The Driver's Privacy Protection Act doesn't get as much attention as most federal consumer protection laws. But you should keep it in mind when you design a marketing campaign. The DPPA prohibits a dealer from using DMV information for marketing purposes. And, as one Texas dealer recently discovered, courts can find you liable under the DPPA even if you do not get the information directly from the DMV.
Arthur Lopez received a direct-mail advertisement from a local Texas dealership, Don Herring Ltd. When Lopez opened the envelope, he was surprised to see that the ad identified the make, model, and year of his car. He called the dealership and asked a salesperson where the dealership got the information about his car. The salesperson said the information came from records at the Texas DMV. Lopez hung up, called his attorney, Joseph Malley, and asked the lawyer to investigate. Malley emailed Herring's general sales manager, who replied that the information came from Tacito & Associates, which got it from the DMV. Malley contacted Tacito's CEO by email. Tacito's CEO replied that Tacito got the information from BB Direct. Malley contacted BB Direct by email. Brian Berg, an employee of BB Direct, replied that BB Direct got the information from Data Shark. According to Berg, Data Shark did not obtain the information from the DMV but instead bought the information from service stations, insurers, and auto clubs.
Lopez sued Herring, Tacito, BB Direct, and Data Shark in the U.S. District Court for the Northern District of Texas. He claimed that they accessed his personal information from the DMV without having a permissible purpose under the DPPA. Lopez attached the emails from Herring, Tacito, and BB Direct to the complaint. The court dismissed the complaint. Lopez filed an amended complaint against Herring. Lopez attached the email from Herring to the amended complaint to show that the information in the advertisement came from the DMV. Lopez did not attach the emails from Tacito or BB Direct that showed the information did not come from the DMV. Herring moved to dismiss the amended complaint.
The court denied Herring's motion to dismiss. Lopez argued that Herring's emails showed that the information came from the DMV. Herring argued that the emails from Tacito and BB Direct showed that the information did not come from the DMV. The court refused to consider those emails because they were not attached to the amended complaint and the amended complaint did not refer to those emails. The court went on to say that the exculpatory emails were not relevant. At this stage of the game, the court was required to assume that the allegations were true.
What is the moral of this story? Herring is stuck trying to prove that Data Shark did not get the information from the DMV because its employee volunteered bad information. If Data Shark got the information from the DMV, then Herring violated the DPPA and may be liable to Lopez and every other person who received the ad for $2,500 or actual damages, whichever is greater, plus attorneys' fees and costs. If Data Shark did not get the information from the DMV, then Herring still faces a costly lawsuit that could morph into a class action.
Lopez v. Don Herring Ltd., 2018 U.S. Dist. LEXIS 1245 (N.D. Tex. January 4, 2018).