Privacy concerns regarding BMW marketing

Like many of us, I occasionally receive marketing information thinly disguised as “thank you “notes from my local dealership.

This is no big deal, as I get enough mail on other stuff I occasionally enjoy seeing something sitting on my kitchen counter with a picture of a motorcycle LOL.

The latest classy, glossy thank you note from my local service department was obviously from BMW Motorrad North America... the return address was my local dealer and the backside thanked me for having service done on my R1200RT.

This postcard also pimped bike covers and accessories, you know the usual...

To my dismay both on the front side of this postcard in the address line, and on the backside in the salutation it showed my Oregon drivers license number!

I contacted both my dealer this morning, and BMW North America customer service and lodged a formal complaint. In this day and age of personally identifiable information security and privacy concerns this is unacceptable.

Likely what happened is BMW gleaned marketing information from Point of Sale info uploaded to their server, and the marketing people didn’t bother to filter out certain personally identifiable information that would allow identity theft.

It will be interesting to see the responses from the mothership.





Sent from my iPhone using Tapatalk

Hope you're not using that FaceApp....you might be on someone else's cover!

Federal DPPA

Rangemaster - The Federal Driver's Privacy Protection Act (DPPA) is supposed to protect various pieces of personal information, including your Driver's License number. Here's a long explanation from the Electronic Privacy Information Center: https://epic.org/privacy/drivers/

The pertinent paragraph is this long summary is as follows:

"The DPPA's Provisions
The Drivers Privacy Protection Act requires all States to protect the privacy of personal information contained in an individual's motor vehicle record. This information includes the driver's name, address, phone number, Social Security Number, driver identification number, photograph, height, weight, gender, age, certain medical or disability information, and in some states, fingerprints. It does not include information concerning a driver's traffic violations, license status or accidents.

The Act has a number of exceptions. A driver's personal information may be obtained from the department of motor vehicles for any federal, state or local agency use in carrying out its functions; for any state, federal or local proceeding if the proceeding involves a motor vehicle; for automobile and driver safety purposes, such as conducting recall of motor vehicles; and for use in market research activities. Ironically, personal data is still available to licensed private investigators.

The Act imposes criminal fines for non-compliance and grants individuals a private right of action including actual and punitive damages, as well as attorneys fees."

On its face, you and possibly a large number of others seem to have become victims of a violation of the DPPA. If someone to whom you've complained gets back to you, please keep us all informed of the outcome.

Finally got some answers last week...

I received an email from the GM of the dealership:

Dear Sir,

We did work with BMW to remove your Driver’s License Number from the name field in their mailing list.

We do apologize for the error.

Now for the rest of the story...

BMW Customer Relations called me about an hour after the short email from the dealer and disclosed the following:

1. BMW doesn’t send the marketing postcards; they are done by a third party printing service that works with the dealers. BMW provides the cards; the printing/mailing service gets the data from the dealers. It’s not “their” (BMW’s) mailing list...it’s the dealer’s list.
2. The GM personally supervised the removal of that data from my customer record...apparently someone in the service department entered my DL and expiration date in the data fields with my name when I had tires changed last month.
3. BMW spoke to the printer...who took it very seriously and is looking for more mistakes in the data transmitted by that dealer.

While I’m fairly certain this is an isolated incident I am disappointed with the brevity of the dealerships’ response, but pleased with the follow-up and full disclosure from BMW Customer Relations.


Sent from my iPad using Tapatalk

You have to love deniability .... It's the dealer's list, not BMWs. But, I'm sure the beloved BMW logo is all over that post card

Yep, the dealer used your License No. as a high level ID. But, as the blurb on the DPPA says, "such as conducting recall of motor vehicles; and for use in market research activities." you were just part of a market research effort.

Good luck,