The Legal Limits of Skip Tracing for Attorneys
For attorneys and process servers, skip tracing—the process of tracking down an individual who has been hard to find (derived from the term “skipped town”)—is an essential component of due diligence. While the tools for skip tracing have become increasingly sophisticated, the legal landscape surrounding them is a complex web of federal privacy laws and varying state regulations.
The imperative to understand these limits and act accordingly lies with lawyers and legal administrators. Failure to comply with national and local regulations could result in inadmissible evidence, statutory fines, disciplinary action, and even criminal liability.
Federal Frameworks: The Primary Guardrails
The primary legal limits on skip tracing in the United States are defined at the federal level, focusing on how data is accessed and for what purpose.
The Driver’s Privacy Protection Act (DPPA)
The DPPA is one of the most important federal limit constraints affecting process servers and the lawyers who retain them—specifically when DMV-sourced personal data is involved. It prohibits the release or use of personal information from state motor vehicle department records except for specific "permissible uses."
Permissible use for attorneys: Lawyers are generally permitted to access DMV data "in connection with any civil, criminal, administrative, or arbitral proceeding," including service of process and the execution or enforcement of judgments.
The limit: Using DMV data for marketing, harassment, or action outside the scope of a specific legal matter is a federal violation.
The Gramm-Leach-Bliley Act (GLBA)
The GLBA governs how financial institutions share private information. For skip tracers, this law limits the ability to obtain non-public personal information (NPI) from banks or credit card companies.
Pretexting: One of the hardest legal limits is the prohibition of "pretexting"—obtaining personal information through false pretenses (e.g., calling a bank while pretending to be the individual). This is strictly illegal and can lead to severe sanctions for the attorney and their agents.
The Fair Credit Reporting Act (FCRA)
While skip tracers often use credit headers (the top portion of a credit report containing name, address, and SSN) when tracking down an individual to be served, the FCRA limits access to full credit reports. Attorneys cannot pull a full credit report for skip tracing purposes unless they have a permissible purpose, which usually requires a court order or the written consent of the individual.
Do These Limits Differ State by State?
While federal laws provide the floor, states often build additional rules that govern personal privacy and the licensing of those who perform skip tracing services.
Licensing Requirements (Private Investigator Laws)
In many states, the act of skip tracing—when performed for hire—is legally classified as private investigation.
Varying requirements: In states like California, Florida, and Texas, individuals performing skip tracing services (who are not licensed attorneys or employees of the law firm) must generally hold a Private Investigator (PI) license.
The risk: If an attorney hires an unlicensed "bounty hunter" or unverified service to perform a skip trace, the information obtained might be challenged, and the attorney could face ethical violations for aiding in the unlicensed practice of a regulated profession.
State-Specific Privacy Laws (CCPA/CPRA)
State-level consumer privacy acts, most notably the California Consumer Privacy Act (CCPA), have introduced new complexities. While there are often exemptions for data used in legal proceedings, these laws grant individuals the right to know what data is being collected about them.
In states with high privacy protections, skip tracers must be increasingly careful about how they aggregate and store data from public and private people search databases.
Anti-Stalking and Harassment Statutes
State limits often focus on the method of skip tracing rather than just the access to data. If a skip tracing effort involves repeated, unwanted contact or the use of GPS tracking devices without a warrant or court order, it may run afoul of state anti-stalking laws.
Best Practices for Legal Compliance
To stay within the legal limits of skip tracing, firms should adopt the following standards:
Verify permissible purpose: Always document the specific legal matter and case number associated with a skip trace request to ensure compliance with the DPPA and GLBA.
Avoid pretexting: Never allow deception to be used to obtain information. Ensure that any third-party vendors you hire have a strict policy against pretexting.
Vet third-party vendors: If you’re not performing the search in-house, ensure your vendor is licensed (where required) and uses compliant data sources. Look for platforms that provide a chain of custody or audit trail for their data.
Respect "do not track" and privacy requests: Be aware of state-level opt-outs and ensure your data providers respect consumer privacy choices where they don't conflict with legal mandates.
Conclusion
The legal limits of skip tracing are designed to balance the "need to know" in a justice system with citizen's right to privacy. For attorneys, the rule of thumb is simple: Access must be tied to a legitimate legal proceeding, and the methods employed must be ethical, transparent, and non-deceptive.
By adhering to federal guardrails and staying mindful of state licensing and privacy trends, firms can utilize skip tracing as a powerful tool without increasing their own liability.
