Holberg and Dibble Move Bill to Strengthen Penalties for State Data Privacy Violations
ST. PAUL – State Representative Mary Liz Holberg (R-Lakeville) and Sen. Scott Dibble (DFL-Minneapolis) today announced they will introduce legislation requiring more security safeguards and increasing penalties for data privacy violations occurring at various state and local agencies, most recently at the Department of Natural Resources. The bill will call for harsher penalties for government employees that improperly access addresses, photos and other data through state databases, including the Minnesota driver’s license database. Additionally, it would require agencies where such violations occur to publish the content of their investigations into such incidents online and make requests for information by the public easier.
“We’ve seen one egregious violation after another from the misuse of private information by state and local employees which puts the public at risk and undermines the integrity of our state institutions,” Holberg said. “Minnesotans deserve peace of mind and accountability from the institutions we trust to protect our personal records.”
“These violations cut right to the heart of broadly shared values of personal privacy; the trust we place in our public safety services has been severely tested,” Sen. Dibble added. “We need to fully understand why these violations have been allowed to happen and enact strong measures to respond to and prevent future occurrences.”
According to a Star-Tribune article last fall, at least 160 employees have improperly accessed the driver’s license database that the Department of Public Safety (DPS) is aware of . DPS has reported that state law prevents them from revealing the names of employees that access personal data for reasons other than official business. In many cases across agencies, these employees face only minor penalties or continue working after a very short suspension, if any. Holberg cited several major violations in the last few years, including one which led to large financial settlements that cost taxpayers millions.
“Former St. Paul police officer Anne Rasmusson’s information was improperly accessed nearly 600 times by over 100 law enforcement employees across dozens of agencies and police departments and the public is still paying the price today,” Holberg said. “This is one of several cases still not settled which has shaken public confidence in those we hold to a higher standard.”
In the Rasmusson case, several police departments have so far paid the defendant over $1 million in damages. Other cases have also stained the reputation of state information protection practices, including:
• Improper access by a DNR employee of DVS records for 5000 residents, including many members of the media
• Two former Minneapolis city employees (Deegan and Karney) have been charged with using a state database over several years improperly. Deegan’s attorney told the media, “Over 40 city employees have done the same thing and have not been charged.”
• Hennepin County Sheriff Rich Stanek learned last summer that his personal records had been accessed without permission or legitimate purposes
• In 2008, hundreds of people had their information improperly pulled by two DPS employees – the very department tasked with protecting this information
“Citizens deserve more than an apology letter in the mail every time state government fails to protect their private information,” Holberg concluded. “Every individual has the right to easy access to a report on who has been viewing their data and the reason why, especially since we know such breaches are common practice.”
Rep. Holberg and Sen. Dibble called on the Dayton administration’s Office of Enterprise Technology to review their training practices for state employees with access to private databases and ensure these data systems have controls that flag misuse by users.
footnote: (1) Misuse of Minnesota drivers’ records is relatively common
Article by: ERIC ROPER, Star Tribune
Updated: October 14, 2012 – 9:37 PM