Lawsuits, auditor’s report spur alarm about data misuse.
Ten federal lawsuits in about a year. A million-dollar-plus settlement using state taxpayers’ money, with more expensive litigation and settlements to come.
That’s the sorry state of affairs in Minnesota because some public employees have treated databases of driver’s license information like they would Facebook, recreationally accessing the info to peruse personal photos, height, weight, addresses and driving records of friends, family, politicians, journalists or local celebrities.
The latest example came this week when a Lakeville woman went public with the details of her lawsuit and claims for financial damages. Hilary DeVary, a private investigator, claims that her driver’s license data file has been queried 166 times in the past 10 years.
Her disturbing case follows the recent release of a report from the Office of the Legislative Auditor, which concluded that “a significant proportion of law enforcement users may have accessed driver’s license data for inappropriate uses.’’
The past year also brought disclosure that a Department of Natural Resources employee made a downright creepy 11,000 personal data queries while off duty — and 90 percent involved women. Former St. Paul police officer Anne Marie Rasmusson also recently obtained a $1 million-plus settlement after 140 or more law enforcement members queried information on her.
The disproportionate targeting of women in anecdotal reports is chilling. Those who scoff at whether this data misuse actually “damages” people badly underestimate the loss of personal security. The financial damages also will help rein in misuse, though the methods used to calculate damages, particularly in the Rasmusson case, raise serious questions.
How much these abuses will cost taxpayers is uncertain, and the number of lawyers now gearing up for windfalls at taxpayer expense adds to the financial alarm. But the intangible damage may be far greater.
Minnesota is a state long known for good governance. Its reputation has been permanently tarnished as these high-profile cases have made the state a national hotbed for public data misuse. The public’s trust in government has been further undermined at a time when that confidence badly needs shoring up.
Law enforcement has also raised needless questions about improper use of data at a time when this information plays an increasingly important and legitimate role in investigations that can save lives.
It remains unclear if this type of misuse occurs more often in Minnesota, or if we’re simply better at detecting it. Nevertheless, that black eye, not to mention the haymaking lawyers, should spur state legislators to act.
Reforms introduced at the Legislature this session are a good start. They would add to the training and auditing of employee data use that is belatedly getting underway. Legislation has been introduced that would deter future abuses by requiring agencies to provide a public explanation for inappropriate data breaches. Whether or not the offending employee’s name should be released should get careful scrutiny. Would providing that name lead to altercations between that employee and the person whose data was accessed inappropriately?
Lawmakers should also seize the opportunity provided by recent events to consider broader reforms. The state’s sprawling data practices laws were conceived decades before personal data was collected by the gigabyte and available in seconds. Through the years, various patchwork fixes and additions have made these laws difficult to work with and interpret.
Modernization, both in legislative language and the law’s implementation, is overdue. As this happens, it’s paramount that Minnesota continue its long tradition of transparency as the digital age unfolds, and ensure that access is preserved for legitimate public purposes, including journalism. An overhaul can’t be done in one crowded legislative session, but work can begin.
It should be noted that many private companies, retailers in particular, maintain extensive data on consumers. Other private entities, such as the media or private investigators like DeVary, may have access to some of the driver’s license database information or to commercial databases containing other public data, such as court records. The misuse flagged in Minnesota should also spur the private sector to make sure precautions are in place to prevent similar abuses.
An editorial of the Star Tribune (Minneapolis).