Last week, Twin Cities television anchor/reporter Jessica Miles filed a federal lawsuit alleging that her driver’s license information was illegally searched about 1,380 times and her husband’s 92 times. At the federal set amount of $2,500 per incident, the damages could amount to $3.5 million.
And earlier this month, 18 Minnesota residents and former residents alleged that dozens of public employees had looked up driver’s license data because the citizens had been critical of Wabasha County. They claim that public officials have accessed their private data for political reasons more than 600 times since 2003. That case could generate $1 million-plus in damages.
The plaintiffs are among dozens of people who have sued a number of local and state government agencies in the past year after obtaining information from the Department of Public Safety that public employees had illegally accessed their private records.
As the number of cases has grown, this page has called for clarification in federal and state rules to better balance privacy concerns with reasonable damages to avoid huge government payouts. Bottom line: Damage amounts per incident should better reflect the harm done.
Any changes should include placing more of the liability on individual offenders, rather than on their government employers. Incidents of illegal data snooping would drop dramatically if the people who broke the law had to pay the penalty.
Local governments are subject to these suits largely because of the Driver’s Privacy Protection Act (DPPA), a federal law passed in 1994 after an actress was murdered by a stalker who used public data to find her. The law outlines permissible uses of the data and provides for at least $2,500 in damages for each improper lookup.
The act grew out of the sensible notion that government should release the information states require for a driver’s license — name, address, height, weight, age, eye color and a photo — for legitimate reasons only.
Complicating the matter, though, is that the Minnesota cases involve government workers — many from law enforcement — who frequently look up such information in the course of their work.
The rash of lawsuits came after former St. Paul police officer Anne Marie Rasmusson received more than $1 million in settlements after 140 or more police employees looked up her photograph following gossip about how her looks had changed due to weight loss.
In a welcome decision last week, a federal judge dismissed a series of class-action claims against the state relating to a former Department of Natural Resources employee who allegedly snooped into thousands of driver’s license records.
The former DNR manager was accused of accessing driver’s license records 19,000 times — often while he was off-duty. The suits were brought on behalf of the 5,000 people, many of them women, who received data breach letters because of his actions.
On Friday, District Judge Joan Ericksen granted a motion by Attorney General Lori Swanson’s office to dismiss the cases, which could have exposed the state to millions of dollars in damages. The judge wrote that the state could not be held liable for the employee’s action because there was no evidence that the state agency “knowingly gave” him database access “for a purpose not permitted” by the DPPA.
The order also cited other federal court decisions saying that there is no constitutional right to privacy for motor vehicle record information.
It is downright creepy to learn that your personal information has been accessed hundreds of times — and mostly by the same person. That’s why it’s appropriate that the personal liability case continues against the DNR employee.
Ultimately, that is where the blame lies — with the individual offender. Government employers should make it clear that improper information tampering can cause termination. And employees who treat government data as if it were something on Facebook should face consequences.