AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

Texas is one of only two states that prohibit businesses from saving electronically readable information obtained from scanned driver's licenses. Because driver's license numbers rarely change, businesses can use driver's license numbers to track fraudulent and potentially fraudulent activities such as returning shoplifted or used merchandise. Return fraud costs Texas businesses approximately $1 billion a year.

 

Information electronically embedded in Texas driver's licenses is the same as the information displayed on the license, which includes a unique number, a color photograph of the entire face, a brief physical description, and the license holder's address.

Under Section 512.126, Transportation Code, accessing or using electronically readable information from a driver's license or personal identification certificate, or compiling or maintaining this information in a database, is a misdemeanor offense.  However, a business may access this information to verify a check or an individual's identity at the point of sale of a good or service by check.

 

C.S.H.B. 346 seeks to protect businesses from fraud by allowing them to scan and store electronically readable information embedded in a driver's license. It also allows businesses to provide this information to check services or fraud prevention services companies as part of a transaction initiated by the license holder. Check services and fraud prevention services companies are governed by the Fair Credit Reporting Act, and therefore any electronically readable information that they obtain would be subject to the Act’s data privacy protections.

 

C.S.H.B. 346 amends current law relating to the accessing and use of electronically readable personal identification information obtained from driver’s licenses or personal identification certificates.

 

RULEMAKING AUTHORITY

 

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1. Amends Section 521.126, Transportation Code, by amending Subsections (b) and (e) and adding Subsection (l), as follows:

 

(b) Provides that, except as provided by Subsections (d) (relating to providing that the prohibition provided by Subsection (b) does not apply to a person who accesses, uses, compiles, or maintains a database of the information for certain law enforcement or governmental purposes), (e), (g) (relating to authorizing a person to access, use, compile, or maintain in a database electronically readable information derived from a driver’s license, commercial driver’s license, or personal identification certificate to secure the facility or port), (i) (relating to providing that the prohibition provided by Subsection (b) does not apply to a hospital that accesses, uses, compiles, or maintains a database of the information to provide health care services to the individual who holds the driver’s license, commercial drivers licence, or personal identification certificate), and (j) (relating to prohibiting a hospital from selling, transferring, or otherwise disseminating the information described by Subsection (i) to a third party for any purpose, including any marketing, advertising, or promotional activities), and Section 501.101 (Use of Consumer Driver’s License or Social Security Number by Merchant or Certain Third Party), Business & Commerce Code, a person commits an offense if the person accesses or uses electronically readable information derived from a driver’s license, commercial driver’s license, or personal identification certificate or compiles or maintains a database of electronically readable information derived from driver’s licenses, commercial driver’s licenses, or personal identification certificates.

 

(e) Provides that the prohibition provided by Subsection (b), rather than Subsection (b)(1) (relating to providing that a person commits an offense if the person accesses or uses electronically readable information derived from a driver’s license, commercial, driver’s license, or personal identification certificate), does not apply to a financial institution or a business that:

 

(1) accesses or uses electronically readable information for purposes of identification verification of an individual or check verification at the point of sale for a purchase of a good or service by check;

 

(2)  accesses or uses electronically readable information as part of a transaction initiated by the license or certificate holder to provide information to a check services company or fraud prevention services company governed by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.) for the purpose of effecting, administering, or enforcing the transaction;

 

(3) is a check services company or a fraud prevention services company governed by the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.) that accesses or uses electronically readable information or compiles or maintains a database of that information for the purpose of effecting, administering, or enforcing the transaction; or

 

(4) is a financial institution that compiles or maintains a database of electronically readable information, if each license or certificate holder whose information is included in the compilation or database consents to the inclusion of the person's information in the compilation or database on a separate document, signed by the license or certificate holder, that explains in at least 14-point bold type the information that will be included in the compilation or database. 

 

Deletes existing text providing that the prohibition provided by Subsection (b)(1) does not apply to a financial institution or business if the information is accessed and used only for purposes of identification verification of an individual or check verification at the point of sale for purchase of a good or service by check.  Deletes existing text providing that the prohibition provided by Subsection (b)(2) (relating to providing that a person commits an offense if the person compiles or maintains a database if electronically readable information derived from a driver’s licenses, commercial driver’s licenses, or personal identification certificates) does not apply to a financial institution if each license or certificate holder whose information is included in the compilation or database consents to the inclusion if the person’s information in the compilation or database.  Deletes existing text requiring that consent under this subsection be on a separate document, signed by the license or certificate holder, that explains in at least 14-point bold type the information that will be included in the compilation or database.  Deletes existing text defining, for the purposes of this subsection, "financial institution."

 

(l) Redefines, for the purposes of this section, rather than for the purposes of this subsection, "financial institution."

 

SECTION 2. Effective date: upon passage or September 1, 2013.