By Robert F. Matzie
What if I told you that your favorite app or website was collecting your personal information and selling it to the highest bidder? It probably wouldn't thrill you, but I bet you wouldn't be shocked.
While the idea of anyone selling our personal information may be unseemly, it is a reality of the world we live in. If you don't want a company to sell your information, you are free to delete its app or stop using its website.
But what if I told you that some or all of the personal information that you provide to the Pennsylvania Department of Transportation is sold to third parties who can then resell that information for profit, and that you are powerless to stop it?
What would your reaction be? Concern? Outrage? Disbelief? All of the above? If one or all applies to you, then we're of the same mind-set. But it's true and, sadly, legal.
PennDot sells personal data such as information on drivers, registrations, and titles to other individuals and businesses. While this is nothing new - in fact, this practice has gone on for decades - it has ramped up since passage of the transportation funding plan in 2013, which made the sale of this consumer data easier and more lucrative. This year alone, PennDot - the only state agency that sells consumer information - is expected to rake in more than $40 million on these transactions alone.
The third parties have the authority to resell that information for an unspecified fee and without any additional payment to PennDot. Recently, in a published internal Office of the Budget audit, it was revealed that Sterling Infosystems, one of the third-party vendors, had been ignoring security procedures laid out by the state, putting your personal information in jeopardy. Specifically, according to the audit, Sterling Infosystems was "unable to provide assurance that their customers and data centers have implemented controls adequate to ensure that personal driver record information is safeguarded."
I believe it's only a matter of time before a major data breach occurs.
In 2013, I raised concerns about this very issue, but the selling of data to third parties continues. This problem needs to be fixed - now. Selling data when consumers are paying for services from the government is simply bad policy. Therefore, I have recently reintroduced legislation (House Bill 2039) that would prohibit third parties from being able to sell personal driver and vehicle information for profit.
In fairness, there are appropriate situations in which PennDot should - and, in fact, is required by federal law to - provide information, such as at the request of an insurance provider. My legislation would allow for this necessary sharing of information.
But in my judgment, it is unacceptable for PennDot to become a clearinghouse of personal data for anyone willing to pay the right price. This practice needs to stop.