UPDATE

New state-wide mandate requires masks to visit our offices. Learn more.
Appointments are required for in-person services. Schedule yours now.
Get the latest COVID guidance for businesses.

If the information on this translated website is unclear, please contact us at 360.902.3900 for help in your language of choice.

Securing your information

Keeping your information safe is so important to us, we made it a part of our purpose.

Fraud investigation

We have a team of investigators on the lookout for signs of data misuse. They respond to allegations of:

  • Driver license or ID card fraud
  • Identity theft
  • Title fraud

If you believe you're the victim of fraud, contact our team at fraud@dol.wa.gov. Read steps you can take if you're a victim.

If we suspect your information is being misused, this team may reach out to you. We may ask you to confirm your identity. We will give you an option to contact us so you know you're talking to a DOL employee.

To help fight identity crime, we work with the Washington State Patrol on:

  • Public education
  • Victim assistance
  • Criminal prosecution

Securing online transactions

When you complete a transaction with us online (like renewing a license or reporting the sale of a vehicle) you’re using our secure online services. We verify you’re who you say you are, using:

  • A user name and password
  • A PIN number
  • A digital certificate
  • Other methods of authentication

We build protections into these systems to:

  • Ensure your security
  • Safeguard your data
  • Provide reasonable protection of private information in our possession.

You can help secure your data by adding an email address to your account. This will allow us to notify you if someone makes changes to your information.

We don't disclose your secure login information, such as a user name and password, to the public. Information you provide to us through secure services is disclosable only to the extent authorized by law.

Data sharing and security

We have full-time compliance staff assigned to this. They conduct regular investigations and audits to make sure data recipients:

  • Follow our data security requirements.
  • Only use the data as authorized.

If we find that a data recipient is not following the rules, they must work under a corrective action plan to fix all their gaps or mistakes. We will end their access to data if:

  • The deficiency places your personal information at risk of hacking or misuse.
  • The recipient does not fix the deficiencies we found.
  • We determine there is a high risk they will continue to fail to follow the requirements.

Evaluating potential bulk data services customers

When someone wants data, they complete a contract application. They must provide information to prove they have a legal reason for getting data. They have to explain:

  • The specific data they are requesting.
  • What they will use it for.
  • If they’ll share the information.
  • How they will secure the data.

We check:

  • To see whether the requester is a legitimate business.
  • The reasons they want data.
  • Whether the law allows them to receive data.
  • Whether they can meet our privacy requirements.

After an initial screening, our data services team meets with the applicant to discuss the request. We outline all the requirements they must meet before receiving data, and throughout the life of the contract. If they meet all our requirements, we then enter into a data-sharing agreement.

There are a lot of reasons why we may choose not to provide data services, including:

  • It is not required by law.
  • There is a strong risk that the data will be misused or left insecure.
  • We don’t have the resources to provide the data.

Contract requirements

Recipients must sign a contract when we provide data services that include personal information.

Our contracts include specific requirements to protect personal information, like:

  • Restrictions on how the recipient can use the data.
  • Data security requirements the recipient has to show.
  • The right for us to conduct audits to see if the recipient is following our requirements.
  • Annual assessments and certifications confirming that they remain in compliance.
  • Requirements to notify us and affected people if they have a data breach or discover misuse.
  • Indemnification requirements to cover our costs if we have to go to court.
  • If a recipient shares personal information with a sub-recipient, the recipient must pass on all our requirements to them, and must ensure they also comply.

Granting your permission

You must sign a release before someone from these groups can request your driving record:

  • Employers
  • Prospective employers
  • Volunteer organizations

Others, such as courts, can get your driving record without your permission.

Information for immigration enforcement

We serve all Washington residents without regard to immigration or citizenship status. We are committed to following the Governor’s Executive Order 17-01. We don't provide personal information for immigration-related investigations to federal immigration authorities. We don’t share information with the Department of Homeland Security without a court order or other legal requirement.

Questions? Need help?

Email us: DOLPrivacyOfficer@dol.wa.gov

Chatbot icon
Washington Healthcare Finder
Good To Go!
Access Washington – official state government website