Data transparency

Learn how we give access to data, what records we've shared, what policies and laws we follow, and how we notify you about data breaches.

How we give access to data

Records we've shared

From July 1, 2022 through June 30, 2023, we provided:

Driver records

  • 1,929,808 through commercial data brokers
  • 29,390,097 through our monitoring service, which only alerts the recipient when there is a change
  • 55,755 through our Driver Record Request service (September 2018 to June 2019)

Vehicle records

  • 74,532,834 in bulk requests by private and government entities
  • 699,210 through our contracted plate search system, used mostly by parking lot operators

Data breaches

A data breach is any time someone takes data without permission, compromising the:

  • Security,
  • Confidentiality, and
  • Integrity of personal information we maintain

It's not considered a breach when:

  • The person who takes the personal information works for us or represents us,
  • They use that information for official Department of Licensing business, and
  • They don't use or share it for other purposes

Notifying you of a data breach

The law says we must notify you of a data breach as soon as possible. We'll inform you within 45 calendar days after we discover a breach unless law enforcement asks us to delay.

Personal information breaches

We'll notify you any time your personal information is breached. This means your first name or first initial and last name in combination with any of the following:

  • Social Security number or the last 4 digits of the Social Security number
  • Driver license number or Washington ID card number
  • Bank account, credit, or debit card number
  • Any code, password, or other information that would give access to your financial account
  • Full date of birth
  • Private key that is unique to you that you use to authenticate or sign an electronic record
  • Student, military, or passport identification number
  • Health insurance policy number or health insurance identification number
  • Any information about your medical history or mental or physical condition
  • Any information about your health care professional's medical diagnosis or treatment
  • Biometric data—For example, your fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics that could identify you

We must notify you of a breach of any of the above information combined with your last name if:

  • We didn't encrypt or redact the information enough to make it unusable
  • The information would enable someone to commit identity theft against you

Online account breaches

We must also notify you of a breach involving your username or email address along with:

  • Your password
  • Security questions and answers that would give access to an online account

Public information

Washington law ensures:

  • Our government is transparent
  • The public has access to records and information we store

Our laws include exceptions to balance:

  • Government transparency
  • Individual privacy

Laws such as Washington's Public Records Act (RCW 42.56) govern all our information. Information you send us may become a public record. It may be subject to public inspection and copying if not protected by federal or state law.

If there’s ever a conflict between this privacy statement and the Public Records Act, or laws governing our disclosure of records, the Public Records Act or another applicable law will take precedence.

Facial recognition

We use facial recognition technology to make sure a person only has one driver license or ID card. Learn more about how we use facial recognition.

Data stewardship framework

We've adopted a data stewardship framework based on:

  • Our principles as an agency
  • Best practices from the Office of Privacy and Data Protection
  • Guidance from international organizations such as the United Nations

Our framework helps us explain and think through new privacy challenges. It shows how our principles link to our commitments and actions. It’s a living document and gets updated as the privacy world changes.

We wrote a report for the legislature explaining how our framework relates to our ongoing data stewardship project.

Internal data governance policy

These are the rules we hold ourselves to. Read our data governance policy.

Laws governing how we share personal information

The main federal law governing driver license data is the Driver Privacy Protection Act.

Washington's disclosure and use law (RCW 46.22.010) governs our data sharing work.

Driver data

Vehicle and vessel owner information

Driver and plate search (DAPS) and driver information and adjudication system (DIAS)

We have a policy that limits access to these systems.

For DAPS, we limit access to:

  • Law enforcement agencies
  • Courts
  • Other government agencies
  • 911 dispatch communications and records centers
  • Government agency detectives and investigators

For DIAS, we limit access to:

  • Municipal, district, and superior courts
  • Local and state government agencies
  • Prosecuting attorneys

Data breaches

Public disclosure

Social Security numbers

We can't release Social Security numbers unless required by law. (Social Security number confidentiality law)

Organ donor information

We can't share organ donor information with anyone for fundraising or commercial purposes. (Organ donor disclosure law)

Voter registration data

We can't release voter registration data unless required by law. (Voter registration confidentiality law)

Need additional help? Here's how to contact us:

(TTY: Call 711)
Was this information helpful?