Feb 052013
 February 5, 2013  Posted by  Breaches, U.S.

Eric Roper reports:

Attorneys for a former police officer whose driver’s license data was repeatedly breached said Tuesday that the state has agreed to conduct better audits and impose more safeguards of the often-misused drivers license database.

The legal settlement between Anne Marie Rasmusson and the Department of Public Safety is one of the last dominos to fall in a lawsuit that has cost local governments across the state more than $1 million. Rasmusson’s success in the case has prompted a slew of class action lawsuits related to other incidents of driver’s license data misuse.

Good for her for trying to leave the system in better shape to protect others from what she experienced. Roper reports:

Among stipulations of Rasmusson’s settlement, according to Miller-Van Oort: The state will perform monthly audits of top search targets, rather than merely most active users, to identify anomalies.

They must also audit the top 50 most-active users and perform randomized audits, Miller-Van Oort said. Gordon said the department began monthly auditing of the top 50 users last year and initiated randomized audits in January.

A modified login screen will present new information about permissible uses and require users to confirm that they have a legitimate search purpose. The settlement also requires the state to augment data training.

It’s a shame it took a lawsuit to get them to agree to enhance data protection. What I don’t see listed in the news report, however, is whether/how the state will actually limit access to the database and not just audit access after the fact.

Read more on the Star Tribune

Sorry, the comment form is closed at this time.