Search


  • Categories


  • Archives

    « Home

    Star Tribune: Bill seeks more penalties for data breaches

    The Star Tribune reports on a push by some legislators in Minnesota to impose stronger penalties on government employees who misuse or abuse their access powers to invade the privacy of individuals:

    After some high-profile breaches, legislators want to impose harsher penalties on public employees who peek at private data and force local governments to disclose more about such incidents when they occur.

    At a Wednesday news conference, a DFLer and Republican joined forces on the bill, one week after the state Department of Natural Resources revealed that an employee had improperly looked at thousands of drivers license records over several years, including some politicians and journalists who later came forward — most of them female.

    In pursuing new data breach laws, bill sponsors cited a Star Tribune investigation showing that drivers license records are often misused in Minnesota.

    “The time is ripe,” said Rep. Mary Liz Holberg, R-Lakeville, the bill’s House sponsor. […]

    The bill would have broad implications for breaches of all government databases, but is aimed particularly at misuse of driver and vehicle services (DVS) data. That database, which is protected under state and federal law, contains photographs, addresses and driving records of Minnesotans who have a license.

    A Star Tribune analysis of state records last fall showed that 160 individuals, mostly in government agencies, improperly used the DVS database over two years. Discipline ranged from reprimands to termination; criminal charges were rare. […]

    The legislation would make it a gross misdemeanor if a public employee inappropriately accessed private data on more than one person, or on one person repeatedly, currently a misdemeanor. It also clarifies that “intent to cause harm” is not a factor in determining if misuse has occurred.

    Local governments discovering misuse would have to send out data breach letters — now only mandated for state agencies — and publish a full report of their investigation online. Holberg said the goal is to change the “culture” in government offices, particularly since she heard that the unnamed DNR employee was a “really nice person” whose colleagues were making similar lookups. […]

    The bill introduction precedes a much-anticipated report from the state’s legislative auditor, which is expected to focus partly on the DVS database. That report is due in early February and could affect the proposal.

    Leave a Reply