February 13, 1998; City of Grand Rapids
2/13/1998 10:14:43 AM
This is an opinion of the Commissioner of Administration issued pursuant to section 13.072 of Minnesota Statutes, Chapter 13 - the Minnesota Government Data Practices Act. It is based on the facts and information available to the Commissioner as described below.
Facts and Procedural History:For purposes of simplification, the information presented by the person who requested this opinion and the response from the government entity with which the person disagrees are presented in summary form. Copies of the complete submissions are on file at the offices of PIPA and, with the exception of any data classified as not public, are available for public access. On November 10, 1997, PIPA received a letter dated November 3, 1997, from Mitchell Brunfelt, an attorney representing AFSCME Council 65, which represents employees of the Grand Rapids Public Utilities Commission (PUC). In his letter, Mr. Brunfelt requested that the Commissioner issue an opinion regarding possible violations of his clients' rights per Minnesota Statutes Chapter 13. PIPA, on behalf of the Commissioner, wrote to Craig Mattson, Administrator of the City of Grand Rapids, in response to Mr. Brunfelt's request. The purposes of this letter, dated November 12, 1997, were to inform him of Mr. Brunfelt's request and to ask him to provide information or support for the City's position. On November 21, 1997, PIPA received a faxed response, dated same, from Steven Fecker, an attorney representing Grand Rapids. Also on November 21, 1997, PIPA received a fax, dated same, from Mr. Brunfelt. In this letter, Mr. Brunfelt stated that he wished to supplement his original request, and he provided some additional documentation. In the interest of fairness, the Commissioner supplied Mr. Fecker with copies of the additional documents and offered him an opportunity to respond. He did so in a letter dated December 10, 1997. A summary of the facts as presented by Mr. Brunfelt is as follows. He wrote that the PUC's recent adoption of a drug/alcohol testing policy has created some problems; specifically the PUC's use of employees' social security numbers as identifiers. The PUC contracted with a private company, the Minnesota Municipal Utility Association (MMUA) to conduct the tests. Mr. Brunfelt stated, First, the individual employees whose Social Security numbers are being used never authorized the use of their Social Security numbers for that purpose, nor did the Grand Rapids PUC ever request authorization from the individual employees to use their Social Security numbers. He added: Second, when the employees were told by the PUC that their Social Security numbers were going to be used by and released to the private company responsible for administering the drug and alcohol testing policy, the employees were not given the Tennessen Warning which is required by [Chapter 13] before information of this type can be used for any purpose. Further, the PUC did not provide the employees with the notice required by federal law before it collected the Social Security numbers for purposes of administering the drug and alcohol testing policy. Issue:In his request for an opinion, Mr. Brunfelt asked the Commissioner to address the following issue:
Discussion:A government entity's collection, use, and dissemination of an individual's Social Security number is subject to requirements of both state and federal law. In general, federal law provides the following: 1) no federal, state, or local government entity can lawfully deny any individual any right, benefit, or privilege provided by law if that individual refuses to disclose her/his social security number, unless the collection is for the administration of any tax, general public assistance, drivers' license or motor vehicle registration, or is otherwise authorized by federal law; and 2) when asked to provide her/his Social Security number, the individual must be informed of the uses to which the number will be put, and whether the disclosure is voluntary or mandatory. (See Public Law 93-579, Section 7, and 42 U.S.C. 405(c)(2)(C)(i) and (iii).) (For a more detailed discussion of federal and state requirements surrounding the collection of Social Security numbers, see Advisory Opinion 95-007.) Pursuant to state law, Social Security numbers are private data (see Sections 13.43 and 13.49). Therefore, as required by Section 13.04, subdivision 2, when an individual is asked to supply his/her Social Security number, the collecting entity must inform the individual of the following: (a) the purpose and intended use of the requested data within the collecting entity; (b) whether the individual may refuse or is legally required to supply the requested data; (c) any known consequence arising from supplying or refusing to supply private or confidential data; and (d) the identity of other persons or entities authorized by state or federal law to receive the data. This notice requirement is often referred to as a Tennessen Warning. Intertwined with the Tennessen Warning notice is the requirement that the use and dissemination of private and confidential data shall be limited to that necessary for the administration and management of programs specifically authorized by the legislature or local governing body or mandated by the federal government. (See Section 13.05, subdivision 3.) In other words, as the Commissioner has stated in previous advisory opinions, not only must the Tennessen Warning describe which outside entities may be receiving the data, any such disseminations must be necessary for the administration and management of a particular program authorized by federal, state, or local law. If, after the initial collection of private or confidential data, another dissemination of the data is authorized, the entity cannot lawfully disclose those data unless the data subject has given