Driver’s License Info Accessed by State-Employed Snoops
A recent report confirms that law enforcement employees have been improperly accessing Minnesota’s state driver’s license database, and state lawmakers are reportedly scrambling to put a bill together to address the privacy violations.
Minnesota Moves to Protect Privacy
The report, “Law Enforcement’s Use of State Databases,” was released by the Minnesota Office of the Legislative Auditor on Feb. 20; it examined both the state’s driver’s license database and its Incident-Based Reporting System.
“We found that inadequate controls and insufficient training have contributed to misuse of these databases,” according to the auditor’s office.
Lawsuits have already been filed against one former state employee, John Hunt, who visited the database thousands of times during off-duty hours, according to the Minnesota Department of Natural Resources, looking up information on 5,000 people – 90 percent of them women.
Some of those women are suing Hunt and the DNR, according to Minnesota Public Radio. Hunt worked as the administrative manager of the Enforcement Division for the DNR; he was fired in January and is facing criminal charges.
And Minnesota lawmakers have introduced a bill to specifically deal with the problem of state employees abusing their access privileges to sensitive data: HF183 calls for harsher penalties for government employees who improperly access addresses, photos and other data through state databases, including the Minnesota driver’s license database.
Federal Protection of Driver’s License Info
Hunt was discharged because unauthorized access of the database is a violation of state and federal law, as well as DNR policy and the agency’s standards of behavior, according to the DNR.
Federal law clearly protects the privacy of driver’s license information, says Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse in San Diego.
“The federal Drivers Privacy Protection Act (DPPA) limits disclosure of certain information such as a driver’s photograph, Social Security and driver identification numbers, name and address, and medical information,” Stephens explains.
Penalties for violations of the DPPA – such as making a false statement to get the information – include fines. “A driver can also file a lawsuit for damages against a person who obtains protected information for a purpose that is not permitted under DPPA,” he says.
Stephens says unauthorized access of consumers’ private information is a growing problem. “As online access to data develops, the opportunities for these types of abuses of personal information are increased tremendously,” he notes.
The Privacy Rights Clearinghouse maintains a database of all reported data breaches since 2005. A search reveals that over 600 data breaches occurred at government agencies – both state and federal – just in 2012 and 2013 so far.
The irony of course is that consumers must rely on the government to protect them from the government itself. “It’s often difficult for consumers to protect their information from disclosure,” acknowledges Stephens.
“The best practice is to limit giving out your personal information to others,” he says. “Unfortunately, this can be impossible to do in certain situations. For example, an individual must disclose certain information to obtain a driver’s license.”