Allstate Insurance Co. has paid $1 million to the state Department of Motor Vehicles to settle accusations that firm employees improperly retrieved and used drivers' confidential records from a DMV database, officials announced Tuesday.
The fine, which the DMV described as the single largest in its history, lifts a two-month suspension that prevented Allstate from electronically accessing computerized drivers' records.
DMV Director Steven Gourley said that in addition to the fine, Allstate will pay $90,000 to defray all of the state investigative, auditing and legal costs. The state probe found 131 cases in which Allstate employees improperly used the data.
A spokeswoman for the company, Emily Daly, said, "Allstate takes its obligation to safeguard the confidentiality of consumer information very seriously." The company has adopted policies that go beyond state requirements to be sure the records are kept secret, Daly said.
Allstate is California's third-largest auto insurance seller, with 2.2 million policyholders, or 10.5% of the state's insured drivers.
Insurers need the drivers' records to show whether those they agree to cover are good risks, and to check whether someone making a claim against their clients has been involved in other accidents.
Up until 1989, the records were public information and anyone could have access to them. But that year, an obsessed fan of 21-year-old actress Rebecca Schaeffer obtained her home address from the DMV and showed up on her doorstep, where he shot and killed her.
Now, only those with a legitimate need for such records are able to get them, and then only through an elaborate system of codes and passwords.
The DMV investigation of Allstate showed that in many instances, Allstate employees were misusing the procedures, getting the records of friends, relatives and others and then not keeping them secure.
Gourley hailed the settlement and fine as demonstrating the diligence of the DMV in protecting the privacy of California consumers, and said he had assured Allstate that "if they put in all the safeguards necessary, I will hold them up as a model."
Daly, the Allstate spokeswoman, said the company had immediately taken action to correct matters last June, when it was notified of the DMV's initial findings.
"Many of our steps exceed the DMV minimum policy requirements," she said.
For example, "We have limited the number of employees in each office that have access to the DMV's records," she said.
She said other steps include each office's keeping a log of DMV record requests and maintaining documentation in each claim file for two years; changing passwords used to access the information every 60 days; designating security administrators from the senior management of each office; and conducting internal reviews to ensure compliance with DMV policies.
Despite those steps, Gourley said, the DMV decided to hammer the lesson home with a sizable fine before lifting the suspension.