DDS Privacy Statement

Our Mission at the Department of Driver Services (DDS) is to provide secure driver and identity credentials to our customers with excellence and respect.

DDS is legally required to collect specific material from customers applying for issuance, replacement, or renewal of a state driver’s license or identification card. Some of this material contains personally identifiable information (PII), which may include an individual's, photograph, date of birth, social security number, driver identification number, name, address (other than five-digit ZIP Code), telephone number, and medical or disability information. DDS is committed to safeguarding customer information and ensuring the information it maintains is used only for the purposes authorized by law. Therefore, privacy of customer information is a central consideration in decisions related to the release of data DDS collects. DDS utilizes legal requirements and authority, in addition to cybersecurity guidelines, to protect customer data. DDS believes in being transparent about the use of customers’ data.

Release of DDS Information

The release of information from DDS is governed federally by the Driver's Privacy Protection Act (18 USC §§ 2721-2725) and by Georgia state law. The Driver’s Privacy Protection Act prohibits the disclosure of a customer’s PII and of highly restricted personal information obtained in connection with a driving record without the customer’s express consent except as explicitly allowed by statute. Georgia statute (O.C.G.A. § 40-5-2) stipulates that all DDS records are privileged and not available to the general public; therefore, such data will not be released for requests made under the Georgia Open Records Act. However, DDS may release a customer’s driving and/or PII with the customer’s written consent, or upon receipt of a subpoena or court order, and in accordance with the law. DDS is required to disclose customer driving records and/or PII upon request to other governmental entities, and upon the customer’s written consent to insurance and rental companies (issued through Georgia Technology Authority “GTA”), and employers/potential employers. State and federal law also requires DDS to release this information as noted below to:

  • Government entities for legitimate government purposes
  • Clerk of Court for jury selection purposes;
  • Department of Human Services for the recovery of child support payments;
  • Department of Natural Resources for the detection and prevention of fraud in applications for licenses, permits, and registrations;
  • Department of Revenue for the detection and prevention of fraudulent tax returns;
  • Law Enforcement or local fire department for use in investigations or prosecutions of alleged unlawful activity;
  • Legitimate businesses to verify the accuracy of the information (upon customer’s written consent);
  • Organ donation organizations (if this is an option selected by the customer on their application)
  • Secretary of State’s Office or the County Registrar for voter registration; and
  • United States Selective Service System for legitimate governmental duties related to military service

Restrictions

Released records and PII may only be used by the authorized recipient for the authorized purpose. The disclosure, distribution, or sale of customers’ information to an unauthorized recipient or for an unauthorized purpose is unlawful. It is also unlawful to make a misrepresentation or false statement in

order to obtain such information from DDS. Any person who knowingly and willfully violates either of these provisions shall be guilty of a high and aggravated misdemeanor punishable in accordance with state law.

Requests received from law enforcement sometimes involve an individual’s photograph. While law enforcement may request individual photographs for official use in an investigation, DDS does not allow access to all photographs to any entity for search purposes. Absent a court order, subpoena, or specific law enforcement request, DDS may not share the following data with any entity other than the customer or his representative:

  • Documents customers present to obtain a driver’s license or identification card;
  • The application customers fill out to obtain a DDS credential; or
  • Photographs.

Georgia law does not permit DDS to release name and address information for marketing purposes. Therefore, there is no need for you to request that your information be restricted from release on DDS records.

Revenue for Data Release

DDS does not collect fees from third party entities for data released to those entities. In accordance with GTA’s bulk MVR program, GTA may assess reasonable fees for furnishing information from records or databases; provided, however, that the fee for furnishing an abstract of a driver's record shall not exceed $10.00. It is important to note that DDS does not release customer data for the purpose of raising revenue. DDS’s authority to release data is controlled by the privacy laws noted above, and no customer data may be released unless the requester has received consent of the customer or meets the requirements set forth in the law. Data released to governmental entities for official purposes will be provided free of charge.

Protection

DDS recognizes that its obligation to protect customer data goes beyond requiring legal agreements to govern the requester’s use of DDS data. DDS serves as the gatekeeper for our customers’ records and takes that responsibility seriously. As such, the following protections are in place even after data is released to an authorized requester:

No Tracking or monitoring

DDS does not monitor or track the customer's use of their ID or driver's license. There are laws and regulations that require updates of demographic or driving information. However, such information is supplied to DDS by the customer, courts, law enforcement, or DMV's in other jurisdictions.

DDS Employee Training

DDS requires annual information technology security training for all of its employees and all individual users who have a security token to electronically access DDS’ records. The training provides guidance on the proper ways to access DDS information in the course of business and explains the consequences of misuse and unauthorized access to DDS records. All DDS employees and data recipients are made aware of DDS’s zero tolerance policy for accessing customer data without an authorized business purpose.

Unauthorized Access

The DDS IT system is a part of the Georgia Enterprise Technology Services (GETS) system through GTA. GETS provides secure managed services for the DDS and other state agencies. Although DDS has taken extensive steps to protect customer data from breach, misuse or fraud, it is possible that unauthorized access may occur. DDS has an internal incident response protocol to ensure that immediate action is taken to terminate any unauthorized use, mitigate damage, and notify affected parties.

Links to additional resources 

DDS’s fees are published at https://dds.georgia.gov/georgia-licenseid/general-license-topics/fees-and-terms.

Website tracking tools https://dds.georgia.gov/privacy-statement.

Some information is collected and retained by DDS that is not displayed on the card; however, this data can be displayed in the barcode. You may find information on barcodes at https://dds.georgia.gov/partners/license-barcode.

Information related to Georgia Digital ID terms and conditions may be found at the following link https://dds.georgia.gov/mdl-faqs.

 

Last edited 02.17.2025