The AAMVA Applications and Services Privacy Principles address concerns related to personally identifiable information (PII), including sensitive PII, collected, maintained, used, or disseminated in connection with AAMVA’s applications and services. AAMVA applies these principles where appropriate. AAMVA may alter its practices as required by law, or upon request of law enforcement, or, if necessary, to prevent fraud or to protect its computer systems. From time to time, AAMVA may revise its Principles by posting changes on its web site (www.aamva.org). 

Compliance with Privacy Laws 

AAMVA manages its privacy program in an effort to address the requirements of the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), or any state equivalent laws and regulations. 

Security 

Data security is one of AAMVA’s top priorities. Through appropriate administrative, physical, and technical safeguards, AAMVA strives to protect all PII that it maintains or disseminates to prevent unauthorized individuals from obtaining or using that information without permission.
 
AAMVA prohibits the unlawful disclosure of sensitive PII, such as Social Security Numbers (SSN), driver’s license numbers, and state identification numbers (DLN). AAMVA takes steps to provide additional safeguards for such sensitive PII. Whenever possible, AAMVA limits the availability and access to full DLNs and SSNs, even to authorized users. 

Purpose and Use Limitation 

AAMVA endeavors to use the information it maintains or exchanges for the sole purpose for which it was collected. Furthermore, AAMVA takes steps to ensure the business partners providing PII have the authority to collect and share such information with AAMVA. 

Data Minimization 

AAMVA seeks to only collect the PII required by its applications and services and to conduct usage and security monitoring. AAMVA also takes steps, as appropriate, to retain the PII for the useful life of the information and in accordance with the relevant state and federal regulations and other contractual requirements. 

Data Quality and Integrity 

AAMVA strives to preserve accuracy of the data it maintains or reports. Much of the data comes from data providers, such as AAMVA business partners. In the event that information is believed to be inaccurate AAMVA will make reasonable efforts to correct information and will work with the appropriate data providers to initiate corrections. In some cases the individual whose data is inaccurate may be required to work directly with the data provider. (See Access and Correction below for more details.)

Access and Correction 

As appropriate and practicable, AAMVA requires that the business partners with whom it shares data provide opportunities for individuals to dispute and correct information by assisting them in identifying the potential information sources where corrections can be made. AAMVA also seeks to assist its business partners in meeting such requirements as necessary. 

Information Sharing 

AAMVA seeks to limit the distribution or sharing of PII consistent with the nature and sensitivity of the information and the purpose for which the information was collected. AAMVA strives to restrict the sharing of PII only to its authorized users or business partners. If, upon investigation, AAMVA finds that PII has been used or accessed inappropriately or unlawfully, AAMVA will work to stop the misuse or access and prevent similar future misuses. Such steps may include measures up to and including discontinuation of the user’s access to AAMVA information products and services and, pursuant of other legal remedies, the referral of misuse to the appropriate authorities. Some information (such as vehicle history information) may be considered public record and may be available to the general public, in accordance with relevant laws and regulations.

AAMVA takes steps to require similar commitments from the business partners with whom it shares any PII. 

Education and Training 

AAMVA takes user education seriously. AAMVA seeks to inform its employees, business partners, and users of applications and services about privacy and security issues associated with AAMVA information products and services and the responsible use of PII. In addition, AAMVA makes available to the public through this and other documents the measures it undertakes to enhance and protect privacy. 

Reputable Sources 

AAMVA strives to acquire PII from established, reputable business partners, including federal and state government agencies and private sector organizations. AAMVA takes reasonable steps to assess the reputation and reliability of its private sector business partners before incorporating PII from the source into its products and services, or prior to sharing any PII. AAMVA makes best efforts to obtain assurances from its business partners that they have the legal right to share information with AAMVA. 

Notice 

AAMVA takes steps to make its privacy policies, such as this document, available to the public through the websites it operates, such as www.aamva.org.

For additional information about these privacy principles or AAMVA’s privacy program, contact AAMVA’s Chief Information Security Officer at 703.522.4200 or by U.S. mail at: 

Privacy
Attn: CISO
AAMVA 4401 Wilson Blvd, Suite 700
Arlington, VA 22203 

Online Privacy 

AAMVA strives to protect the privacy of PII obtained from users using its applications and services over the Internet. As necessary, AAMVA may develop specific privacy policies documents to specifically address the privacy concerns for such services and applications in alignment with the principles discussed in this document. 

Audits and Assessments 

AAMVA will obtain assessments from a qualified, objective, independent third party that uses procedures and standards generally accepted in the profession to assess AAMVA’s administrative, technical, and physical safeguards as appropriate.

Last revised: April 2021