further access to the information by the DOL. The following activities related to obtaining or the use of information contained in a vehicle record constitute a gross misdemeanor: unauthorized disclosure of information from a vehicle record; use of false representation to obtain information from a vehicle record; the use of information for a purpose other than what is stated in the request for information or disclosure agreement; or the sale or other distribution of any vehicle owner name or address to another person not disclosed in the request or disclosure agreement.
Within the DPPA, there are also penalties for violations by state Department of Motor Vehicles and persons who knowingly violate the provisions of the DPPA.
–––––––––––––––––––––––––––––––––
Summary of Amended Bill:
The bill updates the federal references in statute as the act existed on January 1, 2014, or such subsequent date as may be provided by the DOL by rule for the manufacturers of motor vehicles or motor vehicle components, or their authorized agents, to enable those manufacturers to carry out the provisions of the federal regulations. The DOL may only provide a manufacturer, or its authorized agent, lists of registered or legal owners who purchased or leased a vehicle manufactured by that manufacturer. Data providers must not disclose this information to any other third party.
The purposes for which the DOL may furnish lists of registered owners of motor vehicles to specified entities are expanded to include the following:
legitimate businesses as determined by the DOL based on criteria in rule, or their agents for use in research activities and in producing statistical reports, as long as the personal information is not published, redisclosed, or used to contact individuals;
an insurer or insurance support organization or their agent for use in connection with claims investigation, antifraud, rating, or underwriting activities;
local government entities or their agents for use in providing notice to owners of towed and impounded vehicles; and
government agencies or their agents requiring the names and addresses of registered owners to notify them of outstanding parking violations.
Personal information received by an authorized entity may not be released for direct marketing purposes.
Prior to the release of any lists of vehicle owners, the DOL must enter into a contract with the entity authorized to receive the data. The contract must include a requirement that the DOL or its agent conduct both regular permissible use and data security audits subject to the following conditions and limitations:
The data security audits must demonstrate compliance with the data security standards adopted by the Office of the Chief Information Officer.
The DOL, when determining whether to conduct an audit, must first take into consideration any independent third-party audit an entity receiving data has had before requiring that any additional audits be performed.
If the security audit or permissible use audit meets recognized national or internal standards adopted by the Office of the Chief Information Officer, the DOL must accept the audit and the audit is deemed to satisfy the audit requirement.
A provision that the cost of the audits performed must be paid by the data recipient, as well as the initial cost to set up the system to disburse the data to the data recipient.
Beginning January 1, 2015, the DOL must collect a fee of $10 per 1,000 individual registered or legal owners included on a list requested by a private entity. Beginning January 1, 2016, the DOL must collect a fee of $20 per 1,000 individual registered or legal vehicle owners included on a list requested by a private entity. Beginning January 1, 2020, the DOL must collect a fee of $25 per 1,000 individual registered or legal owners included on a list requested by a private entity. The DOL must prorate the fee when the request is for less than a full 1,000 records.
In lieu of the fee specified above, if the request requires a daily, weekly, monthly, or other regular update of those vehicle records that have changed, the DOL must collect a fee of 2 cents per individual registered or legal vehicle owner record provided to the private entity. Beginning January 1, 2020, the DOL must collect a fee of 2.5 cents per individual registered or legal vehicle owner record provided to the private entity.
The DOL must deposit any funds collected to the DOL Technology Improvement and Data Management Account (Account). Expenditures from the Account can only be used for investments in technology and data management at the DOL. Funds can only be spent after appropriation.
The bill provides the definition for "personal information" as information that identifies an individual, which includes an individual's photograph, social security number, driver identification number, name, address (but not the five-digit zip code), telephone number, or medical or disability information. An individual's photograph, social security number, medical or disability information is considered highly restricted information and can only be released to manufacturers of motor vehicles or their authorized agents, a governmental agency, or an insurer.
Amended Bill Compared to Substitute Bill:
The amended bill adds manufacturers of motor vehicle components to receive lists of registered and legal owners of motor vehicles to carry out the provisions required in federal code. It provides the DOL the authority to define "legitimate businesses" in rule. The amended bill adds that a request may be made daily, in addition to weekly, monthly or other regular update. It clarifies that companies that are already set up to receive data do not pay system set-up charges. Private entities will pay 1 cent per record beginning January 1, 2015, 2 cents per record beginning January 1, 2016, and 2.5 cents per record beginning January 1, 2020.
–––––––––––––––––––––––––––––––––
Appropriation: None.
Fiscal Note: Available.
Effective Date of Amended Bill: The bill takes effect 90 days after adjournment of the session in which the bill is passed.
Staff Summary of Public Testimony:
(In support) Companies that use the vehicle and owner data provide that data to dealers that have products that are sold to automotive dealers and automotive part dealers. A recent example of where the data is used is on the General Motors' (GM) recall of 870,000 GM vehicles. The data is normally released in aggregate for statistical analysis. CarFax is one product offered by R.L. Polk that uses data from the vehicle and registered owner data. The data is used by motor vehicle accessory companies to determine what to stock in vehicle components. These parts include items like tires and other motor vehicle parts. Insurance companies also use the data to investigate insurance fraud. There are a number of security provisions and controls in the bill. The graduated fee schedule allows the companies that purchase data to plan in their budget for the change of paying a fee to receive the state's vehicle and owner data. Presently the companies only pay a recovery of cost under the Public Disclosure Act. This fee is considerably more than what has been paid in the past for the data.
R.L. Polk is one of the top 100 companies with the best security of data and information. They have been in business of providing data for over 100 years for safety recalls and manufacturers' market planning. This data does not include personal data. The company receives a certified audit annually in conformance with national acceptable audit standards.
The DOL data contracts have requirements relating to data and information security. CarFax helps fight fraud. It identifies a vehicle that has been in a flood, stolen, or how many owners the vehicle has really had. Both companies have worked closely with motor vehicle dealers and businesses on this bill so all parties are in agreement. Presently the companies pay just the cost of producing the data files for the companies. The companies support the data fees going to the DOL's technology account.
(Other) The DOL has appreciated working with the Legislature and stakeholders in working through the issues to develop the legislation. Important things to the DOL are data security, accessible audits, and data usages to make sure the data provider contracts are being complied with.
(Opposed) None.
Persons Testifying: (In support) Representative Clibborn, prime sponsor; Cliff Webster, Experian Automotive; and Alice Miles, R.L. Polk.
(Other) Tony Sermonti, Department of Licensing.
Persons Signed In To Testify But Not Testifying: None.