ST PAUL, Minn. — Minnesota's legislative auditor says he had to issue a subpoena to get information from the state Department of Public Safety in an investigation of an accidental data release.
Legislative Auditor Jim Nobles said Thursday it was the first subpoena he's had to issue to a state agency in his 35 years as auditor. State law empowers Nobles to issue subpoenas, as part of his reviews of government operations.
"I learned about it from a source, and then when I required I didn't get a response that I should've gotten, and frankly the first time I've ever had to issue a subpoena to a state agency to reply with a data request, " said Nobles.
The data release happened in Minnesota's troubled driver and vehicle licensing system, known as MNLARS, during the waning days of the Gov. Mark Dayton's second term.
The Minn. Department of Public Safety, or DPS, routinely sells vehicle registration information to private companies as bulk data, which is required by law. In this particular case, the data went to Experian, Polk and Safetyfirst Recall.
That batch contained vehicle information for roughly 1,500 Minnesotans who had intentionally opted out of having their data sold.
"These were people who had said, 'I don’t want you to sell my data,' and the new MNLARS system, in transferring that bulk data, transferred some private data."
Nobles said he had waited three weeks for a response from DPS when he finally took the extraordinary step of a formal subpoena.
DPS spokesperson Bruce Gordon said the agency was still in the process of gathering the information the auditor requested when the subpoena was received. Subsequently the auditor received the information he sought.
Driver and Vehicle Services notified all of the affected vehicle owners of the accidental release, and reassured them the data was sent only to those companies, which are required by law to protect that information.
The agency didn't consider the incident to be "data breach" because that would imply a third party hacked into the system to unlawfully obtain private information.
Nobles is in the process of a more comprehensive investigation of what went wrong when the Minnesota Information Technology agency, known as Minn IT, designed the MNLARS system. He said it will be released at the end of January, and will create a stir.