State lawmakers and a public data expert on Wednesday said the Minnesota Department of Natural Resources should release the name of the employee who improperly accessed driver's license data on 5,000 individuals.
"I don't understand why the individual's name hasn't been released," said Rep. Mary Liz Holberg, R-Lakeville, speaking at a news conference where she and Sen. Scott Dibble, DFL-Minneapolis, announced legislation that would make government employees face harsher penalties for improperly accessing Minnesotans' personal data.
Don Gemberling, an expert on the state Data Practices Act, said state law allows the public access to information about complaints against state employees. He also said the name should be revealed.
The DNR announced last week that the employee who accessed the records no longer works for the agency. A criminal investigation into the incident is being reviewed by the Duluth City Attorney's Office.
DNR spokesman Chris Niskanen said officials did not plan to release any more information about the investigation on Wednesday, but he said more details would be forthcoming.
"We will release more information about the situation when we get to final disposition of the employee and we're working toward that right now," Niskanen said. "We're taking this very seriously."
Under Holberg and Dibble's legislation, public employees could be charged with a gross misdemeanor for unauthorized access of more than one record or for accessing one person's records on multiple occasions. The bill would also require agencies where data violations occur to make the findings of their internal investigations public.
"We're just really frustrated that this is continuing to happen," Holberg said.
Besides the DNR case, a former St. Paul police officer sued last year after her driver's license records were accessed hundreds of times by law enforcement officials who had no legal reason to access them. Several cities paid over $1 million to settle the lawsuit filed by Anne Marie Rasmusson.
The cases have involved driver and motor vehicle data, which includes addresses, birth dates, photos and driving records. Holberg and Dibble said their bill would apply to other sensitive data as well.
"We really are trying to solve the problem," Dibble said. "Making sure there are adequate management systems in place, we're using adequate technology, we have an adequate response system when these occurrences occur, that the public is fully informed, that there are sanctions, ideally with the goal of preventing these from happening again in the future."
Reps. Sarah Anderson, R-Plymouth, and Peggy Scott, R-Andover, said they were among those who received letters from the DNR saying their personal data had been accessed.
"It really is concerning to me that this information is being accessed by people," Anderson said. "I think there's a lot more we could do to regain the confidence of citizens of the state of Minnesota."
The lawsuit settlement involving Rasmusson requires the Department of Public Safety to more tightly monitor its driver and motor vehicle databases, said Larry Fett, an attorney with Sapientia Law Group, which represented her.
Officials will conduct monthly checks of the people who use the database regularly, he said. In addition, officials will determine whether the information of individuals who are frequent targets of look-ups by government employees are being targeted properly, he said.
Fett said he hopes stiffer penalties will help prevent such incidents.
"I'm excited to see that there's some attention being paid to this because we believe from the case we had with Ms. Rasmusson that this was widespread, pervasive, known to supervisors and basically blithely ignored," he said. "So by putting harsher penalties I think it does send a message that it's not going to be tolerated anymore."