Facts and Procedural History:

On January 28, 2010, the Information Policy Analysis Division (IPAD) received a letter dated January 26, 2010, from Isaac Kaufman, on behalf of Law Enforcement Labor Services, Inc. In his letter, Mr. Kaufman asked the Commissioner to issue an advisory opinion as to whether the Ramsey County Sheriff's Office inappropriately disseminated data to the Minnesota Department of Public Safety (DPS). IPAD requested additional information, which Mr. Kaufman provided on March 8 and March 15, 2010.

IPAD, on behalf of the Commissioner, wrote to Ramsey County Sheriff Bob Fletcher, in response to Mr. Kaufman's request. The purposes of this letter, dated March 19, 2010, were to inform him of Mr. Kaufman's request and to ask him to provide information or support for the Sheriff's Office's position. On April 9, 2010, IPAD received a response, dated April 7, 2010, from David Metusalem, Chief Deputy, Ramsey County Sheriff's Office.

In a letter dated March 19, 2010, IPAD invited DPS to provide comments. On April 16, 2010, IPAD received comments from E. Joseph Newton, General Counsel for DPS.

A summary of the facts as Mr. Kaufman provided them is as follows. In his opinion request, Mr. Kaufman wrote:

a Ramsey County [employee] was interviewed as part of an Internal Affairs investigation. It was alleged that this [employee] had accessed the [Minnesota Department of Public Safety's Division of Driver and Vehicle Services (DVS)] database for non-law enforcement purposes.

At the outset of the interview, the [employee] was shown a document entitled, "Advisement Prior to a Formal Statement," which [the employee] reviewed and signed. The Advisement included [a] Tennessen warning

The Advisement contained no warning that the information collected during the interview might be disclosed to DVS ...

[Approximately six weeks later] the County sustained disciplinary charges against [the employee]. [Law Enforcement Labor Services, Inc.] immediately filed a grievance. The grievance is currently pending, and there has been no final disposition of the disciplinary action under Minn. Stat. section 13.43, Subd. 2(b).

Mr. Kaufman wrote that approximately one month later, the County investigator sent a letter to DVS. The letter outlined the complaint made against the employee, discussed database reports, explained the disciplinary action the Sheriff's Office took, and included information apparently from the employee during the interview.

Mr. Kaufman provided the Commissioner with a copy of the document the employee signed, as well as a copy of the letter the Sheriff's Office sent to DVS.

Issue:

Discussion:

Data about employees are classified pursuant to Minnesota Statutes, section 13.43. Certain data about employees are public (section 13.43, subdivision 2), and certain data are private (section 13.43, subdivision 4). Private data are accessible to the data subject but not to the public (section 13.02, subdivision 12).

When a government entity collects private or confidential data about an individual from that individual, the entity must provide a notice, commonly referred to as a Tennessen warning. (Minnesota Statutes, section 13.04, subdivision 2.) This notice must contain the following: (1) the purpose and intended use of the data; in other words, why the entity is collecting the data and how it will use the data; (2) whether the individual can refuse or is legally required to provide the requested data; (3) what the consequences are of supplying or not supplying the data; and (4) the identity of other persons or entities authorized by state or federal law to receive the data.

A government entity can disseminate private data to another government entity only in certain situations, one of which is when statutory authority exists for the sharing. In situations when the entity obtained the private data from the data subject and was required to give a Tennessen notice, the entity must have statutory authority to share the data and must have listed the outside entity in the notice as an entity that has authority to receive the data. (Sections 13.04, subdivision 2, and 13.05, subdivision 4.)

Mr. Kaufman's question is whether the Sheriff's Office inappropriately disseminated private data about the employee to DPS. The data in question include the nature of the discipline, details about the complaint, database reports, and information the employee apparently provided to the Sheriff's Office regarding his/her actions. Of these data, it is only the information the investigator asked the employee to provide about her/himself that would have required the Sheriff's Office to provide a Tennessen warning notice.

Mr. Metusalem provided limited comments to the Commissioner. He stated, "The individual and [his/her] actions which are the topic of the correspondence that Mr. Kaufman would like evaluated are the subject of an open criminal investigation and on-going administrative inquiry." Mr. Metusalem did not explain the Sheriff's Office's decision to disclose the data to DPS.

