by State Sen. Sean Nienow
As many of you are likely aware, I have given significant attention in the last few years to public policies that involve issues relating to data privacy and individual rights. From drones to internet passwords, from health care to Second Amendment protections, my commitment has been protecting your rights to control your life and pursue your goals free of intrusion by government.
Nove. 1 marked the one month anniversary of the launch of MNsure, Minnesota’s version of President Obama’s health care law. MNsure’s first month was a bumpy start, at best, and many problems remain to be worked out.
On Nov. 7, the Office of Legislative Auditor released a report entitled: MNsure: An Unauthorized Disclosure of Private Data. This report was the result of an internal investigation into the unauthorized disclosure of personal data, including Social Security numbers, of approximately 1500 insurance brokers. This breach, in and of itself, may have been an unintentional error, however, the Legislative Auditor had serious criticism for MNsure. MNsure has the daunting responsibility of safeguarding the private health and personal data of Minnesota residents. It is imperative that they heed the warnings of the Legislative Auditor and others in implementing highly secure data practices.
The importance of this issue cannot be understated. Here is what the Legislative Auditor said in his final comments on the MNsure data breach:
“MNsure officials have portrayed the unauthorized disclosure of private data as an isolated mistake by an individual employee. In a meeting of the MNsure Legislative Oversight Committee on September 24, 2013, the MNsure board chair said: We did our internal investigation [and] we saw no systemic issues … It’s an HR issue; it’s been addressed, and we’re moving on”
That version of what happened overlooks a series of significant decisions made, not by the employee who inadvertently disclosed private data, but by others at MNsure. For example, it was others at MNsure, not the employee, who made the decision to collect Social Security numbers from brokers. It was others, not the employee, who allowed Social Security numbers — as well as other personal data — to be transmitted by unsecured e-mail when more secure methods were available. It was others, not the employee, who allocated few staff to the development of a broker training and certification process, making it more likely that mistakes would occur and key tasks would not be accomplished…our findings demonstrate that what occurred was more than “an HR issue” involving one employee. “
As a member of the MNsure Legislative Oversight Committee, I take great care to see to it that this massive health care reform is implemented with your personal data protected at every step of the way. Whether it is the use of drones, or the taking of personal Internet passwords as a requirement of employment, or any other issue that involves your individual rights, I will be there to defend your privacy.