If you shop at convenience stores, you may have noticed that checking for proof of age during tobacco & alcohol purchases has quietly moved from viewing the customer’s driver’s license to electronically scanning our licenses. I first noticed this at Circle K stores and then found the same practice in others.
Our privacy is once again under attack in a seemingly “small” way, but I became alarmed enough to dive into the legality.
A trusted State Rep pointed me to state law RSA 263:12. The last section of this law prohibits the scanning of my driver’s license with all of my personal information on it without my consent (with an exception for pawnbrokers, scrap metal dealers, and other secondhand dealers).
RSA 263:12 states in part,
It shall be a misdemeanor for any person to:
- Knowingly scan, record, retain, or store, in any electronic form or format, personal information, as defined in RSA 260:14, obtained from any license, unless authorized by the department. Nothing in this paragraph shall prohibit a person from transferring, in non-electronic form or format, personal information contained on the face of a license to another person, provided that the consent of the license holder is obtained if the transfer is not to a law enforcement agency.
I filed a complaint with the NH Attorney General’s office that the law – as well as my Constitutional Right to privacy – was violated. The response I received confirmed my concern as I was pointed to the phrase in RSA 263:12 X “unless authorized by the department.”
The “Department” referred to in RSA 263:12 is the NH Department of Motor Vehicles (DMV), which is run by unelected bureaucrats and political appointees free to push their political ideologies with apparently no desire by the NH Department of Justice to provide any oversight or enforcement.
Below is how The Department of Motor Vehicles and the NH Attorney General’s office washed their hands of their responsibilities to monitor and safely regulate who can access, scan, and store our personal data. They closed the case in typical Jedi Mind Trick fashion, inferring “there was nothing to see here” – but as you will see, can not back up their finding of no wrongdoing.
The Attorney General’s office identified DMV “rule” Saf-C 5606.05 which was written by those ideological, political appointees in the DMV, to unconstitutionally violate our Right to privacy. Therefore, I was told that Circle K was “authorized” (by those appointed ideologues) to scan my license electronically, and the case was closed.
DMV rule Saf-C 5606.05 states:
(a) Notwithstanding any rule to the contrary, the department authorizes the scanning of personal information from any license in any electronic form or format so long as all the following conditions are met:
(1) The equipment used to scan such personal information does not visibly identify any personal information other than driver license number and name;
(2) The equipment used to scan personal information does not retain, store, or transfer any personal information, other than driver license number and name, for any period of time; and
(3) The equipment used to scan personal information does not store any personal information, other than driver license number and name, in a central repository disaster recovery central repository, such as a cold site or hot site, whether on-site or in a remote location.
So, I asked the AG’s office three simple questions:
Before closing the case, did you confirm the following:
- Verify the equipment “does not visibly identify any personal information, other than driver license number and name”? If so, how did you do this? Please provide documentation to prove this finding. Driver licenses have other personal information on them, including date of birth, address, etc…
- Verify the equipment “does not retain, store or transfer any personal information, other than driver license number and name, for any period of time.” Please provide proof the equipment that is used to scan licenses by Circle K does not retain unauthorized data.
- Please provide proof that you verified the Circle K equipment “does not store any personal information, other than driver license number and name, in a central repository, disaster recovery central repository, such as a cold site or hot site whether on-site or in a remote location.”
It appears they did not.
Instead of answering my questions, they told me I had to talk with the DMV – but could not/would not give me a contact at “The Department.” I found that to be a strange response from an investigative body that is tasked with enforcing the law based on facts.
How could the AG’s office close the case and not have answers to the very pertinent questions I raised? Did Circle K violate the law or not?
Stay tuned…
