Minnesota law enforcement personnel misused access to driver's license data.
Minnesota- Eighty-eight law enforcement personnel misused their access to driver’s license records in the last fiscal year, state auditors said Wednesday in a wide-ranging report pushing for better oversight of the database.
The review by the state’s legislative auditor — highly anticipated by legislators and privacy advocates — said officers need better training in allowed uses of the protected data, and local and state agencies should do more to monitor use. Beyond 88 incidents of misuse documented in state records last year, auditors found even more suspicious activity buried in audit trails.
More than half of the 11,000 law enforcement users of the Driver and Vehicle Services (DVS) website in that time frame queried themselves or people with the same last name, for example, or disproportionately searched for people of one sex. Auditors forwarded 78 names to DVS for further review.
“We have a real problem. And we have to face it. And we have to address it,” Legislative Auditor Jim Nobles said. “Because this is really eroding people’s confidence in the willingness and ability of state government and local government to protect private data.”
Auditors said access need not be malicious to constitute misuse. The incidents they documented included one employee searching for a friend’s address, others looking up co-workers and relatives, and several who continued to use their access after they no longer worked there. Attention to one record can also indicate misuse, such as 158 queries auditors discovered on a murder victim by 110 users over the span of a month.
In their findings, auditors said sworn officers are not required to complete training in appropriate use of the DVS website. They recommended that the Department of Public Safety (DPS), which oversees the database, find ways to make permissible use information more widely available, and advised local agencies to require their employees complete DVS training.
The report also recommended that because audits by the DPS largely detect heavy users, rather than suspicious use, local agencies should conduct more proactive monitoring. They suggested the department beef up its abilities to assist local agencies.
The department’s existing audits were not sufficient to catch Hunt, who made about 19,000 queries over nearly five years. Dohman said in an interview that the queries were so spread out that he did not emerge in their monthly review of the top 50 users. Nobles revealed during Wednesday’s presentation that a note left on a colleague’s vehicle actually prompted the investigation that uncovered Hunt’s DVS queries.
http://www.startribune.com/local/minneapolis/192090631.html?refer=y