ID Scanning Laws

In Massachusetts, as in many other states, there are no specific laws that govern the scanning of IDs. However, businesses are generally allowed to scan IDs for a variety of purposes, including:

  • Verifying a customer’s age
  • Establishing a customer’s identity
  • Confirming a customer’s license status to operate a vehicle
  • Disclosing such information to another business for:
    • Verifying a check payment
    • Evaluating creditworthiness
    • Detecting or reducing the risk of fraud, abuse, identity theft, or other crimes
    • Collection activities
    • Confirming that a customer has met the motor vehicle financial responsibility requirements
  • Disclosing such information to:
    • The department of transportation
    • Insurance licensees
    • Notaries
    • Financial institutions (if permitted by federal law)
    • Law enforcement agencies

While there are no specific Massachusetts laws that regulate ID scanning, businesses must still comply with federal laws and industry best practices to protect customer privacy and prevent identity theft.

Massachusetts State Legislature

ID Scanning Resources

Massachusetts Legislative

Stay up to date with Massachusetts State Legislature

Massachusetts Statutes

The Laws of Massachusetts Statutes available online

ID Scanner

Popular Hotel ID Scanner for Massachusetts

The Legal Framework

Massachusetts ID Scanning Laws and Regulations

Although there are no specific Massachusetts laws on ID scanning, several federal laws may apply. These include the Driver’s Privacy Protection Act (DPPA) and the Fair and Accurate Credit Transactions Act (FACTA).

The Driver’s Privacy Protection Act (DPPA)

The DPPA is a federal law that restricts the disclosure of personal information contained in the records of state motor vehicle departments (DMVs). Under the DPPA, businesses are generally prohibited from disclosing or using personal information obtained from a motor vehicle record, except for certain permitted uses, which include business, government, and individual use.

The Fair and Accurate Credit Transactions Act (FACTA)

FACTA is a federal law that amends the Fair Credit Reporting Act. It is designed to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, and make improvements in the use of, and consumer access to, credit information. Under FACTA, businesses are prohibited from printing more than the last five digits of a card number or the expiration date upon any receipt provided to the cardholder.

Best Practices for ID Scanning in Hotels

While there are no specific laws in Massachusetts governing ID scanning, hotels should still follow best practices to protect customer privacy and prevent identity theft. These include:

  • Only scan IDs for legitimate business purposes, such as verifying a guest’s age or identity.
  • Do not retain more information than necessary.
  • Securely store any information you do retain to prevent unauthorized access.
  • Provide clear notice to guests that you will be scanning their ID and how the information will be used and stored.

Please note that this information is intended to provide a general overview and does not constitute legal advice. Always consult with a legal professional for advice specific to your situation

Massachusetts Anti-Trafficking Network

Our Fight Against Human Trafficking

Massachusetts AG

Massachusetts Attorney General Fight Human Trafficking


Training material for human trafficking awareness


Massachusetts's fight against human trafficking

Knowledge Base

Frequently Asked Questions

Yes, hotels in Massachusetts can scan IDs for legitimate business purposes, such as verifying a guest's age or identity.


Hotels should only retain the minimum amount of information necessary for their business purpose. This typically includes the guest's name and date of birth, Address, driver's license number, etc.

Yes, but only with the guest's consent and in compliance with federal laws such as the Fair Credit Reporting Act and the Fair and Accurate Credit Transactions Act.

Generally, hotels should not share the information obtained from an ID scan with third parties, unless required by law or for a legitimate business purpose.


Hotels should securely store any information they retain from an ID scan to prevent unauthorized access. This includes both physical security measures, such as storing records in a locked room or cabinet, and technical security measures, such as using encryption and secure databases.


If a hotel suspects that a guest's ID is fake, they should refuse service and may want to report the incident to local law enforcement.