Official Opinion 2008-2
The Department of Revenue is authorized to provide access to the information contained in the Georgia Registration and Title Information System only for the purposes mandated by the Driver's Privacy Protection Act of 1994, or to those state agencies designated in O.C.G.A. § 40-2-130(c), O.C.G.A. § 40-3-23(d), and O.C.G.A. § 33-34-9.
You have asked if the Department of Revenue (hereinafter the “Department”) may provide State agencies with access to information contained in the Georgia Registration and Title Information System (hereinafter “GRATIS”). You have advised that GRATIS is a system that enables participating Georgia counties to provide the State with automated up-to-date motor vehicle registration and title processing information for its central database. The Department has received several inquiries regarding the propriety of providing access to GRATIS information to state agencies for the following reasons:
State agency seeking the information for its internal use only in performance of its duties; or
State agency seeking to assist a non-governmental third party who is developing a computer system for use by the general public that interacts with the agency and assists it with its duties; or
State agency seeking to assist a non-governmental third party who is developing a computer system for use by the general public that does not interact with the agency per se, but furthers a related agency issue; or
State agency interacting with a non-governmental third party to develop and operate a computer system on behalf of the agency in the furtherance of its duties.
Pursuant to Georgia law, motor vehicle registration records and certificates of title are exempt from disclosure under Georgia’s Open Records Actunless disclosure is required under the Driver's Privacy Protection Act of 1994, 18 U.S.C. §§ 2721-2725 (hereinafter the “DPPA”), or by certain statutorily designated users. O.C.G.A. § 40-2-130(c); O.C.G.A. § 40‑3‑23(d); O.C.G.A. § 33-34-9.
The DPPA provides that
[a] State department of motor vehicles, and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity:
(1) personal information, as defined in 18 U.S.C. 2725(3), about any individual obtained by the department in connection with a motor vehicle record, except as provided in subsection (b) . . . ; or
(2) highly restricted personal information, as defined in 18 U.S.C. 2725(4), about any individual obtained by the department in connection with a motor vehicle record, without the express consent of the person to whom such information applies, except uses permitted in subsections (b)(1), (b)(4), (b)(6), and (b)(9) . . . .
18 U.S.C. § 2721(a).
Subsection (b) of 18 U.S.C. § 2721 requires a State department of motor vehicles (hereinafter “DMV”) to disclose personal information for use in connection with matters of motor vehicle or driver safety and theft, motor vehicle emissions, motor vehicle product alterations, recalls, or advisories, performance monitoring of motor vehicles and dealers by motor vehicle manufacturers, and removal of non-owner records from the original owner records of motor vehicle manufacturers to carry out the purposes of titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure Act, the Clean Air Act, and chapters 301, 305, and 321-331 of title 49 . . . .
Pursuant to O.C.G.A. § 40-2-130, O.C.G.A. § 40-3-23, and O.C.G.A. § 33-34-9, the Department is authorized to disclose motor vehicle information only to the statutorily designated users.
Specifically, O.C.G.A. § 40-2-130 provides that motor vehicle registration records may be disclosed for use as provided in the DPPA and by the following:
Any licensed dealer of new or used motor vehicles;
Any tax collector, tax receiver, or tax commissioner;
The director of the Environmental Protection Division of the Department of Natural Resources or his or her designee; and
Any private person who has met the requirements of Code Section 40-2-25, provided that the information shall be used for the sole purpose of effectuating the registration or renewal of motor vehicles by electronic or similar means . . . .
O.C.G.A. § 40-2-130(c). Likewise, O.C.G.A. § 40-3-23 provides that certificate of title records may be disclosed for use as provided in the DPPA and by the following:
Any licensed dealer of new or used motor vehicles; and
Any tax collector, tax receiver, or tax commissioner.
O.C.G.A. § 40-3-23(d). Furthermore, O.C.G.A. § 33-34-9 provides that “an insurer may be granted access via electronic means to individual motor vehicle records . . . .”
Two basic tenets of statutory construction are that the General Assembly is presumed to enact legislation with full knowledge of the existing conditions of the law and that statutes are to be construed in connection and in harmony with existing law. 1997 Op. Att’y Gen. 97-18 (citing Poteat v. Butler, 231 Ga. 187, 188 (1973)). Applying these rules of statutory construction to O.C.G.A. § 40-2-130, O.C.G.A. § 40-3-23, and O.C.G.A. § 33-34-9, it appears that the General Assembly intended to restrict the disclosure of personal information from motor vehicle records only to the users designated in the statutes.
Based on the foregoing, it is my official opinion that the Department of Revenue is authorized to provide access to the information contained in the Georgia Registration and Title Information System only for the purposes mandated by the Driver's Privacy Protection Act of 1994, or to those state agencies designated in O.C.G.A. § 40-2-130(c), O.C.G.A. § 40-3-23(d), and O.C.G.A. § 33-34-9.
Assistant Attorney General
 The Georgia Open Records Act states in pertinent part that “[a]ll public records of an agency … except those which by order of a court of this state or by law are prohibited or specifically exempted from being open to inspection by the general public, shall be open for a personal inspection by any citizen of this state at a reasonable time and place; and those in charge of such records shall not refuse this privilege to any citizen.” O.C.G.A. § 50‑18‑70(b).
 Congress enacted the DPPA in order to protect individuals against public sector use of driver’s license data and the negative consequences arising from the widespread market availability of such data. Driver's Privacy Protection Act: Hearings on H.R. 3365 Before the Subcomm. on Civil and Const. Rights 103d Cong. (1994) (statement of Congressman James P. Moran), available in Fed. Doc. Clearing House, Feb. 4, 1994. 52 Stan. L. Rev. 1125, 1145. Accordingly, the DPPA regulates the disclosure of personal information contained in the records of state motor vehicle departments. See Reno v.Condon, 528 U.S. 141, 143 (2000). In regulating such information, the DPPA preempts contrary state law. See Oklahoma ex rel. Okla. Dep't of Pub. Safety v. United States, 161 F.3d 1266, 1272 (10th Cir. 1998); see also Reno, 528 U.S. at 143.
 18 U.S.C. § 2725(3) and (4) define “personal information” as information that identifies an individual, including an individual's photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information, but does not include information on vehicular accidents, driving violations, and driver's status, and "highly restricted personal information" as an individual's photograph or image, social security number, medical or disability information, respectively.
 Reno, 528 U.S. at 143; see also 18 U.S.C. § 2721(b).
 Reno, 528 U.S. at 143; see also 18 U.S.C. § 2721(b)(1) through (14).