Minnesota law enforcement compromised drivers' personal information
The Minnesota legislative auditor says that dozens of government workers with access to the database of registered drivers within the state misused the system during the last fiscal year and cites 88 specific incidences where employees are alleged to have accessed protected data without proper reasoning. The database includes the name, addresses and driver’s license photo for all registered automobile operators in the state.
“We have a real problem. And we have to face it. And we have to address it,”Legislative Auditor Jim Nobles says, the Star-Tribune reports. “Because this is really eroding people’s confidence [in the] willingness and ability of state government and local government to protect private data.”
According to the newspaper, the names of 78 credentialed personnel have been forwarded to the Driver and Vehicle Services (DVS) for further investigation involving the possible security breach. Additionally, though, the number of particular incidents may be much higher.
Not only did the statewide audit reveal that dozens of people with access to the DVS database conducted improper searches, but the report also alleges that the number of persons guilty of misconduct may have exceeded into the thousands. In addition to those that attempted to track down specific Minnesota drivers, the audit determined that more than half of the 11,000 law enforcement members with access to the database entered either queries for themselves or people with the same last name during the last fiscal year. In other instances, employees were found to have“disproportionately queried records of individuals of one sex or the other.”
Also brought up for discussion in the audit is the question of why over a dozen persons granted access to the DVS website at one time or another were able to submit queries after their privileges were revoked.
“During the 18 months ending June 30, 2012, 13 users conducted queries using access privileges associated with law enforcement agencies that no longer existed,”the report claims.“Over the same time period, three former employees of state law enforcement agencies, as well as four former employees of local law enforcement agencies, accessed the DVS Web site using usernames and passwords that should have been disabled.”
News of the audit comes only weeks after lawmakers in Minnesota debated a proposed legislation that would mandate stricter punishments against public employees who unlawfully access private data.
"I think everybody recognizes that we don't have the proper systems and procedures in place. And those individuals that are doing these things that are obviously illegal have to know we're serious about it,” Rep. Mary Liz Holberg, R-Lakeville, said in supporting the bill.