The addresses of some 1,500 people who registered their vehicles with the state were inadvertently provided to three private companies.
Those affected had requested that their information be kept private when they registered their vehicles. But the bulk data were “inadvertently” sent to three companies — Experian, Polk and Safety First, which are authorized to receive it by the state, according to the Minnesota Department of Public Safety (DPS).
DPS Spokesman Bruce Gordon said in an e-mail that “there was no data breach,” and there’s no indication “that private data has been accessed or used unlawfully.”
DPS Driver and Vehicle Services is required by state and federal law to provide motor vehicle information to the companies, which use it for various purposes, including the administration of safety recalls. Names and addresses for Minnesota vehicle records are not considered public data.
Minnesota IT Services has made the necessary changes to the bulk motor vehicle file, removing the records of people who requested that their personal information remain private, Gordon said.
“Making sure that certain data are private is a responsibility we take very seriously,” he added.
The state has notified affected vehicle owners.
Sen. Scott Newman, R-Hutchinson, said in a statement the “illegal sharing” of citizens’ data is “a careless and unacceptable breach of the public trust.”
Newman said DPS did not take full responsibility for the situation and failed to notify legislative bodies. He added that the Senate Transportation Finance and Policy Committee, which he chairs, will hold a hearing on the matter when the Legislature convenes.
“In addition, the committee will also consider legislation to further strengthen our data protection laws,” Newman said.