Data privacy in Minnesota

cyber_sign.jpg“Minnesotans should not have to worry about government sharing their personal data without their consent,” Governor Tim Pawlenty said in announcing a series of legislative initiatives nearly two years ago to tighten data security in the state.

This afternoon Public Safety Commissioner Michael Campion (below) announced that two DPS customer service reps have been suspended after an investigation into the unauthorized use of the state driver’s license database.

From their homes they accessed the records of some prominent Minnesotans. Four hundred people will get letters from the DPS explaining the situation. Campion wouldn’t say whose records were sought but said they were viewed, but not downloaded. Asked why customer service reps would need access to the database during off-hours, Campion noted that “lots of people” — including some journalists (none at MPR) — have access, although he said he couldn’t name a reason why these two needed access.

He said there was no evidence the employees intended to steal identities or use the material for criminal use.

(audio and a list of data practices transgressions in Minnesota below the fold)

The sign above is posted in the DPS lobby.

Highlights of Campion’s news conference (these are all MP3s):

* He personally contacted some of the bigger names involved.

* What information was retrieved?

* How was the information accessed?

* Why would employees need access to the database from their homes?

Among recent data privacy incidents reported by state officials:

December 2007 – The state Commerce Department reported a vendor’s laptop with Social Security information of a few hundred Minnesota residents was stolen.

July 2007 – A University of Minnesota owned laptop with identity information on students is stolen from a car in California.

August 2006 – Two computers were stolen from an Institute of Technology employee at the University of Minnesota. Included were identities of 13, 084 students between 1992-2006, including the Social Security numbers of 603 of them.

June 2006 – A server backup tape contained Social Security numbers and other information for 2,400 Minnesota taxpayers and identifying information on 48,000 businesses was lost. The tape was sent in a package along with three checks totaling $2,400 and some interoffice correspondence. The package was delivered two months later.

December 2005 — Legislative Auditor James Nobles warns officials that the state’s most important computers remain vulnerable. A member of his staff says many state workers can view private information that is not required to perform their jobs.

April 2005 – A legislative auditor’s report concluded that hackers could get into the Department of Public Safety’s license tab renewal system and steal consumers’ private data. State officials shut down the Web site.

These incidents are on top of the gaffes by private organizations here who have your data:

November 2007 – A laptop with about 268,000 names and Social Security numbers was stolen from a blood bank.

May 2006 – Medicare drug benefit applications from Minnesotans and North Dakotans were stolen from an insurance agent’s unlocked car in Brooklyn Park. Information included applicants’ name, address, date of birth, Social Security number, and bank routing information, according to the Privacy Rights Clearing House.


Comments are closed.