DOT-OIG audits security, controls over National Driver Register

user-gravatar Headshot

The Department of Transportation’s Office of the Inspector General, in its audit of the National Driver Register issued this week, reported finding security issues and deficiencies with the data stored in the system.

NDR, administered by the National Highway Traffic Safety Administration, is a central register that enables state department of motor vehicle officials to exchange information on problem drivers in each state, such as those convicted of driving under the influence of alcohol. The system is intended to help prevent problem drivers from obtaining a driver’s license to operate a vehicle, or being hired for safety-sensitive positions.

In 2006, state officials made more than 70 million inquiries for driver’s license applicants, 9 million of which were found in NDR. In all, 42 million problem drivers are recorded in NDR with personally identifiable information, such as driver’s name, Social Security number, date of birth, gender, height, weight and eye color.

The results of DOT-OIG’s audit, issued Monday, Oct. 29, found that drivers’ personally identifiable information was secured properly in NDR’s mainframe database. However, when transmitted or stored outside the mainframe computer, it was exposed to potential unauthorized access or unapproved use; for example, the sensitive information was not encrypted when transmitted on the network.

DOT-OIG also reported that problem drivers were not recorded in NDR in a timely manner, with millions not recorded until at least one year after conviction, which increases the potential that problem drivers could seek a valid license in another state. Also, information about drivers’ physical attributes – such as height and eye color – was missing from about 18 million records; there were more than 161,000 duplicate Social Security numbers; and problem driver records were removed improperly from NDR’s database.

DOT-OIG says NHTSA has concurred with its findings and recommendations. To view the full audit, click here.