Law enforcement officers looked up more than 1.4 million driver's license records last year, yet Minnesota does little monitoring of the records searches to ensure the database isn't being misused, the state Legislative Auditor said Wednesday.
The report found that 88 law enforcement employees accessed the data for non-work purposes or work purposes not allowed by state law. It recommends better training for users of Minnesota's driver and motor vehicle databases on appropriate use of the information. It also said the state should strengthen controls and that law enforcement agencies should audit their employees' use of the data.
"This is a concern that state government and local governments must take seriously and address quickly and responsively," Legislative Auditor James Nobles said. "It is fast eroding people's trust in government's willingness and ability to protect personal privacy."
The report comes a month after the Minnesota Department of Natural Resources revealed an enforcement division employee accessed the driver's license database thousands of times during off-duty hours. The employee, John Hunt, was fired and now faces criminal charges, as well as several data privacy lawsuits.
Nobles said the consequences of not properly monitoring the database could be costly for the state. Dozens of people whose data was accessed by Hunt have already filed lawsuits seeking damage awards.
The driver's license database includes information such as dates of birth, physical descriptions, addresses and photos. More than 11,000 law enforcement personnel accessed the data during fiscal year 2012, the report said. Those police officers and other employees are authorized to use the information to investigate crimes and protect public safety, but they are not allowed to look up someone out of curiosity.
The auditor's report said inappropriate searches of the driver's license database among law enforcement could be widespread. Auditors looked at certain questionable searches and flagged more than half of the law enforcement users of the database. The questionable searches included when an employee looked up him or herself or a family member, or when a disproportionate number of the employee's searches were for men or women. In Hunt's case, investigators have said 90 percent of his searches were for women.
"We did not follow up on these to confirm whether misuse was occurring or not. This was just to give us a sense that it's not just a few people or a couple agencies, but that there might be a bigger issue to address," evaluation manager Carrie Meyerhoff told lawmakers at a State Capitol hearing on Wednesday.
Meyerhoff and Nobles said it is time consuming to determine whether someone is using the database appropriately, saying that local agencies would know best whether their employees' searches were legitimate. But they said better monitoring needs to happen and that regular audits could help signal to law enforcement employees that they're being watched.
Lawmakers who attended the hearing expressed concerns about the report's findings and asked the Department of Public Safety to follow up. The agency's commissioner, Mona Dohman, said changes are already being made. Dohman said her department is working with law enforcement chiefs on training and policies surrounding proper use of the data. The Bureau of Criminal Apprehension is also working on an audit tool to monitor use of the data, she said.
In addition, she said, the law enforcement community is taking concerns about privacy seriously and holding employees accountable.
"It's a topic of constant conversation about the importance of using this data appropriately," Dohman said. "This is looked at differently than it probably was in the past."
A bill introduced in the Legislature this session would place stiffer penalties on public employees who misuse the database. A hearing on that bill is expected next week.
Rep. Rick Hansen, DFL-South St. Paul, said he and other lawmakers have heard from constituents whose data was accessed in the DNR case.
"Many of them feel violated," he said. "We can't have this continuing. We put trust into people to make sure that the data we hand over is handled properly."