AB 2156 amends Vehicle Code section 1653.5 to (1) keep Social Security numbers off issued DMV documents while continuing to require applicants to provide SSNs or driver’s license/ID numbers on application forms, and (2) permit the Department of Motor Vehicles to participate in the American Association of Motor Vehicle Administrators’ State‑to‑State Verification Service (S2S) for exchanging driver license, identification card, and driver history records. Participation is limited to verifying records for individuals issued REAL ID‑compliant credentials and only to the minimum extent necessary to meet federal requirements.
The bill also keeps SSN information nonpublic and enumerates specific exceptions for disclosure — including certain federal/state benefit and tax agencies and S2S — while explicitly barring disclosure of addresses, photographs, gender markers, biometrics, and whether someone holds a credential under Section 12801.9 unless federal law requires it. The statute contains an automatic inoperative clause if a court invalidates the act that added this provision, and requires the DMV to post that status online.
At a Glance
What It Does
Requires DMV application forms to collect applicants’ Social Security numbers or driver’s license/ID numbers and forbids putting SSNs on issued licenses, IDs, registrations, or titles. It authorizes the DMV to participate in AAMVA’s State‑to‑State Verification Service to verify and exchange driver records for REAL ID‑compliant individuals, subject to strict limits on what data may be shared.
Who It Affects
State DMV operations and technology teams, AAMVA/S2S participants, agencies that currently use DMV SSN data (like FTB and EDD), and holders of REAL ID‑compliant credentials — as well as applicants who lack SSNs or non‑REAL ID holders who are excluded from S2S exchanges.
Why It Matters
The bill opens a formal interstate channel for verifying California driver records while codifying a narrower set of permissible disclosures than some states use, shifting workloads to DMV for compliance and system integration and creating a clear distinction between REAL ID and non‑REAL ID credential holders in interstate information flows.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
AB 2156 keeps the requirement that DMV application forms include a field for an applicant’s Social Security account number when applying for a driver’s license or identification card, and a field for a driver’s license or identification card number on vehicle registration and title forms. The DMV must refuse to complete an application that lacks the required number unless the applicant falls under Section 12801’s exception (which applies in particular circumstances).
At the same time, the bill makes clear the department cannot print Social Security numbers on physical credentials, registrations, titles, or other issued documents.
The bill treats SSN data obtained through applications as nonpublic and lists limited circumstances when the DMV may disclose that information: agencies administering TANF or child support, a specific Government Code implementation provision, the Franchise Tax Board, the Employment Development Department for tax and benefit‑administration purposes, and participation in AAMVA’s State‑to‑State Verification Service. The S2S authorization is tightly scoped: exchanges may only concern individuals who already hold REAL ID‑compliant credentials and must be limited to the minimal data necessary to satisfy federal requirements.Crucially, the bill also instructs the DMV not to disclose certain highly sensitive items — such as an applicant’s address, photograph, gender marker, biometric identifiers (including fingerprints), or whether someone holds a credential issued under Section 12801.9 — unless federal law explicitly requires those disclosures.
Finally, the statute contains a contingency: if a final judicial decision invalidates the act that added this section, the provision becomes inoperative and the DMV must post that status publicly. Taken together, the bill is a blend of expanding interstate verification capability while tightening statutory privacy limits on what the DMV may share and publish.
The Five Things You Need to Know
The bill requires DMV forms to include a field for an applicant’s Social Security account number for driver license/ID applications and a field for the applicant’s driver’s license or ID number on vehicle registration/title forms.
The DMV may not complete an application that omits the required SSN or driver’s license/ID number, except where Section 12801 provides an exemption.
Section (f)(5)(A) authorizes participation in AAMVA’s State‑to‑State Verification Service but limits exchanges to individuals issued REAL ID‑compliant credentials and to only the minimum data needed to meet federal law.
Section (f)(5)(B) expressly forbids, absent a federal requirement, disclosure of an applicant’s address, photograph, gender marker, biometric data (including fingerprints), or whether the applicant holds a credential under Section 12801.9.
The statute makes SSN information nonpublic and lists five explicit disclosure exceptions — TANF/child support agencies, a Government Code implementation provision, Franchise Tax Board, Employment Development Department, and S2S participation — while also banning SSNs on issued documents.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Driver license and ID application must collect SSN
This provision mandates a field for the applicant’s Social Security account number on every DMV form used to apply for or renew a driver’s license or identification card. Practically, that means form templates and intake systems must capture SSNs at the point of application; operationally the DMV must ensure secure collection and storage procedures consistent with the statute’s nonpublic classification.
Vehicle registration/title applications must collect DL/ID numbers
Registration and title application forms must include the applicant’s driver license or identification card number. That creates a routine linkage between vehicle records and driver credentials, simplifying cross‑reference but also increasing the number of DMV records tied to an individual credential number — a consideration for records‑management and access controls.
