Issues:

In his request for an opinion, Mr. Musich asked the Commissioner to address the following issues:

Discussion:

Issue 1

Does School District 1, Minneapolis, have an obligation to provide teaching staff with the Tennessen warning notice detailed in Minnesota Statutes, section 13.04, subdivision 2, concerning the collection and use of teachers' Social Security numbers for purposes of taking student attendance?

A government entity's collection, use, and dissemination of an individual's Social Security number is subject to requirements of both state and federal law. Pursuant to Minnesota Statutes, sections 13.43 and 13.49, Social Security numbers of public employees are private data. When a government entity asks an individual to supply private data about him/herself, such as a Social Security number, the entity is required to give the individual a notice. See section 13.04, subdivision 2. This notice, commonly referred to as the Tennessen warning, must advise the data subject of the following: 1) the purpose and intended use of the requested data within the collecting entity; 2) whether the individual may refuse or is legally required to supply the requested data; 3) any known consequence arising from supplying or refusing to supply the private or confidential data; and 4) the identity of other persons or entities authorized by state or federal law to receive the data.

To evaluate the District's obligations regarding its use and dissemination of Social Security numbers for taking attendance, it is also necessary to review provisions of section 13.05, which provide how a government entity may obtain authority to use private data in a manner which was not included in a Tennessen warning, and which place further restrictions upon the collection and use of private data. Subdivision 4 states that [p]rivate or confidential data on an individual shall not be collected, stored, used, or disseminated...for any purposes other than those stated to the individual at the time of collection in accordance with section 13.04, except as provided in this subdivision.

The exceptions to the requirement that private data may be used and disseminated only as stated to an individual at the time of collection are: (1) the data were collected prior to August 1, 1975 and are used for the originally-stated purpose, or a purpose specifically authorized by the Commissioner; (2) subsequent to the data collection, a state, local or federal law specifically authorizes the use or dissemination; (3) the Commissioner specifically authorizes the use; (4) the individual gives her/his informed consent; or (5) the data may be discussed at a meeting open to the public to the extent provided in Chapter 13D.

Section 13.05, subdivision 3, further limits a government entity's collection of all data, and the use of private and confidential data, to ...that necessary for the administration and management of programs specifically authorized by the legislature or local governing body or mandated by the federal government. If the collection or use is necessary, and the data are private or confidential, then the entity must give the individual a Tennessen warning. When the provisions of sections 13.04 and 13.05 are read together, it is clear that a government entity may use and disseminate private data only as stated to an individual at the time of collection, unless one of the exceptions noted above applies. If the entity fails to give a Tennessen warning, then the data may not be used for any purpose.

Therefore, in order for the District to have implemented an attendance-taking system which relies upon the use of private data, i.e. teacher Social Security numbers, it was obligated first to determine that it had authority to do so, and then to assure it established procedures to exercise that authority properly, in accordance with the requirements contained in Sections 13.04 and 13.05.

In her comments, Ms. Westin argued that the District is not required to give Mr. Musich a Tennessen warning notice because the District is not asking him to supply his social security number. She wrote:

The District is not asking Mr. Musich to supply his social security number when Mr. Musich logs on to the attendance system. The attendance system is part of the District's computerized records management system that uses Mr. Musich's user name to match him to the student rosters for the courses he teaches. His user name has been in the system since it was introduced in 1990. Beginning in 1990, employees who use the system are informed about the function of their user name as a way for the system to match the user to the data to which the user may have access. Mr. Musich's user name does not appear on any reports and is not transmitted to any place outside of the District's network.

The Commissioner disagrees with Ms. Westin's assertion that Mr. Musich was not asked to supply his Social Security number. Although Chapter 13 does not contain a definition of supply, the American Heritage College Dictionary, Third Edition, Houghton Mifflin Company, 1997, defines supply as to make available for use; provide. Each time Mr. Musich has to log onto the computer system, he is required to provide the system with his Social Security number, which is private data. Thus, the District is required to provide Mr. Musich with a Tennessen warning notice. This notice requirement has been in effect since 1974. In Advisory Opinion 97-032, the Commissioner discussed the practical operation of the notice:

Pursuant to Section 13.04, when an individual is asked by a government entity to supply private or confidential data about her/himself, the entity is required to provide a Tennessen Warning notice. Does this mean that each time the same data are collected from an individual, the entity must provide a Tennessen notice? On this question, it is the Commissioner's position that if an entity is collecting the same data from time to time, it is appropriate for the entity to administer one Tennessen Warning notice that, for instance, might cover all similar collections of data for a stated time period. Thus, if a Tennessen Warning notice was previously given, a second Tennessen Warning might not be necessary if the data being collected were not new and there were no changes relating to the other elements of the Tennessen Warning notice.

