Last June I wrote about a police officer whose driver's license record was repeatedly accessed by a state-run database without proper authorization. She is an attractive woman and her fellow officers were treating her record like a Facebook page. She was stalked, harassed and eventually forced to leave town.
Details of a tentative settlement have recently been reported, and Minnesota is now realizing that - in addition to the emotional stress suffered by victims of these kinds of abuse - there are serious financial costs to weak privacy protections.
The officer sued a number of Minnesota cities and counties as well as the Department of Public Safety (DPS). A recent article in Bloomberg's Privacy Law Watch (behind a pay wall) reported that thus far, the tentative settlement in the dispute would cost the defending jurisdictions over $1 million . St. Paul, alone, has agreed to pay a hefty $385,000.
The settlement also requires strict privacy safeguards to assure future database searches have legitimate law-enforcement purposes. Searches will be audited every month with a focus on the top 50 law enforcement users, as well as the top 25 targets, to determine if the searches were performed for legitimate law-enforcement purposes. Check boxes will also be required to pop up on video screens whenever the license database is accessed making officers verify that they are using the database for approved purposes.
This case should serve as a stark warning to other states. While government databases are necessary, their administration can't be taken lightly and personal information must be strongly protected. Minnesota's new rules are a good first step; but for many databases, the best protections come from tight data retention rules. Only data that is absolutely necessary should be collected, and the information should be held only as long as necessary. If Minnesota had proper protections in place from the start, these costs may have been avoided.