ST. PAUL, Minn. (AP) - Minnesota lawmakers entered final negotiations Wednesday on a bill intended to stop public employees from snooping in citizens’ private data.
The potential for abuse of government-held databases was highlighted when a Department of Natural Resources employee was accused of improper driver’s license lookups some 19,000 times over several years. In other cases, local governments were sued by citizens over improper lookups.
Members of a House-Senate conference committee face the task of creating a comprehensive but fair law is complex.
Issues that came up during the discussion included the dangers of releasing the names of public employees just doing their jobs when viewing private citizen data; developing reliable methods of tracking workers who inappropriately look up personal data; and enforcing the new law.
The bill’s current language requires identifying government employees who access private data, even when it’s for a legitimate purpose.
Rep. Debra Hilstrom, DFL-Brooklyn Center, cautioned against releasing the names of any and all government employees who access personal data as part of their jobs. As an example, she cited the potential for harm from people involved in child support or child abuse cases who might want to lash out at someone.
Sen. Warren Limmer, R-Maple Grove, cautioned his colleagues from coming up with “a black and white yes or no” for all situations.
“An individual should have the right to know who’s digging into his personal record,” Limmer said, particularly if the person who’s digging has “less virtuous” motives. Disgruntled employees or even criminal elements could be involved, he said.
Patrick Hynes, a lobbyist and counsel for the League of Minnesota Cities, warned of another potential problem: Some smaller locales may not be able to track who is looking into the data they hold.
“A city of 300 doesn’t have a sophisticated database that allows them to track a person accessing private data,” Hynes said in an interview after the committee conference. “I’m not sure how long each community would take to get to a place where their databases could be audited.”
Don Gemberling, who handled questions of access to government data while with the Department of Administration and now works as a data privacy consultant, testified that state law has required governments to be able to track data for years. And if they can’t, he said, “How are you going to know if they are breaching data?”
“I’m always troubled when people say they haven’t got a system to track it,” Gemberling said. He said enforcement of the law should be stepped up, with specific consequences for violating it.
One option in the bill is publicly naming the guilty person on a government website.
Government officials would also have to notify the person whose data was improperly viewed and allow that person to request a copy of the resulting investigative report by mail or email. The report would describe the data that was breached, but other required details - the number of people affected, the identity of the person responsible, any disciplinary action - haven’t been settled.
The conference committee met for one hour on Wednesday before adjourning with work incomplete. It wasn’t clear if they would reconvene later in the day.
The DNR case involved John Hunt, 49, an enforcement manager who was sentenced to two years of probation earlier this month after entering an Alford plea to charges of misconduct of a public officer, unauthorized computer access and unlawful use of private data. An Alford plea allows the accused to maintain innocence but concedes enough evidence likely exists to convict.
In another Minnesota case, Minneapolis Assistant Attorney Paula Kruchowski settled with the city in December for $32,500 after more than 100 police officers improperly viewed her driver’s license file. And in 2012, the city agreed to pay $392,000 last year to settle claims by a former police officer who alleged that more than 140 officers improperly looked at her private data.
Please read our comment policy before commenting.