Based on the information Mr. Kaufman provided, the Sheriff's Office began an administrative investigation into the employee's alleged misuse of the DVS database. As part of the investigation, which Mr. Kaufman characterized as "an Internal Affairs investigation," the employee was interviewed. At the outset of the interview, the employee reviewed and signed an "Advisement" that states, among other things, "You are being questioned as part of an official Ramsey County Sheriff's Department administrative investigation" and "The disclosure of any internal affairs file information to anyone investigating or considering criminal charges is prohibited."

Mr. Kaufman asserts that the Advisement the employee signed included a Tennessen notice. Mr. Metusalem did not comment on the Advisement document itself or the issue of the Tennessen notice. Thus, the Commissioner assumes that the statements in the Advisement do constitute the Tennessen notice the Sheriff's Office gave the employee. Upon review, the Advisement neither explains to the employee that the data collected from him/her will be disseminated to DPS nor explains that the Sheriff's Office might use the data as part of its own criminal investigation.

One statutory provision that allows the Sheriff's Office to disseminate private personnel data to DPS is Minnesota Statutes, section 13.43, subdivision 15, which states that private personnel data can be disseminated to a law enforcement agency "for the purpose of reporting a crime or alleged crime committed by an employee, or for the purpose of assisting law enforcement in the investigation of a crime committed or allegedly committed by an employee."

DPS is responsible for the DVS database. Mr. Newton noted in his comments to the Commissioner that the misuse of the database is a crime. Thus, for DPS to determine whether a crime has occurred or for DPS to conduct its own criminal investigation, DPS would need to have access to some of the data the Sheriff's Office collected as part of the employee investigation. Ordinarily, the Sheriff's Office can disseminate any relevant private personnel data to DPS per section 13.43, subdivision 15. However, in this situation, pursuant to section 13.05, subdivision 4, the Sheriff's Office could not have disseminated to DPS any of the data collected from the employee about the employee because DPS is not listed in the Advisement as one of the outside entities authorized to access those data.

Mr. Newton raised the issue that if the data in question are classified as not public active criminal investigative data (Minnesota Statutes, section 13.82, subdivision 7), then the Sheriff's Office also had the authority to share the data with DPS pursuant to section 13.82, subdivision 15. As noted above, Mr. Metusalem stated that there is an active criminal investigation; he did not provide any information as to the point in time when an active criminal investigation commenced. Based on the information Mr. Kaufman provided, the Sheriff's Office conducted the initial interview with the employee before it opened an active criminal investigation. Thus, the data collected from the employee are private personnel data, and are classified under section 13.43.

A government entity is limited in how it can use private data within its own entity and who can gain access to the data. Pursuant to Minnesota Rules 1205.0400, subpart 2, private data are available to individuals "within the entity whose work assignments reasonably require access." Further, in a situation in which the collection of private data required the entity to give the data subject a Tennessen notice, the entity can use the data only in the ways it described in the notice. (Minnesota Statutes, sections 13.04, subdivision 2, and 13.05, subdivision 4.)

When the Sheriff's Office collected private personnel data about the employee from the employee, it was required to provide a Tennessen notice. The notice should have explained that the Sheriff's Office might be using the data in a criminal investigation. It did not; therefore, the Sheriff's Office was not able to use those data in its criminal investigation.

Accordingly, the Sheriff's Office could have used the data not subject to the limitations stated to the employee in the Tennessen notice in its criminal investigation, i.e., information from database reports, the type of disciplinary action the Sheriff's Office took, and details of the complaint. The Sheriff's Office then could share with DPS those data pursuant to section 13.82, subdivision 15. However, the Sheriff's Office could not use or share with DPS, in connection with a criminal investigation, the private personnel data it collected from the employee, about the employee, because it didn't tell her/him it could do so in the Tennessen notice.

Finally, it is important to point out that complicated issues can arise when a government entity that is conducting an investigation into employee misconduct is both the employer and a law enforcement agency, as is the case here. Classification of the data depends upon whether the investigation begins as a personnel investigation (section 13.43 classifies data and Tennessen notice required) or as a criminal investigation (section 13.82 classifies data and Tennessen notice not required - section 13.04, subdivision 2). Here, based on the information provided by Mr. Kaufman, the data in question stem from a personnel investigation.

Opinion:

Signed:

Sheila M. Reger
Commissioner

Dated: May 4, 2010