a written informed consent to release the data or unless other provisions of Section 13.05, subdivision 4 apply. (See Section 13.05, subdivision 4, and Minnesota Rules Section 1205.1400 for further information about informed consents.) In his opinion request, Mr. Brunfelt alleged that Social Security numbers were disseminated to the MMUA and Mr. Fecker affirmed this in his response. He wrote, I am now advised that in August, 1995, the Grand Rapids Public Utilities Commission did furnish employee's [sic] social security numbers to the [MMUA] at the time that the GRPUC enrolled in the drug testing consortium administered by MMUA. Employees were not advised at that time that the social security numbers had been provided to MMUA. According to Mr. Fecker, the City did disseminate Social Security numbers of its employees to MMUA. For these disclosures to have been permissible, either of two conditions must have been met: 1) the City had authority to disclose the data and so notified its employees in a Tennessen Warning; or 2) the City obtained informed consents from the employees to release the data. There is a dispute regarding whether the City gave Tennessen Warnings upon collection of the employees' Social Security numbers. Mr. Brunfelt alleged that Tennessen Warnings were not provided. Mr. Fecker asserted that some Social Security numbers were collected prior to August 1, 1975 (effective date of refinements made to the Tennessen Warning requirement), that new employees are given a Tennessen Warning, and that the numbers of many employees were collected before the advent of federally-mandated drug and alcohol testing. Language in Section 13.05, subdivision 4, provides for situations in which private or confidential data were collected prior to enactment of Chapter 13. It states that the data shall not be collected, stored, used, or disseminated for any purposes other than those stated to the individual at the time of the collection except in certain situations. One of those situations is provided for in clause (a) of Section 13.04, subdivision 4, which states that data collected prior August 1, 1975, that have been treated as not public may be used, stored, and disseminated for the purposes for which the data [were] originally collected. Thus, in the case of Social Security numbers collected prior to 1975, because they were not collected as identifiers for a drug/alcohol testing program, the City should not have released the numbers for that purpose without the data subjects having consented to the releases. Mr. Fecker also seemed to suggest that some of the Social Security numbers were collected between 1975 and 1995, after the date referenced in Section 13.05, subdivision 4, but prior to when the drug/alcohol testing began. Section 13.05, subdivision 4, also provides for situations in which a new use for the data arises after the data were originally collected. Clause (b) of Section 13.05, subdivision 4, states that private data may be used and disseminated to individuals or agencies specifically authorized access to those data by state, local, or federal law enacted or promulgated after the collection of the data. However, in the case at hand, there is no law specifically authorizing the dissemination of Social Security numbers to the MMUA. Therefore, the Grand Rapids PUC should have gained informed consents before disseminating Social Security numbers collected between 1975 and 1995 to the MMUA. In cases where Social Security numbers have been collected since 1995, a dissemination of those numbers to the MMUA is lawful only if state or federal law authorizes the MMUA to receive the data, and the Tennessen Warning so notified the individual. If the MMUA is not authorized to receive the data, the City must obtain informed consents prior to releasing the data. The Commissioner is unaware of any statute that authorizes the release of Social Security numbers to drug/alcohol testing companies or organizations. In summation, it appears that even if the City gave Tennessen Warning notices to the employees when their Social Security numbers were collected, those Tennessen Warnings could not have described uses or disseminations of Social Security numbers as identifiers for drug/alcohol testing programs because such uses or disseminations are not authorized by state or federal law. Therefore, before releasing any numbers, the Grand Rapids PUC should have obtained explicit informed consents to release from the employees. To the issue of whether consents were obtained, Mr. Fecker wrote: [G]RPUC has supplied social security numbers only for those employees who were advised that social security numbers were used and who consented by not requesting that an alternative number by used. If a non-consenting employee's social security number has been used in the last several months, it was an isolated, inadvertent administrative or clerical error on the part of GRPUC. [Emphasis added.] Pursuant to Minnesota Rules Section 1205.1400, a valid informed consent is one in which the data subject proactively states in writing that s/he consents that the specified data will be released to the specified entity. Neither documentation submitted nor comments made by Mr. Fecker suggest that the City obtained written informed consents. A consent that is inferred from an employee's act of not requesting the use of an alternative identifier does not meet the requirements of Section 13.05 or Minnesota Rules Section 1205.1400. Opinion:Based on the facts and information provided, my opinion on the issue raised by Mr. Brunfelt is as follows:
Signed: Elaine S. Hansen
Dated: February 13, 1998 |
Data subjects
Educational data
Informed consent
Personnel data
Tennessen warning
Data necessary for administration and management of programs (13.05, subd. 3)
Tennessen distinction
Alcohol and drug test data
Tennessen warning and federal Privacy Act notices required
