More than half of Minnesota law enforcement personnel with access to driver’s license data might have used the access inappropriately — looking up friends, family or even themselves, a new report says.
The Legislative Auditor’s office, which released the findings Wednesday, Feb. 20, said agencies need to tighten controls and better train officers using the data.
Misuse of the data, like the recent case of a Department of Natural Resources employee accused of making tens of thousand of inappropriate searches, “is fast eroding people’s trust in government’s willingness and ability to protect a person’s private,” said Legislative Auditor James Nobles in a hearing Wednesday on the report.
The Driver and Vehicle Services data in question includes information like a person’s home address, driving record physical description and photo.
Overall, 53 percent of the 11,000 law enforcement users who had access to the data in fiscal year 2012 made questionable searches, according to the report.
Not all of them were necessarily inappropriate — auditors didn’t track the reason for every search. Instead, they flagged categories of searches that seemed to stretch beyond permissible job duties.
More than a third of users, for instance, searched for their own names. A quarter of them searched for people with their own last names “to a greater extent than one would expect by chance,” possibly to look up themselves family members, according to the report.
Nine percent of users made a disproportionately high number of searches for people of one sex – a prominent issue in recent data breaches.
John Austin Hunt, the former DNR employee who faces criminal charges for his use of the database, looked up women in 94 percent of his searches.
The audit was prompted in part by the case of Anne Marie Rasmusson, a former St. Paul police officer whose data was pulled hundreds of times by fellow officers, many of whom were accused of searching for her to view her photo.
The auditor’s report identified at least 88 specific instances of clear-cut misuse of the database. Those included people looking up friends and co-workers, and high-volume searches for prominent individuals.
The driver’s license information of one murder victim was searched 158 times in a single month by 110 users across 59 agencies, the report said.
More than a dozen people accessed the data using old credentials that were never shut down after the left their jobs — a situation state Sen. Ann Rest, DFL-New Hope, called “inexcusable.”
Rest and other lawmakers at the Legislative Audit Commission Evaluation Subcommittee hearing asked why current audit systems failed to catch potential abusers, such as Hunt, whose alleged activities came to light through other means.
Nobles said many agencies with access to the Driver and Vehicle Services database are looking into software to better analyze use data but that monitoring must be well tailored “so that we are not completely overwhelmed with thousands of data points.”
The ultimate solution, he said, “is that people stop misusing their authority.”
The report recommended better training, more consistent data handling practices and better ways to flag potential issues.
Many agencies have the foundations of good policies in place, the report said, but “privacy and transparency need additional attention.”
At Wednesday’s hearing, Public Safety Commissioner Mona Dohman said her agency is committed “to strengthening our efforts in increased oversight and user training.”
Dohman said changes in the works included mandatory training for all DVS users, faster shut-down of dormant accounts with access to the data, more restricted access to driver’s license photos and more proactive audits.
“Misuse should not and will not be tolerated,” she said.
The best remedy is ethical behavior by officers, Dohman said. It was a sentiment echoed by Rest, who said tougher legislation can only go so far.
“You can’t really put it in a bill — ‘Do your job,'” Rest said.
Rep. Mary Liz Holberg, R-Lakeville, is crafting a bill to toughen penalties for data misuse and require greater transparency.
Holberg, who was at the hearing, said that as upsetting as breaches like the DNR case are, she is in some ways grateful for them “because maybe now we’ll get culture change” on data practices.
Marino Eccher can be reached at 651-228-5421. Follow him at twitter.com/marinoeccher
