322.143 - Use of a Driver License or Identification Card.

FL Stat § 322.143 (2019) (N/A)
Copy with citation
Copy as parenthetical citation

(1) As used in this section, the term:

(a) “Personal information” means an individual’s name, address, date of birth, driver license number, or identification card number.

(b) “Private entity” means any nongovernmental entity, such as a corporation, partnership, company or nonprofit organization, any other legal entity, or any natural person.

(c) “Swipe” means the act of passing a driver license or identification card through a device that is capable of deciphering, in an electronically readable format, the information electronically encoded in a magnetic strip or bar code on the driver license or identification card.

(2) Except as provided in subsection (6), a private entity may not swipe an individual’s driver license or identification card, except for the following purposes:

(a) To verify the authenticity of a driver license or identification card or to verify the identity of the individual if the individual pays for a good or service with a method other than cash, returns an item, or requests a refund.

(b) To verify the individual’s age when providing an age-restricted good or service.

(c) To prevent fraud or other criminal activity if an individual returns an item or requests a refund and the private entity uses a fraud prevention service company or system.

(d) To transmit information to a check services company for the purpose of approving negotiable instruments, electronic funds transfers, or similar methods of payment.

(e) To comply with a legal requirement to record, retain, or transmit the driver license information.

(3) A private entity that swipes an individual’s driver license or identification card under paragraph (2)(a) or paragraph (2)(b) may not store, sell, or share personal information collected from swiping the driver license or identification card.

(4) A private entity that swipes an individual’s driver license or identification card under paragraph (2)(c) or paragraph (2)(d) may store or share personal information collected from swiping an individual’s driver license or identification card for the purpose of preventing fraud or other criminal activity against the private entity.

(5)(a) A person other than an entity regulated by the federal Fair Credit Reporting Act, 15 U.S.C. 1681 et seq., who receives personal information from a private entity under subsection (4) may use the personal information received only to prevent fraud or other criminal activity against the private entity that provided the personal information.

(b) A person who is regulated by the federal Fair Credit Reporting Act and who receives personal information from a private entity under subsection (4) may use or provide the personal information received only to effect, administer, or enforce a transaction or prevent fraud or other criminal activity, if the person provides or receives personal information under contract from the private entity.

(6)(a) An individual may consent to allow the private entity to swipe the individual’s driver license or identification card to collect and store personal information. However, the individual must be informed what information is collected and the purpose or purposes for which it will be used.

(b) If the individual does not want the private entity to swipe the individual’s driver license or identification card, the private entity may manually collect personal information from the individual.

(7) The private entity may not withhold the provision of goods or services solely as a result of the individual requesting the collection of the data in subsection (6) from the individual through manual means.

(8) A private entity that violates this section may be subject to a civil penalty not to exceed $5,000 per occurrence.

(9) This section does not apply to a financial institution as defined in s. 655.005(1)(i).

History.—s. 51, ch. 2013-160; s. 59, ch. 2014-17.