Applicants must provide numbers; DMV may not process incomplete applications
These subsections require applicants to furnish the SSN or DL/ID number in the designated spaces and bar the DMV from completing applications missing those numbers, with an explicit carve‑out for Section 12801. The practical implication is stricter application gatekeeping: front‑line staff and online portals will have to enforce the requirement and flag or route exceptions covered by Section 12801, which will require business‑rule logic and staff guidance.
Ban on printing SSNs on issued documents
The department must not place an applicant’s Social Security account number on any driver’s license, identification card, registration, certificate of title, or other DMV‑issued document. This is a straightforward data‑minimization rule that affects credential design, vendor contracts, and legacy records that might currently include truncated or full SSNs.
SSN is nonpublic but may be shared with a narrow set of agencies
The statute classifies SSN information obtained by the DMV as nonpublic and enumerates discrete exceptions for disclosure: agencies administering TANF and child support (federal programs under Title 42), an implementation provision in the Government Code, Franchise Tax Board requests for tax administration, and Employment Development Department requests tied to tax and benefit compliance. Each exception is mission‑specific; agencies relying on DMV SSN access will still need authorization workflows and records of requests to comply with the nonpublic standard.
Authorized S2S participation with data and subject limits
This subsection authorizes the DMV to participate in AAMVA’s State‑to‑State Verification Service to verify and exchange driver license, ID card, and driver history records with other jurisdictions, but strictly confines those exchanges to individuals who hold REAL ID‑compliant credentials and to the minimum information necessary to satisfy federal law. It also bars, unless federal law requires otherwise, disclosure of addresses, photographs, gender markers, biometric data (including fingerprints), and whether a person holds a credential under Section 12801.9. The DMV will need to negotiate technical interfaces and data‑mapping rules to ensure that S2S queries and responses omit prohibited fields and enforce the REAL ID‑only scope.
Automatic inoperative clause and public notice requirement
If a final appellate decision invalidates the act that added this section, the provision becomes inoperative and the DMV must post that status on its website. This creates a clear administrative duty to monitor litigation outcomes and maintain public transparency about whether the statutory regime is in force.
This bill is one of many.
Codify tracks hundreds of bills on Transportation across all five countries.
Explore Transportation in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Holders of REAL ID‑compliant driver licenses and IDs — they gain a formal interstate verification channel (S2S) that can speed background checks and credential validation across jurisdictions.
- State tax and benefit agencies (Franchise Tax Board, Employment Development Department, TANF/Child Support administrators) — they retain statutory access to SSN data for tax administration and benefit compliance, which supports program integrity.
- Privacy‑conscious applicants — the statute forbids SSNs on issued documents and narrows public disclosure, reducing opportunities for casual exposure of sensitive identifiers.
Who Bears the Cost
- California DMV — must update forms, IT systems, and business rules to collect required fields, enforce nonpublic handling, exclude banned fields from S2S exchanges, and implement posting obligations; these changes carry integration and operational costs.
- AAMVA/S2S participants and vendor partners — technical work to map California’s permitted data elements and enforce REAL ID‑only queries will require development, testing, and governance agreements.
- Applicants without SSNs or non‑REAL ID holders (e.g., individuals issued licenses under Section 12801.9) — they may be excluded from interstate verification and could encounter additional administrative steps because the DMV cannot disclose their status and cannot include them in S2S exchanges except as federal law might require.
Key Issues
The Core Tension
The bill pits two legitimate goals against each other: improving interstate verification of driving credentials (which supports fraud prevention and regulatory compliance) and minimizing the sharing of highly sensitive personal data (SSNs, biometrics, address, photos, and immigration‑sensitive status). The statute tries to thread that needle by limiting S2S to REAL ID holders and promising "minimum necessary" exchanges, but those principles create implementation ambiguity that forces tradeoffs between operational completeness and strict data minimization.
The bill carves a narrow path between enabling interstate verification and preserving sensitive personal data, but leaves several operational questions unanswered. "Minimum extent necessary" is a familiar privacy standard, yet the bill does not define the metrics or fields that constitute the minimum for S2S queries; DMV will need to translate that standard into concrete data schemas and query/response formats in coordination with AAMVA and partner jurisdictions. Without clear standards, implementing parties may default to broader data exchanges or face frequent legal challenges about whether a given exchange exceeded the minimum.
The REAL ID limitation has real consequence: drivers who hold state‑issued credentials that are not REAL ID compliant (including categories designed to expand access) will be excluded from S2S verification. That reduces data exposure for some vulnerable populations but also fragments verification coverage and may complicate multi‑state enforcement or licensing checks.
Additionally, the statutory ban on disclosing biometric and certain identifying fields is robust on its face, but federal law can override that prohibition; the bill leaves open how conflicts between state limits and federal disclosure demands will be handled in practice, and whether the DMV must build exception workflows when federal requests arrive.
Finally, the inoperative clause tied to a judicial determination creates potential instability: if a court later invalidates the act that added this section, the DMV must post the change but the timing and scope of the operational unwind (e.g., whether S2S connections must be severed or whether previously shared data must be purged) are not addressed. That gap could lead to compliance risks and raises questions about data retention, notice to affected individuals, and contractual obligations with third‑party vendors.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.