For Immediate Release
Date: February 25, 2008
Contact: David Griffith
Phone: (573) 751-8222

Department of Revenue Outlines Actions Protecting Personal Information;

Attorney General Nixon Wrong in His Assertions

        JEFFERSON CITY – The Director of the Missouri Department of Revenue (Department) today said Attorney General Jay Nixon was incorrect in his assertions that the Department is not protecting the personal information of Missourians.  Last week, Nixon blamed the current Department for actions that led to identity theft but failed to note that the company involved was originally granted access to this information about seven years ago under the Holden Administration.

        “We have taken many steps over the last three years to protect Missourians from identity theft and this has included closing many of the loopholes left behind by the previous administration which provided the information that led to identity theft," said Omar Davis, Director of the Department of Revenue.  "Jay Nixon sent me an inappropriate letter accusing this Department of not protecting personal information, but he failed to mention that it was the actions of the previous administration that led to this company having access to Department records in the first place.  Our Department has taken aggressive actions and has a strong system in place to protect the personal information of all Missourians.  We want to work with the Attorney General's office to prevent identity theft but Jay Nixon was wrong to lay the blame for this misuse of drivers’ information at the feet of the current administration."

        Davis took strong exception to a letter from Nixon dated February 20 in which Nixon asserted that the current Department of Revenue was responsible for identity theft in cases that his office is investigating.

        "With this highly sensitive information the suspect was able to steal the identities of -- and do great harm to -- many citizens of this state who had counted on your Department to safeguard the information," Nixon wrote in a letter to Davis.

        Davis said that Nixon is wrong in asserting that the Department does not have strong procedures in place to protect highly confidential personal driver license information.  Davis outlined the many security procedures implemented by the Department over the past three years that were not in place before 2005.

        Davis noted that the Department strictly prohibits the selling of information for improper purposes.  Those with access to Department information have met stringent criteria prior to being given ANY information and are now required to continually prove their need for such information.

        After taking office in 2005, Governor Blunt directed the Department to undertake a concerted effort to improve its practices to better protect all Missourians from identity theft.  Since that time the Department has taken aggressive action to ensure the personal information contained in the Motor Vehicle and Driver Record files is protected, including:

• The Department revised the procedure for granting a Security Access Code, which allows eligible applicants to access the Department’s motor vehicle and driver records. Those making a request are now required to include the primary function of their business and how the record/personal information access is to be used.
• The Department modified the Motor Vehicle/Driver License security access system to include fields for recertification, and the Department recertified all customers with the highest level of access to motor vehicle and driver license information. Through the recertification process 2,672 accounts were closed for inadequate responses.
• The Department placed stricter guidelines on requests for motor vehicle and driver license data. The approval process was revised and responsibility for verifying the Driver Privacy Protection Act (DPPA) security access code was tightened. New accountability forms were created for those requesting reports and no verbal requests are processed without proper validation of the requestor and the access code.
• The Department enacted extensive steps to protect the license number (when a social security number is used) on Department correspondence.  Encryption procedures were implemented for any transmitted e-mails containing confidential information. The Department also provided guidelines to the contract offices regarding their handling of confidential information.
• The Department conducted audits of customers who receive personal information. Surveys were forwarded to customers who receive driver license information, and specific documents/logs were requested to validate their use of the information.

        Davis said the Department continues to look for new threats to the security of personal information and will quickly implement changes to address those threats.

 ###