If Mr. Musich became an employee after 1974, the District was required to give him a Tennessen warning notice when it initially collected his Social Security number. In that notice, the District was required to inform Mr. Musich of the following: 1) the purpose and intended use of his Social Security number within the District; 2) whether he could refuse or was legally required to supply his Social Security number; 3) any known consequence arising from supplying or refusing to supply his Social Security number; and 4) the identity of other persons or entities authorized by state or federal law to receive his Social Security number.

The Commissioner does not know for certain if or what kind of Tennessen warning notice the District provided to Mr. Musich. Mr. Musich wrote, I was not given a Tennessen warning informing me that my social security number was being used in such a manner. Ms. Westin stated that beginning in 1990, employees who use the system are informed about the function of their user name as a way for the system to match the user to the data to which the user may have access. Ms. Westin, however, did not describe this notification as a Tennessen warning, nor did she provide any details that describe what, when, and how the District has been advising its employees. Presumably, if the District had given Mr. Musich a Tennessen warning notice, Ms. Westin would have so stated.

Thus, it is the Commissioner's opinion that School District 1, Minneapolis, does have an obligation to provide teaching staff with the Tennessen warning notice concerning the collection and use of teachers' Social Security numbers for purposes of taking student attendance. The District was required to give Mr. Musich a notice when it initially collected his number and was required to obtain consent if, at any time thereafter, circumstances changed how the District was using the number or to whom it was disseminating the number.

The Commissioner is obligated to note that in recent years, three court cases have called into question the Chapter 13 requirement that government entities give Tennessen warning notices to employees. In the first case, Edina Education Association v. Board of Education of Independent SchooI District 273, 562 N.W.2d 306 (Minn. App. 1997), the court held:

A public employee's description of an incident that occurred during the course and scope of her employment is not private data concerning the employee as an individual under [Chapter 13], and a public employer attempting to determine the facts of an incident is not required to give a 'Tennessen' warning before requesting the employee's description of the incident.

Given the very specific facts of this case, the Commissioner can understand how the court arrived at its conclusion.

However, the Commissioner is particularly troubled by the other two decisions and believes the Court may have misread the Edina Education Association case. In Washington v.Independent School District No. 625, 590 N.W.2d 655 (Minn. App. 1999), the court stated that because the employee was not asked to supply private or confidential information, s/he was not entitled to a Tennessen Warning. In Kobluk v. University of Minnesota, 613 N.W.2d 425 (Minn. App. 2000), the Court, relying on Edina and Washington, broadened the holding to say that Chapter 13 does not require an employer to give an employee a Tennessen warning before obtaining information from the employee about incidents that occur within the course and scope of employment. Other than references to the Edina and Washington cases, the Court presented little logic to explain why the collection of private or confidential data from employees should be exempt from the provisions of section 13.04, subdivision 2.

Although the Commissioner acknowledges these decisions, he cannot ignore the plain words of Chapter 13 that clearly require a government entity to give Tennessen warning notices when the entity collects private and/or confidential data. As a matter of fact, legislation that would have exempted public employers from giving Tennessen warnings was introduced in the 1999/2000 legislative session; it was not adopted. The Commissioner intends to raise these issues during the next legislative session.

Issue 2

Does the District have an obligation to provide teaching staff with the notice requirement stated in the Privacy Act of 1974 (5 U.S.C. 552a, note) concerning the collection and use of teachers' Social Security numbers for purposes of taking student attendance?

As discussed above in regard to Issue 1, when a government entity collects Social Security numbers, there are also federal law implications. The federal Privacy Act of 1974 requires federal, state, and local government entities requesting Social Security numbers to provide the following information: 1) whether the disclosure is mandatory or voluntary; 2) how the entity will use the number; and 3) under what statutory or other authority the entity is requesting the number. See section 7 (b) (found at 5 U.S.C. section 552a note (Disclosure of Social Security number)).

