OPEN LETTER TO THE EXTENDED AUTO WARRANTY INDUSTRY: It was always just me-not the TXDMV. I worked alone for 18 yrs to STOP your illegal TX biz.

On September 1, 2021- "Texas Consumer Privacy Act Phase I" became effective. — As a Plaintiff's Data Privacy Attorney, a solo-practitioner, I take credit for pioneering many of the new sections to this Data Privacy legislation, as well as the TXDMV policies and procedures to monitor and screen access to state DMV data. This date marks the culmination of eighteen (18) years of labor developing a Federal Data Privacy Class Action "template" to litigate the unauthorized obtainment, use, and re-disclosure of the State's DMV data, a violation of the Driver Privacy Protection Act ("DPPA")18 United States Code, Section 2721.

To: VSC Industry-["YOUR CAR WARRANTY HAS EXPIRED"], and the "Bulk Requestors", referencing entities that obtain the entire DMV database, then periodic updates, ("Resellers"), YOU ARE BEING TRACKED IN TX— 730.014(e) WAS MY IDEA!

TX SB15 | 2021-2022 | 87th Legislature-"Texas Consumer Privacy Act Phase I" SECTION?12.??Section 730.014, Transportation Code, is?amended by adding Subsections ...(e).. to read as?follows:

(e) Requires an agency that discloses any motor vehicle records in bulk under Section 730.007 to include in the records at least two records that are created solely for the purpose of monitoring compliance with Chapter 730 and detecting, by receipt of certain forms of communications or actions directed at the subjects of the created records, potential violations of Chapter 730 or contract terms required by Section 730.014.

In 2008 I was frustrated with the inability to prove conclusively a causal link between the obtainment of DMV data and its unauthorized use. After filing a multitude of Federal Data Privacy Class Actions against Bulk Requestors, involving hundreds of companies, the litigation affecting millions of the company's subsidiaries, we were only able to certify one (1) class action, while four (4) cases denied writ by the US. SUPREME COURT. While the venture was financially viable, "resolving" many DPPA cases individually by non-disclosure agreements, it was a litigation "blood-bath," extensive discovery by large defense firms using "Rambo Tactics." (It was not an emerging field for the Attorney that was weak of heart!)

As such, I decided to stop handling "OFFLINE" data privacy cases-unauthorized access to public records, (DPPA cases). I was now researching and developing a new area involving "ONLINE" data privacy cases involving electronic computing devices — computer and phones. This area was also complex and devoid of other Plaintiff's firms, with no legal precedents or "templates" to follow. It proved though to be promising, [a major Defense Law firm referred to my first attempt as a "landmark case," (my LANE V FACEBOOK case): 5 Landmark Class Action Lawsuits That Changed Lives and the World — Wolf Popper LLP Blog (wolfpopperblog.com) ]

So, in 2008 I contacted Diane Dobson, a TXDMV representative that worked with Bulk Requesters of DMV data, a person that I had many phone conversations with about legal issues. I advised her of my latest DPPA failure, announcement that I would no longer be handling DPPA cases, (She told me that many of the TXDMV representatives were pleased with my work litigating DPPA cases concerning TXDMV data, due in part because neither the Texas Attorney General, nor the legal Counsel for the TXDMV have ever filed a DPPA case for the unauthorized access to TXDMV data). I then told her proving unauthorized access in court was difficult, and the only solution would be for the TXDMV to implement a new procedure, a method I was seeing in my "online" cases to "track" access to data—insertion of 2-3 "test" datasets, [FAKE DATA]. I provided her details about how the system worked online, and how it could work with DMV data.

About 6-9 months later, I decided to take one (1) last stab at DPPA, so I sent an Open Records Request wherein one of the questions was whether the TXDMV had implemented any new policies and procedures to track unauthorized use. Unbeknownst to me, my "Test" data plan had been implemented. TX SB15 | 2021-2022 | 87th Legislature-"Texas Consumer Privacy Act Phase I" SECTION?12.??Section 730.014, Transportation Code, Subsections (e) relates to my plan.

Since 2008 I have sent a multitude of Open Records Requests ("ORR") for information to the TXDMV, as well as 35 other state DMVs, many of the requests initially detailing the flaws in their State's program releasing the DMV data, as discovered in my DPPA litigation, and providing advice to curtail this access. One (1) response to an ORR from the TXDMV in 2017 was troubling. It requested an actual copy of the "screening process" used to determine if an entity had a DPPA permissible use-right to obtain the DMV data. The response noted: Texas has NO SCREENING PROGRAM, (I was in shock). There was no policy or procedures set up for TXDMV staff to evaluate people/entities requesting the DMV data. I then spent a few months working with one (1) TXDMV legal counsel providing information I had obtained from other State DMVs as to screening protocols. In August 2018, the TXDMV implemented a new protocol for screening, almost verbatim from my list. Its presently in effect, and many of the changes in the new law relate to these issues.

Starting in 2018 I decided to begin an email campaign to all Texas Democrats Senators and Democrat State Representatives advising them of the problems with the TXDMV as it relates to the unauthorized access to DMV data. The objective also now included issues concerning "biometric data". About every 3 months I would send emails noting various issues. The objective was to alert them the legislation was needed to amend the State DPPA laws. Within the emails I noted issues involving victims of domestic violence, concerned for their safety, hoping to be safe, but required to provide information to register a car and obtain a new license, but then having companies obtaining their DMV data and posting it online for $5.00.

In review of "Texas Consumer Privacy Act Phase I," the changes to the State DPPA law in which I educated state legislators and TXDMV legal counsel/representatives over the past decade are too numerous to note for this article. While I received nominal feedback from these parties, apparently the information I was providing was being read and considered. There are substantial changes that will potentially bankrupt any business thinking its ole times as usual in Tejas!

DON'T MESS WITH TEXAS—leave the thirty (30) million Texan residents alone, or you will be dealing with me.

PRIVACY CRUSADER aka, THE PITBULL.

["While reading the latest court documents, I noticed that plaintiffs are represented by the Law Office?of?Joseph H.?Malley, P.C. I recognize that name, since?Malley?has often been referred to as the "PrivacyCrusader ."?Malley?was involved with class-action suits against?Adzilla ,?NebuAd ,?Quantcast ?("zombie cookies"),?Ringleader ,?Facebook, and?Apple . In 2010,?Facebook?settled its suit for $9.5?million . So, the plaintiffs have experienced, knowledgeable, and relentless representation. Maybe, "Privacy?Pitbull" is a better nickname.https://ivebeenmugged.typepad.com/my_weblog/2014/12/compact-info-systems.html?no_prefetch=1 }

Additional Articles written on the topic:

(2) DMV data-a billion-dollar industry. | LinkedIn

(2) "Extended Vehicle Warranty" letters- State DMV's selling YOUR information | LinkedIn

(2) Using State Motor Vehicle Records for Direct Marketing-An Industry's Dirty Little Secret EXPOSED. (Part 1) | LinkedIn

(3) Improper Access to State Motor Vehicle Records-Database Marketer's "dirty little secret" | LinkedIn

(3) MASS TORT VEHICLE DATABASE PROVIDERS- What happened to Bernie? Does your vehicle database have Bernie Dodson? | LinkedIn

???????