However, if they released information on a third party that data contains protected information (e.g., Social Security Number) then they may have violated the Texas Public Information Act.

Seriously.. name, address, tel #, email, DOB, SSN, DL #.

and question whether they supply confidential information to any Tom, Dick or X_Digger that makes a request. This is a breach of security so the agency attorneys need to be notified and the third party should also be notified because of the possibility of ID theft.

I know from previous experience that it is possible to release information that in hindsight would best be left unrevealed. I had to maintain a comprehensive database with confidential data, but I also had to prepare a scrubbed version of that data for release to the public. While I scrubbed certain data fields, occasionally a piece of information would appear in a non-confidential data field.

Hopefully, it was an inadvertent error made by the agency staff and they have not provided this information to any of their other customers. However, they may need to develop new procedures to avoid releasing this information in the future.

One agent forwarded their answer to a question similar to the one I asked to another agent, but that agent's reply includes the form data with personal data.

I've had to do similar data scrubbing for pre-production testing- I deal with CPNI data, as well as customer security data for a major telecom.

I'm having a hard time finding an actual human email address at the RDS, unfortunately.