Securing your information

Learn what actions you can take if you believe you're a victim of fraud, and how to follow our data security requirements.

Keeping your information safe is so important to us that we made it a part of our purpose.

Fraud investigation

We have a team of investigators on the lookout for signs of data misuse. They respond to allegations of:

  • Driver license or ID card fraud
  • Identity theft
  • Title fraud

How to report fraud

If you believe you're the victim of fraud, contact our team at fraud@dol.wa.gov. Read steps you can take if you're a victim.

If we suspect your information is being misused, our fraud team may reach out to you. We may ask you to confirm your identity. We'll give you an option to contact us so you know you're talking to a Department of Licensing employee.

Our partnership with law enforcement

To help fight identity theft, we work with the Washington State Patrol on:

  • Public education
  • Victim assistance
  • Criminal prosecution

Securing online transactions

When you complete a task with us online (like renewing a license or reporting the sale of a vehicle), you’re using our secure online services. We verify you’re who you say you are, using:

  • A username and password
  • A PIN number
  • A digital certificate
  • Other methods of authentication

Securing your data

You can help secure your data by adding an email address to your account. This will allow us to notify you if someone makes changes to your information.

How we protect your online security

We build protections into these systems to:

  • Ensure your security
  • Safeguard your data
  • Provide reasonable protection of private information in our possession

We won't disclose your secure login information, such as a username and password, to the public. We only disclose information you provide to us through secure services if the law requires us to.

Data sharing and security

We have full-time compliance staff assigned to data security. They conduct regular investigations and audits to make sure data recipients:

  • Follow our data security requirements
  • Only use the data as authorized

How we address data security issues

If we find that a data recipient is not following the rules, they must work under a corrective action plan to fix all of their gaps or mistakes. We'll end their access to data if:

  • The deficiency places your personal information at risk of hacking or misuse
  • The recipient does not fix the deficiencies we found
  • We determine there's a high risk they'll continue to fail to follow the requirements

Evaluating potential bulk data services customers

When someone wants data, they complete a contract application. They must provide information to prove they have a legal reason for getting data. They have to explain:

  • The specific data they are requesting
  • What they'll use it for
  • If they’ll share the information
  • How they'll secure the data

How we screen bulk data services customers

We check:

  • To see whether the requester is a legitimate business
  • The reasons they want data
  • Whether the law allows them to receive data
  • Whether they can meet our privacy requirements

After an initial screening, our data services team meets with the applicant to discuss the request. We outline all the requirements they must meet before receiving data, and throughout the life of the contract. If they meet all our requirements, we then enter into a data-sharing agreement.

Reasons for denying bulk data services

There are a lot of reasons why we may choose not to provide data services, including if:

  • It's not required by law
  • There's a strong risk that the data will be misused or left insecure
  • We don’t have the resources to provide the data

Contract requirements

Recipients must sign a contract when we provide data services that include personal information.

Our contracts include specific requirements to protect personal information, like:

  • Restrictions on how the recipient can use the data
  • Data security requirements that the recipient has to demonstrate
  • The right for us to conduct audits to see if the recipient is following our requirements
  • Annual assessments and certifications confirming that they're still in compliance
  • Requirements to notify us and affected people if they have a data breach or discover misuse
  • Requirements to cover our costs if we have to go to court

If a recipient shares personal information with a subrecipient, then the recipient must ensure that the subrecipient also complies with all of our requirements.

Granting your permission

You must sign a release before someone from these groups can request your driving record:

  • Employers
  • Prospective employers
  • Volunteer organizations

Others, such as courts, can get your driving record without your permission.

Information for immigration enforcement

We serve all Washington residents without regard to immigration or citizenship status. We are committed to following the Governor’s Executive Order 17-01. We don't provide personal information for immigration-related investigations to federal immigration authorities. We don’t share information with the Department of Homeland Security without a court order or other legal requirement.

Need additional help? Here's how to contact us:

(TTY: Call 711)
Was this information helpful?