Further, federal law provides that federal, state, and local government agencies cannot deny any rights, privileges or benefits to individuals who refuse to provide their Social Security numbers unless the disclosure is required or authorized by federal statute, or the disclosure is to an agency for use in a record system which required the Social Security number before 1975. See section 7 of the Privacy Act. In addition, federal law expressly exempts state agencies from this restriction to the extent that Social Security numbers are used in the administration of any tax, general public assistance, driver's license, or motor vehicle registration law within its jurisdiction. See Tax Reform Act of 1976, 42 U.S.C. section 405(c)(2)(C)(i), (iv) (1994 Supp. III 1997).

The Commissioner addressed the issue of Social Security numbers being used as part of a registration system in Advisory Opinion 95-007:

It appears, in the absence of evidence to the contrary, that BSU has implemented a student registration system which is dependent upon faculty and student Social Security numbers for its operation. It appears that BSU's practice amounts to a mandatory requirement that faculty and students provide their Social Security numbers for this purpose. There does not appear to be authority within the language of Public Law 93-579, the Privacy Act of 1974, or the 1976 amendment to the Social Security Act noted above, for BSU to do so.

In addition, Public Law 93-579, Section 7 (b) clearly imposes upon state and local government agencies an affirmative obligation to apprise individuals who have been asked to supply their Social Security numbers of certain information. In particular, individuals must be informed of the uses to which the number will be put, and whether the disclosure is voluntary or mandatory. This notice must be given whenever the government entity requests that an individual provide her/his Social Security number; the obligation contained in this Section is not qualified in any way. As a state government entity, BSU has an affirmative obligation, pursuant to state and federal law, to provide proper notice to individuals from whom it requests Social Security numbers, and has had this obligation for more than twenty years.

In her comments, Ms. Westin again argued that when Mr. Musich must enter his Social Security number he is not disclosing it because the number is and has been in the system. The Commissioner disagrees with this analysis. Each time Mr. Musich must type in his Social Security number, the District is, in essence, asking him to disclose the number. Therefore, the District is required to provide Mr. Musich with the federal notice. In his opinion request, Mr. Musich makes no mention of having received a federal notice. Ms. Westin, in her comments, makes no mention of the District having ever provided Mr. Musich with a notice.

It appears the District has implemented an attendance-taking system which is dependent upon teachers providing their Social Security numbers. However, there does not appear to be federal authority to do so. Thus, the District cannot deny Mr. Musich any right, benefit, or privilege if he refuses to supply his Social Security number. Arguably, the District is denying Mr. Musich a privilege because he now must:

...run to the attendance office three times and back to my classroom unlike those who are using the system. I do not have immediate access to information others who are using the system do like examining a particular student's attendance for a pattern of problems, and I cannot print out attendance records like teachers using the new system can.

Finally, the Commissioner would like to make a few comments about why the use of the Social Security number as an identifier and password is of concern.

In her comments, Ms. Westin acknowledged that District employees have raised concerns about identity theft. She stated, [The District] was taking steps to assign new, random numbers to the system's users and reprogram the system to accommodate the new numbers, but the District no longer has the resources to move ahead with that project at this time.

Advisory Opinion 95-007 was issued in 1995:

The impetus for government entities to employ the Social Security number as a universal identifier is increasing. Both the Minnesota Legislature and the U.S. Congress have addressed in statute and law their concerns in this regard, and their intention that individuals be able to make informed decisions when asked to disclose their Social Security numbers to agents of government. Therefore, it is incumbent upon any Minnesota government entity, when contemplating the use of the Social Security number as a unique identifier, as a security access code, or for other purposes, to address the requirements of the federal Privacy Act of 1974, and the Legislature's classification of Social Security numbers as private data.

It is now 2002 and the crime of identity theft is rapidly increasing. Every story and article published about preventing this crime urges its reader to keep very close tabs on his/her Social Security number. Further, most articles advise readers not to use their Social Security numbers as passwords. Given this, the Commissioner reiterates that it is incumbent upon any government entity, when contemplating the use of the Social Security number as a unique identifier, as a security access code, or for other purposes, to adhere to the requirements set forth in state and federal law. The Commissioner goes further in urging government entities to migrate existing systems from a reliance on Social Security numbers to random identification numbers.

Opinion:

Based on the facts and information provided, my opinion on the issue Mr. Musich raised is follows:

Signed:

David F. Fisher
Commissioner

Dated: April 5, 2002