Provisions stripped from data breach bill
- Blog Post by: Eric Roper
- February 26, 2013 - 8:03 PM
A new version of a bill to curb data breaches emerged at a Senate panel Tuesday missing some key features initially trumpeted by its authors.
The bill was first announced by Rep. Mary Liz Holberg and Sen. Scott Dibble last month in response to a massive breach of drivers license data at the Department of Natural Resources (DNR). It aimed to curb misuse by increasing penalties and transparency when it occurs.
Several provisions were eliminated in the Senate version in response to concerns from city and county associations.
A provision making repeated misuse of data a "gross misdemeanor" was gone, for example, when the bill was presented to the Senate Judiciary Committee Tuesday. Another component, requiring governments to name in a public report employees who misuse data, was scaled back to cover just employees who have been disciplined.
Another section, specifying that "intent to cause harm" is not a factor in determining unauthorized use, was also deleted.
Other provisions remained intact. Local governments -- rather than merely state agencies -- would be required to alert people individually if their data has been breached. The government entities must then post a report online documenting the results of their investigation into the misuse.
The committee took testimony on the bill for nearly two hours, but adjourned before taking action. They will revisit it on Thursday night, along with a another bill regulating license plate readers.
Sen. Julianne Ortmann, R-Chanhassen, introduced an amendment to Dibble's bill which would allow people to learn who has been accessing their data. Currently, the state refuses to tell people which public employees have been peeking into their drivers license files.
Outside of the Legislature, Ortmann works in the office of Sheriff Rich Stanek, who knows his file is being accessed but can't find out who is doing it. The department of public safety similarly denied a request from Star Tribune reporter Randy Furst, whose drivers license file was accessed 16 times over three years.
"All those people that really have lost confidence in the fact that their private data is being maintained privately, they want to have some accountability," said Ortmann, whose data was breached in the DNR case. "And I think we're getting at it here."
Photo: Sen. Scott Dibble reading over the bill Tuesday (Glen Stubbe)
© 2013 Star Tribune