The Office of the Legislative Auditor's report exposed weaknesses in how police agencies manage access to statewide databases and highlighted recent abuse of such databases by government employees.
Eighty-eight law enforcement officials improperly looked up Minnesotans' driver's license information in the last year, according to a statewide audit Wednesday that called for tighter controls on such databases.
The Office of the Legislative Auditor's report exposed weaknesses in how police agencies manage access to statewide databases and highlighted recent abuse of such databases by government employees. The audit calls for tightening employee's access to databases; increasing training for anyone who has access; and better monitoring lookups to catch abuse earlier.
The audit also said the Department of Public Safety should develop a written policy for punishing employees for abuse — they currently can be punished by the state, their local law enforcement agency or both. Of the 88 employees caught abusing driver's license data, the audit found that the state suspended 28 employees — from 15 days to indefinitely — and two were fired by their agencies. The state sent 44 employees a letter.
On the whole, Legislative Auditor Jim Nobles said DPS does a reasonable job managing access to the state's databases. It's a matter of balancing law enforcement's need to access sensitive information to do their jobs while protecting personal privacy, he said.
"This is not going to be an easy challenge to meet," Nobles said. "They have things they need to do."
The Legislature directed the legislative auditor last year to look at law enforcement's use of the driver's license database. The auditor also looked at the Criminal Incident-Based Reporting System (CIBRS), a statewide crime database that about 150 law enforcement agencies across the state contribute to and share.
Among the other problems the audit highlighted:
—About 20 employees continued to access the driver's license database after they were no longer employed.
—DPS only required citizen law enforcement users — not sworn officers — to be trained in order to access the driver's license database.
—Twelve of the 62 employees who used CIBRS last year did so for work-related purposes that were not allowed by law, like background and gun permit checks.
Carrie Meyerhoff, the audit's evaluation manager, said the audit also deemed 79 law enforcement users "very suspicious" for accessing the database more than 500 times in a month, or if 70-plus percent of their requests were for one gender. The auditor forwarded those names to the state's Driver and Vehicle Services, which will determine if there was any wrongdoing, Meyerhoff said.
Commissioner Mona Dohman said the Department of Public Safety has already set up online training for all employees given access to the driver's license information. They're also working on a system to track patterns of access in the database.
She said she and her department have been talking about ways to cut down on database abuse almost every day since she took office in early 2011.
"Our work with this issue will probably never be done," she said.
Just last month, a Department of Natural Resources employee was found to have accessed driver's license data belonging to thousands of Minnesotans, 90 percent of whom were women. The employee, John Hunt, was fired and is facing misdemeanor charges. Minneapolis, St. Paul and more than 10 other municipalities have paid out $1 million combined in settlements to a former area police officer who accused other officers of improperly accessing her driver's license information.
Rep. Mary Liz Holberg, a Lakeville Republican and frequent author of data practices issues, said those cases may be what forces law enforcement to "get some culture change" in how it handles data use. She and Sen. Scott Dibble, DFL-Minneapolis, unveiled a bill last month that would increase the penalty for inappropriately accessing state databases from a misdemeanor to a gross misdemeanor.
Nobles said the solution is a mix of preventive measures, like more training and better oversight, and strict punishment.
"It's sad to say ... but when the public and public employees see the serious consequences that can occur, it is a deterrent."