Messed up privacy

Maybe I'm missing something here. I did some searching to find out more but wasn't very successful. InformationWeek had an article yesterday by K.C. Jones
Fidelity Bank Fined $50 million
Apparently the state of Florida (probably all states) makes a lot of money from the sale of personally identifiable information. This in itself seems wrong to me. Part of the job of government is to protect the citizens not make money off of their information.

In 1994 Congress passed the Drivers Privacy Protection Act which is supposed to protect us from this very thing. Here is the first portion of the act "In General -- Except as provided in subsection (b), a State department of motor vehicles, and any officer, employee, or contractor, thereof, shall not knowingly disclose or otherwise make available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record."
I'm not going to print "subsection (b)" you can read it here

What I want to know is that if it's illegal for Fidelity to buy the data why isn't it illegal for the State of Florida to sell the information? They didn't sell it directly to Fidelity there was a middle man involved. He bought it from the state for Fidelity. So Fidelity gets fined and the rest of those involved make money. All off you and me.

I don't have the answer to this. It just seems to me that in today's world of identity theft being rampant that we have to do more to protect our personally identifiable data. It shouldn't be for sale to the highest bidder by those who are entrusted to protect us.