August 9, 1999; University of Minnesota
8/9/1999 10:14:43 AM
This is an opinion of the Commissioner of Administration issued pursuant to section 13.072 of Minnesota Statutes, Chapter 13 - the Minnesota Government Data Practices Act. It is based on the facts and information available to the Commissioner as described below.
Facts and Procedural History:For purposes of simplification, the information presented by the person who requested this opinion and the response from the government entity with which the person disagrees are presented in summary form. Copies of the complete submissions are on file at the offices of IPA and, except for any data classified as not public, are available for public access. On June 14, 1999, IPA received a letter dated May 26, 1999, from Gary Schiff. In his letter, Mr. Schiff requested that the Commissioner issue an advisory opinion regarding a potential inappropriate dissemination of data maintained by the University of Minnesota. IPA, on behalf of the Commissioner, wrote to Tracy Smith, Associate General Counsel of the University, in response to Mr. Schiff's request. The purposes of this letter, dated June 16, 1999, were to inform her of Mr. Schiff's request and to ask her to provide information or support for the University's position. On July 9, 1999, IPA received a response, dated July 7, 1999, from Ms. Smith. A summary of the facts as presented by Mr. Schiff is as follows. Mr. Schiff is an undergraduate advisor at the University of Minnesota. He stated that he recently attended an introductory training seminar for University personnel regarding the University's development of a new central database. Mr. Schiff wrote, The PeopleSoft system will soon consolidate over 800,000 records from over 30 University offices - mostly student service offices. At that training I was informed that the University's human resources database will also be integrated. Mr. Schiff further wrote: By entering the name of a staff member or student, I was told that users (hundreds and possibly thousands of University of Minnesota staff and student employees) will access a main view-screen that provides demographic information about the student or employee they are seeking information about. The view-screen includes information such as student identification number, birthday, home address, phone numbers, race, marital status, gender, veteran status and social security number. As an advisor to an academic department, I will have access to the system so that I may verify students' status and academic records. As an employee, my social security number and other personnel data will be in the system and easily seen by anyone else. Mr. Schiff added that if he were to enter a name, such as Mark Yudof, he would be able to access President Yudof's social security number. He stated: As a low-level employee, I have no reason to know Mark Yudof's social security number (nor that of any employee) should I need to use the system. Likewise, I am concerned that my social security number will be available to other employees at the University who have no need to know it and that the numbers could be easily stolen for illegal purposes. Issue:In his request for an opinion, Mr. Schiff asked the Commissioner to address the following issue:
Discussion:A government entity's collection, use, and dissemination of an individual's Social Security number is subject to requirements of both state and federal law. Pursuant to Minnesota Statutes, section 13.49, Social Security numbers are private data. When a government entity asks an individual, like Mr. Schiff, to supply private data, such as his Social Security number, the entity is required to give the individual a notice. This notice, commonly referred to as the Tennessen Warning, must advise the data subject of the following: 1) the purpose and intended use of the requested data within the collecting entity; 2) whether the individual may refuse or is legally required to supply the requested data; 3) any known consequence arising from supplying or refusing to supply private or confidential data; and 4) the identity of other persons or entities authorized by state or federal law to receive the data. Further, the federal Privacy Act of 1974 requires a government entity to provide a disclosure statement when the entity asks an individual to supply his/her Social Security number. In this statement, the government entity must explain how the Social Security number will be used, whether providing the information is mandatory or voluntary, and under what statutory or other authority the number is being requested. (See 5 USC 552a, (note).) The only way, therefore, to answer Mr. Schiff's question is to determine whether the University's plan for using the data in the new database is consistent with what it communicated to Mr. Schiff via the Tennessen Warning and federal Privacy Act notice. Ms. Smith's response to the Commissioner focuses primarily on which University employees will have access to the database. She wrote that authorized users must have both departmental and central approval for access, that approval is dependent upon the employees' job duties, and that authorized employees are personnel who perform human resource and student services functions. Ms. Smith added that by University policy, authorized users are granted access to the database only to facilitate their job activities and that users must agree to abide by all relevant policies, as well as federal, state, and local laws in using the system. She also stated that over 80 security profiles exist within the database, meaning that authorized users have varying levels of access to private data depending on their security clearance. Although Ms. Smith's response demonstrates that the University takes seriously its obligations under section 13.05 (safeguard private data) and Minnesota Rules, subpart 1205.0400 (restrict access to private data to those employees whose work assignments reasonably require access), she did not comment on the Tennessen Warning issue. The Commissioner does not know, therefore, what the University communicated to Mr. Schiff, at the time he was first asked to provide his Social Security number, regarding how it would use his Social Security number. Without this information, the Commissioner cannot determine whether Mr. Schiff's Chapter 13 or federal Privacy Act rights will be violated if, and under what circumstances, other University employees gain access to his Social Security number. Opinion:Based on the facts and information provided, my opinion on the issue raised by Mr. Schiff is as follows:
Signed:
David F. Fisher
Dated: August 9, 1999 |
Data subjects
Personnel data
Tennessen warning
Work assignment requires access
Tennessen warning and federal Privacy Act notices required
