Minn. governor offers data privacy proposals

The proposed changes would protect personal data in public records.

Minnesota’s governor wants to restrict access to the state’s public records to prevent identity theft, but several privacy experts think that’s a bad idea.

Gov. Tim Pawlenty introduced several proposals March 2 designed to improve personal data protection and stem the rising tide of identity theft. They include making driver’s license data private, limiting the use of Social Security numbers (SSNs) as identifiers and protecting phone records.

Pawlenty also wants to reform the way state agencies handle and maintain personal data. Under the current Minnesota Data Practices Act, government information is publicly accessible unless a specific law or statute designates it as private.

“That’s backwards,” Pawlenty said in a statement. “We need to start with the obligation of government to protect all citizens and [the idea] that all personal information that government has about individuals is private. It is time for a change.”

Pawlenty has ordered the Department of Administration to conduct a review of the act and introduce a bill to reform it.

The governor has the right intentions, said Jim Harper, director of information policy studies at the Cato Institute, a think tank based in Washington, D.C. But blocking access to government records is not necessarily the answer, he added. The best solution, Harper said, would be to reduce the amount of personal data the government collects.

“Many agencies overcollect,” Harper said. “They constantly collect more information than they need, [and] they keep it longer than they need to.”

Beth Givens, founder and director of the San Diego-based Privacy Rights Clearinghouse, said governments can deter identity theft without tinkering with state public records acts. Givens added that if Pawlenty is serious about promoting personal data privacy, he should consider provisions such as a mandatory freeze on credit reports to protect victims of identity theft.

“If an impostor gets your information, like your SSN, goes into Circuit City and attempts to open up a new account, when Circuit City checks your credit, they can’t get access and therefore can’t give credit to the crook,” Givens said. Credit freezes can quite effectively minimize the harm from personal information theft, she said.

Many states have begun limiting access to SSNs and other personal information in public records, said Pam Greenberg, program principal of the National Conference of State Legislatures. At least three states are conducting comprehensive reviews of issues related to public records and privacy, she added.

Chuck Samuelson, executive director of the American Civil Liberties Union of Minnesota, said Pawlenty is using privacy as a campaign issue. The governor is running for re-election in November. Although the privacy issue merits serious debate, Samuelson said, the governor’s proposals could be politically motivated.

Samuelson said the ACLU has been pushing government not to broadcast personal data by posting it on the Web. “If you want what is public data, our thought is you should go to the police station and to the government office and request the data and get the data,” he said.

“When you put it on the [Internet], you’re broadcasting it effectively, and it’s available to anyone in the world,” Samuelson said. “Any time you do that, you’re lowering your security in order to make it more accessible for your own legitimate purposes.”

A phone call to the governor’s communications department seeking comment was not returned.

**********

How one governor plans to put up a firewall

Under Minnesota Gov. Tim Pawlenty’s proposals to improve personal data protection, the state would:

  • Make driver’s license and motor vehicle data accessible only for certain reasons, such as public health and safety. Pawlenty directed the state’s Public Safety Department to immediately request a temporary classification from the Department of Administration to make such data private.

  • Make it illegal for unauthorized people to obtain, sell, disclose or receive private telecommunications records. The proposal would establish security standards and reporting requirements for telecom providers.

  • Limit businesses’ use of Social Security numbers as identifiers. The proposals would also require companies to limit access to individual SSNs and prohibit their sale and disclosure.

  • Reform the state’s public records act by designating all personal data held by government agencies as private.
  • — Dibya Sarkar