Last year a former St. Paul cop received more than $1 million in settlements after other officers improperly looked up her driver's license information — one of the first local payouts of its kind.

That case sparked a flood of similar complaints. Now there are hundreds of such claims pending across the state with the potential to cost taxpayers millions more.

A League of Minnesota Insurance Trust attorney says it now has 35 potential claimants with 441 claims against 150 of its member cities. Eleven of them have filed suits. A recent Star Tribune news story reported that about 18 suits are moving through federal courts. The story also noted that St. Paul is named in six of those suits and has received 16 notices of claim (an alert that often precedes a suit) seeking $3.5 million in damages.

Already the allegations are costing governments across the state thousands of dollars — just to accept, process and research the lookups. That's before any of them actually make it to court. And more of the complaints are being filed every day — actions that could cost local governments and taxpayers millions of dollars.

Clearly, better legal guidance is needed to protect citizen information, allow public employees to do their jobs and avoid handing out big checks, especially in cases in which there is no evidence of damage to the individuals targeted.

Local governments are in this situation largely because of the Driver's Privacy Protection Act, a federal law passed in 1994 after an actress was murdered by a stalker who located her using driver records. The law outlines permissible uses of the data and provides for at least $2,500 in damages for each incident in which driver's license information is accessed for other than a permitted use.

The act was based on a reasonable premise: Government requires people to give their name, address, height, weight, age, eye color and a photo to the state to get a driver's license, and it shouldn't provide that information to just anyone.

Trouble is, in the Minnesota cases most of those who accessed the files were public employees — mostly from law enforcement — who frequently look up such information in the course of their work.

And even when it is clear that accessing the information is not work-related, questions remain about whether simply viewing driver's license information violates federal law. Congress should clarify those rules, including reviewing provisions on per-incident damage amounts. In addition, we hope the courts that consider the pending cases will make any damage awards reflect the harm done.

State lawmakers should also consider further data privacy reforms. Minnesota's data practices rules laws were adopted long before data was available so quickly and easily. Updating the legislative language and the interpretation of the law, particularly how to determine injury and damages, is overdue.

Technology now allows officers to access almost any information, 24/7, from their squads or phones. That's how so many of them got into trouble; they inappropriately used the access as if it they were on Facebook.

That's exactly what happened in the million-dollar-plus case. Former St. Paul police officer Anne Marie Rasmusson received that hefty settlement after 140 or more police employees from a dozen departments looked up her information. Gossip among offers spread about how her looks had changed after weight loss, and they were curious about her photograph.

Another incident last year involved a Department of Natural Resources employee who made 11,000 personal data queries — 90 percent of them about women.

Following the Rasmusson case and others, many law enforcement and other public agencies are doing better employee training on accessing driver's license data. And to help local governments better protect citizen information, the DVS is now keeping track of files that receive large numbers of inquiries.

These incidents have already cost taxpayers too much. Going forward, it's imperative that the state balance access to information for legitimate reasons with protecting citizen privacy.