Learn how we give access to data, what records we've shared, what policies and laws we follow, and how we notify you about data breaches.
How we give access to data
- Our data services (online services and bulk data)
- Public records requests
- Vehicle licensing agents and sub-agents
- Driver licensing offices
- Our headquarters office:
- Our Business and Professions Division, which handles firearms, notary trainers, and more
Records we've shared
From July 1, 2022 through June 30, 2023, we provided:
- 1,929,808 through commercial data brokers
- 29,390,097 through our monitoring service, which only alerts the recipient when there is a change
- 55,755 through our Driver Record Request service (September 2018 to June 2019)
- 74,532,834 in bulk requests by private and government entities
- 699,210 through our contracted plate search system, used mostly by parking lot operators
A data breach is any time someone takes data without permission, compromising the:
- Confidentiality, and
- Integrity of personal information we maintain
It's not considered a breach when:
- The person who takes the personal information works for us or represents us,
- They use that information for official Department of Licensing business, and
- They don't use or share it for other purposes
Notifying you of a data breach
The law says we must notify you of a data breach as soon as possible. We'll inform you within 45 calendar days after we discover a breach unless law enforcement asks us to delay.
Personal information breaches
We'll notify you any time your personal information is breached. This means your first name or first initial and last name in combination with any of the following:
- Social Security number or the last 4 digits of the Social Security number
- Driver license number or Washington ID card number
- Bank account, credit, or debit card number
- Any code, password, or other information that would give access to your financial account
- Full date of birth
- Private key that is unique to you that you use to authenticate or sign an electronic record
- Student, military, or passport identification number
- Health insurance policy number or health insurance identification number
- Any information about your medical history or mental or physical condition
- Any information about your health care professional's medical diagnosis or treatment
- Biometric data—For example, your fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics that could identify you
We must notify you of a breach of any of the above information combined with your last name if:
- We didn't encrypt or redact the information enough to make it unusable
- The information would enable someone to commit identity theft against you
Online account breaches
We must also notify you of a breach involving your username or email address along with:
- Your password
- Security questions and answers that would give access to an online account
Washington law ensures:
- Our government is transparent
- The public has access to records and information we store
Our laws include exceptions to balance:
- Government transparency
- Individual privacy
Laws such as Washington's Public Records Act (RCW 42.56) govern all our information. Information you send us may become a public record. It may be subject to public inspection and copying if not protected by federal or state law.
If there’s ever a conflict between this privacy statement and the Public Records Act, or laws governing our disclosure of records, the Public Records Act or another applicable law will take precedence.
We use facial recognition technology to make sure a person only has one driver license or ID card. Learn more about how we use facial recognition.
Data stewardship framework
We've adopted a data stewardship framework based on:
- Our principles as an agency
- Best practices from the Office of Privacy and Data Protection
- Guidance from international organizations such as the United Nations
Our framework helps us explain and think through new privacy challenges. It shows how our principles link to our commitments and actions. It’s a living document and gets updated as the privacy world changes.
We wrote a report for the legislature explaining how our framework relates to our ongoing data stewardship project.
Internal data governance policy
These are the rules we hold ourselves to. Read our data governance policy.
Laws governing how we share personal information
The main federal law governing driver license data is the Driver Privacy Protection Act.
Washington's disclosure and use law (RCW 46.22.010) governs our data sharing work.
- Abstract of driving record
- Case record of convictions and infractions
- Driving records – Evidence of ability to respond in damages
- Criminal history and driving record
- Driver license photos
Vehicle and vessel owner information
- Lists of vehicle and vessel owners
- Individual vehicle and vessel owner information
- Disclosure violations, penalties
- Disclosure of vehicle owner information
Driver and plate search (DAPS) and driver information and adjudication system (DIAS)
We have a policy that limits access to these systems.
For DAPS, we limit access to:
- Law enforcement agencies
- Other government agencies
- 911 dispatch communications and records centers
- Government agency detectives and investigators
For DIAS, we limit access to:
- Municipal, district, and superior courts
- Local and state government agencies
- Prosecuting attorneys
- Personal information—Notice of security breaches
This law is about government and data breaches.
- Personal information—Notice of security breaches
This law is about the private sector and data breaches.
Social Security numbers
We can't release Social Security numbers unless required by law. (Social Security number confidentiality law)
Organ donor information
We can't share organ donor information with anyone for fundraising or commercial purposes. (Organ donor disclosure law)
Voter registration data
We can't release voter registration data unless required by law. (Voter registration confidentiality law)