Passports, social security cards, and banking statements contain the type of information you wouldn’t want to end up in the wrong hands, but if you want a Real ID, those are the types of documents you’ll have to hand over to the Registry of Motor Vehicles. 

The REAL ID requirement is part of a federal law that passed in 2005. It aims to increase security measures after terrorists used fraudulent identities to carry out the attacks on September 11th.

Massachusetts will be in full compliance with the federal REAL ID measure by October of 2020. Once that happens,  you’ll need a REAL ID to board a plane or enter a federal building.

The RMV requires a lot of documentation to get a REAL ID, most of which contains private and sensitive information, such as your social security card, banking statement, or birth certificate.

The 22News I-Team discovered what they do with those documents next is raising some serious security concerns.

The RMV will scan the documents into a computer system that’s run by the state. They’ll then keep digital copies of those documents for up to 25-years, a part of the law that’s unique to Massachusetts.

The I-Team found out that under the federal requirement, states must keep digital copies of documents for at least 10-years, but MassDOT told the I-Team, the Commonwealth’s retention period is 25-years. 

That means the RMV could have everything from your social security number and banking statement to your marriage certificate and passport, stored in their system for over two decades.

The I-Team attempted to contact the Records Conservation Board to find out why the RMV will keep your information for 15-years longer than the federal requirement, but we still haven’t heard back.

The I-Team also spoke to Matthew Smith, the Director of Computer Science and Cybersecurity at Bay Path University about the issue.

He said the documents that the RMV will be storing poses several security concerns. “The more your personal information is out there, the more your data is out there, the more the chance and risk of a security incident or security breach with your personal information getting stolen.”

“There’s no 100 percent certainty that it will happen, but there’s also no 100 percent certainty that it will not happen. This is another area of concern that I think a lot of people are feeling because it’s putting your personal identifiable information at risk,” Smith said.

The I-Team looked into several high profile cyber attacks in recent years.

We discovered the Colorado Department of Transportation was targeted by a ransomware attack earlier this year.

Back in 2014, hackers breached the Office of Personnel Management, exposing the personal information of nearly 22-million people in the federal government, including those with top security clearances.

According to the White House Office of Management and Budget, at least 71 federal agencies still are not equipped to handle a cybersecurity attack.

That’s why Smith urges you to manage your own security. “Everyone should have an identity monitoring tool attached to them, regardless of whether you pay $5 or $35 a month it’s a necessity, especially if you’re a working adult because your information is out there,” he said.

MassDOT sent the I-Team a statement, that says they are taking steps to protect the personal information you’ll have to give the RMV.

“The Commonwealth of Massachusetts has firewalls and protections to secure personal data.” 

If you don’t want to get a REAL ID, you do have another option. You can get a regular driver’s license, but you would have to carry a passport with you to board flights or enter federal buildings, starting in October of 2020.

Credit Monitoring Tools: